SCOM 1801 - Windows Server 2008 Alert: Server Service: File and Printer Sharing Ports Blocked RRS feed

  • Question

  • Hi,

    some of my Windows Server 2008 R2 computers throw an alert from the Server Service: Firewall Status monitor saying "Server Service: File and Printer Sharing Ports Blocked".

    Looking at these servers shows the firewall active and relevant ports inbound allowed for all profiles.

    Any idea?

    SCOM is 1801 on Win2016 and Server Service (SMB) management pack for 2008 R2 is version 6.0.6600.0.

    Kind regards!

    Tuesday, August 28, 2018 7:01 PM

All replies

  • Hi COWegner,


    This monitor can enter a Critical health state for the following reasons:

    • The Windows Firewall is not running.

    • Firewall rules for File and Printer Sharing targeting TCP port 445 or 139 are disabled.

    If the health state is unknown, it means that monitoring has not yet begun for this object.


    Determine if Windows Firewall is enabled

    To determine if Windows Firewall is enabled, use the following procedure:

    1. At an elevated command prompt on the affected server, type: sc query mpssvc and press ENTER.

    2. If the firewall is not running, type the following command: net start mpssvc.

    Determine if port firewall rules are enabled

    To determine if the firewall rules for the ports are enabled, use the following procedure:

    1. Open the Control Panel on the affected server, click System and Security, and then click Windows Firewall.

    2. In the left pane, click Advanced Settings and then click Inbound Rules.

    3. Check whether the following rules are enabled and the Action is Allow:

    • File and Printer Sharing (NB-Session-In)

    • File and Printer Sharing (SMB-In)

    4. If the firewall rules are not enabled, click the rule, and on the Action menu, click Enable Rule.

    This monitor automatically resets to a Healthy state after you resolve the issue.

    Reference: http://mpwiki.viacode.com/default.aspx?g=posts&t=123853

    Best regards,


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Edited by Yuxiang Shi Wednesday, August 29, 2018 2:01 AM
    Wednesday, August 29, 2018 2:00 AM
  • Hello Yuxiang,

    thanks for your reply. But as I said, "Looking at these servers shows the firewall active and relevant ports inbound allowed for all profiles."

    I meant: I already did what you proposed. Still the the servers show this error. I also tried to reset monitor's health and even uninstall and reinstall the agent on one of these servers. The alert keeps on popping up.

    Kind regards,


    Wednesday, August 29, 2018 6:45 AM
  • 1) Please run this vbscript on problematic machine, which is the exactly script running by firewall status monitor, to see whether it return "enabled" or not.
                Option Explicit
                Dim oArgs
                Dim serverName
                serverName = "."
                ' NET_FW_PROFILE_TYPE2
                Const NET_FW_PROFILE2_DOMAIN    = &h0001
                Const NET_FW_PROFILE2_PRIVATE   = &h0002
                Const NET_FW_PROFILE2_PUBLIC    = &h0004
                Const NET_FW_IP_PROTOCOL_TCP    = &h0006
                ' Create the FwPolicy2 object
                Dim fwPolicy2
                Set fwPolicy2 = CreateObject("HNetCfg.FwPolicy2")
                Dim fwCurrentProfile, fwCheckProfile
                fwCurrentProfile = fwPolicy2.CurrentProfileTypes
                fwCheckProfile = fwCurrentProfile And (NET_FW_PROFILE2_DOMAIN Or NET_FW_PROFILE2_PRIVATE)
                Dim fwFileSharingPortsEnabled
                fwFileSharingPortsEnabled ="False"
                Dim rule
                For Each rule in fwPolicy2.Rules
                If (rule.Protocol = NET_FW_IP_PROTOCOL_TCP) And (rule.LocalPorts = "445") Then
                If (Not rule.Enabled) And (rule.Profiles And fwCheckProfile )  Then
                fwFileSharingPortsEnabled = "True"
                Exit For
                End If
                End If
                Dim regularShareExist, objWMIService, colShares, objShare
                regularShareExist = "False"
                Set objWMIService = GetObject("winmgmts:" _
                & "{impersonationLevel=impersonate}!\\" & serverName & "\root\microsoft\windows\smb")
                Set colShares = objWMIService.ExecQuery("Select * from MSFT_SmbShare")
                For each objShare in colShares
                If objShare.Special = "False" Then
                regularShareExist = "True"
                Exit For
                End If
                Dim portStatus
                portStatus = "Disabled"
                ' Only if regular share exists and port 139/445 are not open will portStatus be returned as "Disabled"
                If fwFileSharingPortsEnabled = "True" Then
                portStatus = "Enabled"
                If regularShareExist = "False" Then
                portStatus = "Enabled"
                End If
                End If
         msgbox portStatus
    2) check default action account whether it has right to read policy and wmi
    Wednesday, August 29, 2018 7:31 AM
  • Thanks for your replay System Center guy (Roger?),

    executing your vbs reveals

    sc-fw.vbs(30, 13) (null): 0x8004100E

    which is the line

    Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & serverName & "\root\microsoft\windows\smb")

    I tested in PowerShell (as Administrator) on W2K8R2

    Get-WmiObject -Namespace ROOT/Microsoft -List



    Get-WmiObject -Namespace ROOT/Microsoft/Windows -List

    Error on W2K8R2: invalid namespace!

    To proof, switched to a W2K12R2 computer tested again

    Get-WmiObject -Namespace ROOT/Microsoft/Windows -List
    Success on W2K12R2.

    As I said, the problematic computers are Windows Server 2008 R2 and it seems that the WMI namespace root/microsoft/windows - and hence root/microsoft/windows/smb - and it's classes were not introduced before Windows Server 2012.

    Could it be?

    And there is then one more thing: I have another W2K8R2 computer, which does NOT throw an alert...
    • Edited by COWegner Wednesday, August 29, 2018 9:11 AM Added the last line for another W2K8 computer
    Wednesday, August 29, 2018 9:07 AM
  • HI,

    Are the problematic 2008 servers same OS build? Have you tried re-building the WMI repository on one of them?


    Sam (Please take a moment to "Vote as Helpful" and/or "Mark as Answer" wherever applicable. Thanks!) Blog:AnalyticOps Insights Twitter:Sameer Mhaisekar

    Wednesday, August 29, 2018 10:21 AM
  • Sameer,

    yes all 2008 servers (the ones throwing the alert and the only one not doing so) have the same build number.

    I have tried rebuilding and resetting WMI like here. Still no joy.

    I still believe, that this namespace hasn't been part of Windows Server 2008 R2 RTM or SP1. I guess the namespace on the one doing alright must have been expanded by the installation of some product?!

    Wednesday, August 29, 2018 11:44 AM
  • Hi, I have the same problem and I can not fix it, did you find a solution ?

    Thanks for your help

    Hi, I have the same problem and I can not fix it
    Hi, I have the same problem and I can not fix it
    Hi, I have the same problem and I can not fix it
    Hi, I have the same problem and I can not fix it
    Hi, I have the same problem and I can not fix it
    Hi, I have the same problem and I can not fix it
    Tuesday, December 4, 2018 3:10 PM
  • Sorry Dylan,

    I would have posted the solution if I ever had found one.

    Kind regards

    P.S.: You keyboard seems to have a simultaneous repeating error on Ctrl + V keys...

    Wednesday, December 5, 2018 6:04 AM
  • disable

    "File Server Remote Management (SMB-In) port 445 "

    Will resolve your issue!

    Friday, June 21, 2019 1:04 AM
  • I am having the same issue, where firewall is ON and rules are enabled. However SCOM still alerts that either firewall or ports are not on. 

    The only thing im assuming is that the current network profile has to be either private or domain, as the script does not make reference to the public profile (stand to be corrected).

    Tuesday, January 21, 2020 1:54 PM
  • i know this is old but.... restart the network location awareness service,  shows as an unidentified network

    Tuesday, March 17, 2020 7:14 PM