If you get an "the RPC server is unavailable" error message while trying to execute commands remotely on a Windows XP system with Service Pack (SP) 2 installed, you may need to adjust the group policy for the domain as it applies to the Microsoft Windows firewall that is activated when you install SP 2 on Windows XP systems.
For instance, if I try to remotely query a Windows XP system, named "U" in the example below, to determine the processes currently running on it with the command shown, I get such an error message.
C:\Documents and Settings\Administrator>tasklist /s u
ERROR: The RPC server is unavailable.
But, if I log into that system and check the services running on it, I see that the RPC server is running 1 (the service is "RpcSs").
C:\Documents and Settings\Administrator>tasklist /svc /fi "services eq RpcSs"
Image Name PID Services
========================= ====== =============================================
SVCHOST.EXE 984 RpcSs
But in this case, though I'm logged into the domain controller under the Administrator acount when I issue the query to determine the running processes on the remote Windows XP Professional system, I'm being blocked from obtaining the information I want from the system by the Windows XP Firewall running on the system.
To correct the problem, I took the following steps 2 on the domain controller.
Default Domain
Policy\Computer Configuration\Administrative Templates\Network\Network
Connections\Windows Firewall\Domain Profile
. While navigating
through the window, I saw "Administrative Templates" windows with the
message "The following entry in the [strings] section is too long and has
been truncated." I clicked on "OK" to close each of those windows when
I encountered them.
localsubnet
in the "Allow unsolicited incoming messages
from" field and clicked on "OK".
In the console window, I then saw the value for "Windows Firewall: Allow remote administration exceptions" listed as "Enabled" rather than "Not configured".
When you change the Windows XP firewall policy by the above method, the change won't happen immediately. The default update interval for changes to group policies is 90 minutes on domain members and 5 minutes on a domain controller, without restarting the computer. If you want the changes to occur immediately without restarting a computer, you can use the Group Policy Update utility, gpupdate4.
I ran gpupdate
on the domain controller and on the Windows
XP system. As soon as I ran it on the Windows XP system, I was able to remotely
query that system from the server.
C:\Documents and Settings\Administrator>gpupdate
Refreshing Policy...
User Policy Refresh has completed.
Computer Policy Refresh has completed.
References:
Created: March 19, 2006