none
Unable to connect to Event Viewer via Computer Management (Win 7 -> Win 2008 Server) RRS feed

  • Question

  • Using my Windows 7 workstation, I am unable to connect via Computer Management and view the Event Viewer logs of a Windows 2008 server box here. The error message is:

    "Event Viewer cannot connect to computer "Servername.domain.edu". The error reported is:  The RPC server is unavailable."

    I went into the Windows 2008 server, into WIndows Firewall w/Advanced Security, and it is configured with the following specifically relevant to this issue:

    Remote Administration (RPC) -  for Domain, allow, with my remote IP address for my workstation specified.

    Remote Event Log Mamagement (NP-IN) and (RPC) are both also enabled, Allow, for All remote addresses. (The domain firewall setttings referenced above are brought in through Group Policy. I turned on the Event Log ones manually on the server.)

    What other rules may be causing this still, that I have not checked? I have seen hints that you have to enable firewall rules on the local end, but I checked Firewall settings on my Win7 workstation and cannot find any Outgoing rules that refer to Remote Administration or Event Viewer at all.

    Additionally I also noticed that I cannot access Disk Management on the 2008 server via my Win7 box and Computer Management, even though the three Remote Volume Management rules are all enabled for Allow.

    Thursday, May 19, 2011 5:04 PM

Answers

  • Okay, I have found the cause of the problem and identified the possible solutions.

    http://support.microsoft.com/kb/929851

    "To comply with Internet Assigned Numbers Authority (IANA) recommendations, Microsoft has increased the dynamic client port range for outgoing connections in Windows Vista and in Windows Server 2008. The new default start port is 49152, and the default end port is 65535. This is a change from the configuration of earlier versions of Windows that used a default port range of 1025 through 5000."

    Our campus IT group has, as I mentioned, firewalls up between our different VLANs - and that firewall between my workstation and the server is not configured to allow traffic from ports 49152 through 65535.

    I have two options to correct this:  A) I can ask Campus IT security to open those ports (as they did so for ports 1025 through 5000 for Win2003), or B) I can manually configure my 2008 server to use different ports, like so:

    "the port range that is used by the servers can be modified on each server. You adjust this range by using the netsh command, as follows:

    netsh int <ipv4|ipv6> set dynamic <tcp|udp> start=<var>number</var> num=<var>range</var>"
    "To duplicate the default behavior of Windows Server 2003, use 1025 as the start port, and then use 3975 as the range for both TCP and UDP. This results in a start port of 1025 and an end port of 5000."
    I am going to mark this question as answered. Thank you very much, Dave, your suggestion about Port 135 was what got me on the right track. I ended up having Campus IT open Port 135, though it was not successful. But after that, I had them monitor my attempt at opening Event Viewer, and they were able to see what ports were being blocked. From there, I was able to find the KB article.
    Best,
    Brian
    • Marked as answer by LoneWolfBW Tuesday, June 7, 2011 8:47 PM
    Tuesday, June 7, 2011 8:47 PM

All replies

  • Does it work with firewalls off?

     

     

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]
    Thursday, May 19, 2011 5:28 PM
  • I just took the machine off the domain and manually turned off all Windows Firewalls. The error remains the same, in every respect.

    "Event Viewer cannot connect to computer "Servername.domain.edu". The error reported is:  The RPC server is unavailable." (In the new case, it is 'cannot connect to computer 10.x.x.x, but the rest is the same.)

    As before, after I get that error, it continues trying to connect, finally yielding a message "You do not have permission to access this computer." Then, as before,  I see the three options within Computer Management:  System Tools, Storage, Services and Applications.  And as before, if I click (for example) on Event Viewer, the arrow next to it disappears, and there is no access to it.  The same with Task Scheduler, or Shared Folders. I basically see all the headers that you would find under Computer Management, but no content within.

    This then, raises an even bigger question. If Windows Firewall is not blocking me from connecting through, then what possibly could?  I can RDP into the box without an issue from my workstation, so I can rule out network connectivity in general (plus, when I use Computer Management, it does 'connect' after a fashion as I mentioned above. It is not the same as being unable to reach the box at all, which yields the message "Computer \\computer.domain.edu cannot be managed. The network path was not found.")

    I have other servers on the same subnet, which I routinely manage from the same workstation using Computer Management. THe only difference is that this new machine runs Windows Server 2008. What else am I missing, do you think?

    EDIT:

    The "Services" function of Computer Management under Services & Applications DOES work for that server. It is about heonly thing that does, but it does show that I have some connectivity at least.

    Thursday, May 19, 2011 6:56 PM
  • Disjoining the domain changes the permissions relationship so IMO is not really a valid test. These ones may help. The RPC port mapper initially needs to have port 135 open and available.

    http://support.microsoft.com/kb/831051

    http://kb.juniper.net/KB12057

    http://www.hsc.fr/ressources/articles/win_net_srv/msrpc_portmapper.html

    http://www.symantec.com/business/support/index?page=content&id=TECH3107

     

     

     

     

     

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]
    Thursday, May 19, 2011 7:24 PM
  • Additional note:

    I did a second series of tests where I put the computer back on the domain (the problem remained, of course), and then I put it in its own OU, which blocked out the GPO that provides the Windows Firewall settings. I am now able to turn off the firewall and the computer remains on the domain. However, nothing changes as far as the errors, they are consistant all the time.

    At this point, I am going to start looking at our campus firewalls as a possible culprit. I considered that at the outset, but it shouldn't be an issue, because as I said, I have other servers on the same subnet as this server, all of which I can connect to via Computer Management normally. So I would think that if there was a problem with the firewall rules there, it would affect every machine on that subnet, not just the one running 2008 Server. However, there is no other explanation that I can find at this time.

    Is there something that changed with Server 2008?  That seems to be the only consistent factor here.

     

    Thursday, May 19, 2011 7:41 PM
  • That's a loaded question for sure but nothing that stands out for this issue I'm aware of. You might check the security and system event logs on both sides for clues.

    These ones may also help.

    http://www.petri.co.il/remote-management-in-windows-server-2008-r2.htm

     http://blogs.technet.com/b/askds/archive/2008/06/05/how-to-enable-remote-administration-of-server-core-via-mmc-using-netsh.aspx

     

     

     

     

     

     

     

     

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]
    Thursday, May 19, 2011 7:58 PM
  • Dave,

    Just a follow-up, I am currently in communication with our campus IT department who control the firewall. It is looking tentatively like they may not have Port 135 open - while this does not affect the Windows XP and Windows 2003 servers in that zone, it appears that it may be the culprit with the WIndows 2008 server.

    Once they open Port 135 between the two VLANs (where my workstation is, and where the servers are), I will let you know if that resolves the issue.

    Thanks for the port tip, I am hoping that is the key.

    Brian

    Friday, May 20, 2011 7:28 PM
  • Ok, sounds good.

     

     

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]
    Saturday, May 21, 2011 3:17 AM
  • Okay, I have found the cause of the problem and identified the possible solutions.

    http://support.microsoft.com/kb/929851

    "To comply with Internet Assigned Numbers Authority (IANA) recommendations, Microsoft has increased the dynamic client port range for outgoing connections in Windows Vista and in Windows Server 2008. The new default start port is 49152, and the default end port is 65535. This is a change from the configuration of earlier versions of Windows that used a default port range of 1025 through 5000."

    Our campus IT group has, as I mentioned, firewalls up between our different VLANs - and that firewall between my workstation and the server is not configured to allow traffic from ports 49152 through 65535.

    I have two options to correct this:  A) I can ask Campus IT security to open those ports (as they did so for ports 1025 through 5000 for Win2003), or B) I can manually configure my 2008 server to use different ports, like so:

    "the port range that is used by the servers can be modified on each server. You adjust this range by using the netsh command, as follows:

    netsh int <ipv4|ipv6> set dynamic <tcp|udp> start=<var>number</var> num=<var>range</var>"
    "To duplicate the default behavior of Windows Server 2003, use 1025 as the start port, and then use 3975 as the range for both TCP and UDP. This results in a start port of 1025 and an end port of 5000."
    I am going to mark this question as answered. Thank you very much, Dave, your suggestion about Port 135 was what got me on the right track. I ended up having Campus IT open Port 135, though it was not successful. But after that, I had them monitor my attempt at opening Event Viewer, and they were able to see what ports were being blocked. From there, I was able to find the KB article.
    Best,
    Brian
    • Marked as answer by LoneWolfBW Tuesday, June 7, 2011 8:47 PM
    Tuesday, June 7, 2011 8:47 PM
  • Nice. Thanks for letting us know.

     

     

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]
    Wednesday, June 8, 2011 2:35 AM