Previous Topic: Configure Windows Agentless Endpoints for SAMNext Topic: How to Configure a Windows Firewall for SAM


Firewall Configuration on Windows Agentless Endpoints

Valid on Windows Server 2008 and Windows 7 Enterprise

The SAM Windows Agentless connector uses port 135 (the DCOM port) to connect to Windows Agentless endpoints. After the connector connects to the endpoint, it uses a dynamic port (above 1000) for communication with the WMI (Windows Management Instrumentation) service.

If the Windows firewall is enabled on a Windows Agentless endpoint, the firewall can block both the connection to port 135 and the dynamic port. If the Windows firewall blocks these connections, the Enterprise Management Server cannot communicate with the endpoint. Therefore, you cannot create Windows Agentless endpoints or cannot discover service accounts and scheduled tasks on the endpoint.

Configure the firewall so that the SAM Windows Agentless connector can connect to the endpoint. When you configure the firewall, open port 135 and specify that the firewall permits any traffic arriving to the WMI service from dynamic RPC ports.

Allow the following applications or features through the Windows firewall in the Control Panel:

Enable the following inbound firewall rules in the Advanced Configuration:

More information:

How to Configure a Windows Firewall for SAM