RPC Server Unavailable Because of XP Firewall

If you get an "the RPC server is unavailable" error message while trying to execute commands remotely on a Windows XP system with Service Pack (SP) 2 installed, you may need to adjust the group policy for the domain as it applies to the Microsoft Windows firewall that is activated when you install SP 2 on Windows XP systems.

For instance, if I try to remotely query a Windows XP system, named "U" in the example below, to determine the processes currently running on it with the command shown, I get such an error message.

C:\Documents and Settings\Administrator>tasklist /s u
ERROR: The RPC server is unavailable.

But, if I log into that system and check the services running on it, I see that the RPC server is running 1 (the service is "RpcSs").

C:\Documents and Settings\Administrator>tasklist /svc /fi "services eq RpcSs"

Image Name                   PID Services
========================= ====== =============================================
SVCHOST.EXE                  984 RpcSs

But in this case, though I'm logged into the domain controller under the Administrator acount when I issue the query to determine the running processes on the remote Windows XP Professional system, I'm being blocked from obtaining the information I want from the system by the Windows XP Firewall running on the system.

To correct the problem, I took the following steps 2 on the domain controller.

  1. I ran the Microsoft Management Console (MMC) 3 by clicking on "Start", selecting "Run", typing "mmc" and hitting enter.

    Console1

  2. I clicked on "File" then "Add/Remove Snap-in".

    Add/Remove Snap-in

  3. I clicked on the "Add" button.
  4. I selected "Group Policy Editor" and clicked on "Add".

    Add Group Policy Editor

  5. A "Group Policy Wizard" window then opened. The Group Policy Object listed in that window was "Local Computer". I clicked on "Browse" and then selected "Default Domain Policy" instead, then clicked on "OK".

    Default Domain Policy

  6. I then clicked on the "Finish" button, then the "Close" button on the "Add Standalone Snap-in" window, and the "OK" button on the "Add/Remove Snap-in" window.
  7. I then closed the console window where the policy had been added, by clicking on "File" then "Exit".

    Policy Added

  8. Then within the console window, I navigated to Default Domain Policy\Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile. While navigating through the window, I saw "Administrative Templates" windows with the message "The following entry in the [strings] section is too long and has been truncated." I clicked on "OK" to close each of those windows when I encountered them.
  9. I clicked on the "Standard" tab at the bottom of the console window in the right pane. I saw Windows Firewall: Allow remote administration exception".

    Allow remote administration
exception

  10. I then double-clicked on "Windows Firewall: Allow remote administration exception", set the configuration to "Enabled" and typed localsubnet in the "Allow unsolicited incoming messages from" field and clicked on "OK".

    Configure allow
remote administration exceptions

    In the console window, I then saw the value for "Windows Firewall: Allow remote administration exceptions" listed as "Enabled" rather than "Not configured".

    Allow remote
administration exceptions enabled

  11. I then exited from the console window by clicking on "File" then Exit". When asked whether I wanted to save the console settings, I chose "Yes". I accepted the default location to save the settings, which was "C:\Documents and Settings\Administrator\Start Menu\Programs\Administrator Tools", but changed the default name from console1.msc to xp-firewall.msc.

    Save xp-firewall.msc

When you change the Windows XP firewall policy by the above method, the change won't happen immediately. The default update interval for changes to group policies is 90 minutes on domain members and 5 minutes on a domain controller, without restarting the computer. If you want the changes to occur immediately without restarting a computer, you can use the Group Policy Update utility, gpupdate4.

I ran gpupdate on the domain controller and on the Windows XP system. As soon as I ran it on the Windows XP system, I was able to remotely query that system from the server.

C:\Documents and Settings\Administrator>gpupdate
Refreshing Policy...

User Policy Refresh has completed.
Computer Policy Refresh has completed.

References:

  1. Troubleshooting "RPC Server is Unavailable" in Windows
    Microsoft Help and Support
    December 15, 2004
  2. RPC Server Unavailable when auditing machines running Windows 2003 SP1 or XP SP2
    Microforge.net
    August 30, 2005
  3. MMC - Microsoft Management Console
    By Jim Foley/The Elder Geek
    The Elder Geek
  4. A Description of the Group Policy Update Utility
    Microsoft Help and Support
    October 20, 2003

newegg.com

Name brand products, up to 97% off MSRP! See today's deals at 1Sale.com!1px

Valid HTML 4.01 Transitional

Created: March 19, 2006