Network EXEs and Sockets
Forgive me if I'm posting this in the wrong place, but I believe this is a security setting.
Since Vista was released (this includes Vista, Win7, Win2008 R1/R2), I've had trouble running EXEs on network shares that open connections to other servers. For example, SendEmail.exe doesn't work if run from a network location if I target an SMTP
server other than localhost. I'm trying to find out if I can disable the security "feature" that is blocking outbound connections from being opened by an EXE run from a network location. In an attempt to troubleshoot further, I enabled
the Microsoft-Windows-Winsock Network Event/Operational log.
The error that is logged when the outbound connection is block is shown below.
Log Name: Microsoft-Windows-Winsock-AFD/Operational
Source: Microsoft-Windows-Winsock-AFD
Date: 7/19/2010 8:20:47 PM
Event ID: 1000
Task Category: (1000)
Level: Error
Keywords: Winsock initiated event,Stream socket
User: #####REMOVED#####
Computer: #####REMOVED#####
Description:
socket: 1: Process 0xfffffa8005942800 (0x1760), Endpoint 0xfffffa8004a60c20, Family 0, Type 0, Protocol 0, Seq 1011, Status 0xC0000225
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Winsock-AFD" Guid="{E53C6823-7BB8-44BB-90DC-3F86090D48A6}" />
<EventID>1000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>1000</Task>
<Opcode>10</Opcode>
<Keywords>0x8000000000000006</Keywords>
<TimeCreated SystemTime="2010-07-20T01:20:47.224817600Z" />
<EventRecordID>386</EventRecordID>
<Correlation ActivityID="{04A60C20-FA80-FFFF-0000-000000000000}" />
<Execution ProcessID="5984" ThreadID="3384" />
<Channel>Microsoft-Windows-Winsock-AFD/Operational</Channel>
<Computer>#####REMOVED#####</Computer>
<Security UserID="#####REMOVED#####" />
</System>
<EventData>
<Data Name="EnterExit">1</Data>
<Data Name="Location">1011</Data>
<Data Name="Process">0xfffffa8005942800</Data>
<Data Name="Endpoint">0xfffffa8004a60c20</Data>
<Data Name="AddressFamily">0</Data>
<Data Name="SocketType">0</Data>
<Data Name="Protocol">0</Data>
<Data Name="ProcessId">0x1760</Data>
<Data Name="Status">3221226021</Data>
</EventData>
</Event>
July 20th, 2010 4:35am
disable the firewall on the Vista computer and the target servers.
Free Windows Admin Tool Kit Click here and download it now
July 20th, 2010 7:18am
The firewall is already disabled. Also, it works if I copy the EXE locally and run it. It doesn't work if I run it from a network location.
July 21st, 2010 9:42pm
I have this problem when running from a Win2008 R2 server as well as Vista PC and Win7 PC.
Free Windows Admin Tool Kit Click here and download it now
July 21st, 2010 10:00pm