none
Remotely managing Windows Firewall on Server Core gives access denied (error 0x5)

    Pergunta

  • Hi everyone,

    I'm setting up a server running Server Core 2008 R2 and I already configured everything on this server such as the roles, features and remote administration by MMC. However, I'm having trouble to enable Windows Firewall remote administration on this one.

    Since this will be a DNS server in a split configuration, I can't join this server to the domain (my domain has the same private name as in the Internet). To workaround this issue, I'm remotely managing this server (from a domain computer) using the MMC snap-ins along with the cmdkey command, just like this:

    cmdkey /add:<server> /user:<server>\<admin account> /pass

    When I start the Windows Firewall snap-in, I get the following error:

    You do not have the correct permissions to open the Windows Firewall with Advanced Security console. You must be a member of the Administrators group or the Network Operators group to perform this task. For more information, contact you system administrator. Error code: 0x5.

    I already enabled Windows Firewall on the server through netsh, using the commands bellow:

    netsh advfirewall firewall set rule group="remote administration" new enable=yes
    netsh advfirewall firewall set rule group="windows firewall remote management" new enable=yes
    netsh advfirewall set currentprofile settings remotemanagement enable

    I also tried disabling Windows Firewall with the command bellow and also didn't helped:
    netsh advfirewall set allprofiles state off

    I don't know if this would make the difference, but just in case, this server got two NICs, one faced to the Internet and the other to our domain (just for administrative purposes).

    I really appreciate any help with this trouble.
    quarta-feira, 17 de fevereiro de 2010 20:53

Respostas

Todas as Respostas

  • Hi

    I am getting the same error message with Hyper-V Server 2008 R2. I'm using Vista SP2 32-bit to connect. The firewall on the server is disabled.

    Other snap-ins like Group Policy, Computer Management, Event Log, Device Manager, WMI Control and Hyper-V Manager are fully working but the Windows Firewall with Advanced Security snap-in fails with the error code 0x5.

    Have been googling for hours on this, couldn't find anything to solve this...

    What needs to be done in order to get also the firewall snap-in to work? Does anyone know..?

    domingo, 21 de fevereiro de 2010 21:30
  • Hi,

     

    General speaking, we add both the remote computer and the client computer into the same domain if we want to use MMC to manage the remote computer. You will encounter some security issue if they are in the same workgroup instead of the same domain.

     

    The following guide may helps, you can refer to:

     

    Configuring the Firewall for Remote Management of a Workgroup Server Core installation

    http://blogs.technet.com/server_core/archive/2008/01/14/configuring-the-firewall-for-remote-management-of-a-workgroup-server-core-installation.aspx

     

     

    Best Regards,

    Vincent Hu

     

    quarta-feira, 24 de fevereiro de 2010 09:32

  • Hi Alecoq,

    I don't know if this is a late reply but I myself have been wondering around to fix issues like this.  I have tried several options and this one worked for me from a vista client as well as windows 7 client.  All I have currently in server core r2 box is the Administrator account.  My server and all other clients are on the same workgroup.  I usually have a different account setup on my clients to work on them.  Although these accounts were member of Administrators group I could not connect to the server core "Windows Firewall with Advanced Security" mmc snap in.  When I enabled the administrator account in the clients with net user administrator on and logged in with the enabled administrator it still gave me the same error message.  What the heck?  The error message made no sense as this user is a member of the administrators group.  After that I changed the Administrator's password (on the client) to match the Administrator's password (remember it has to be the same name) on the server core. 

    Now as lots of the members from MS Server core team say that the two boxes have to be members of the domain, it really doesn't.  We need more testing!!!

    Try to connect to the server core with the same user name and password and same workgroup.  (I haven't tried domain yet because I want to run AD in one of the hyper-v clients on this box).  If you still face some problems try to disable firewall with the following command on the server core:

    netsh advfirewall set currentprofile state off


    Try the Windows Firewall with Advanced Security snap in again see if you can connect.  This method has worked for me so far. 

    -vinod
    sábado, 6 de março de 2010 17:51

  • Hi Alecoq,

    I don't know if this is a late reply but I myself have been wondering around to fix issues like this.  I have tried several options and this one worked for me from a vista client as well as windows 7 client.  All I have currently in server core r2 box is the Administrator account.  My server and all other clients are on the same workgroup.  I usually have a different account setup on my clients to work on them.  Although these accounts were member of Administrators group I could not connect to the server core "Windows Firewall with Advanced Security" mmc snap in.  When I enabled the administrator account in the clients with net user administrator on and logged in with the enabled administrator it still gave me the same error message.  What the heck?  The error message made no sense as this user is a member of the administrators group.  After that I changed the Administrator's password (on the client) to match the Administrator's password (remember it has to be the same name) on the server core. 

    Now as lots of the members from MS Server core team say that the two boxes have to be members of the domain, it really doesn't.  We need more testing!!!

    Try to connect to the server core with the same user name and password and same workgroup.  (I haven't tried domain yet because I want to run AD in one of the hyper-v clients on this box).  If you still face some problems try to disable firewall with the following command on the server core:

    netsh advfirewall set currentprofile state off


    Try the Windows Firewall with Advanced Security snap in again see if you can connect.  This method has worked for me so far. 

    -vinod

    thank you, it's works for me too.
    domingo, 22 de maio de 2011 07:06
  • Thank you for your help fixed my problem.  What a annoying bug!
    domingo, 26 de fevereiro de 2012 04:59