Using DameWare Development Products in Conjunction with XP Service Pack 2

When a remote machine is running XP SP2, or XP SP1 with the ICF Firewall, or ANY other type of Firewall hardware/software, then more than likely the default configuration of that hardware/software will be blocking the necessary ports required by our software. You don't need to disable the Firewall in order to resolve this issue, but you will have to modify the default firewall settings in order to let the necessary traffic pass through. All versions of our software are compatible with any Firewall (hardware or software) but you have to properly configure the Firewall to allow the necessary traffic to pass through.

We have thoroughly tested our software in conjunction with XP-SP2 and we haven't had any problems connecting to remote machine running SP2 or any other type of Firewall. In our testing, in order for the DameWare NT Utilities and/or DameWare Mini Remote Control programs to successfully connect to a remote machine running Windows XP-SP2, you will have to modify the default XP Firewall settings. Here is a link to a document that our support staff quickly put together that explains the settings that we changed to make it work. Please also understand that it is not our recommendation that you open these ports on your firewall. We are simply sharing the settings that we personally changed in order to get the software to function properly in our network implementation. Click here to download the configuration document

Also, according to Microsoft, you should also be able to configure the XP-SP2 firewall by pushing out an INF file, or even configuring the necessary ports via AD Group Policies.

Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2
http://download.microsoft.com/download/6/8/a/68a81446-cd73-4a61-8665-8a67781ac4e8/wf_xpsp2.doc

Managing Windows XP Service Pack 2 Features Using Group Policy
Deploying Group Policy Settings in SP2
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/mangxpsp2/mngdepgp.mspx

Managing Windows XP Service Pack 2 Features Using Group Policy
Windows Firewall
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/mangxpsp2/mngwfw.mspx

You may also be able to connect to the remote machine using the Mini Remote Control program's RDP (Remote Desktop) functionality, and then make the necessary changes to the Windows Firewall settings, to allow the MRC program to connect. By default when you install SP2, I believe the Remote Desktop ports are already open in the Windows Firewall settings.

This is basically how you do it, however, I will use port 11111 instead of the default port of 6129 as an example:

1. Right-click on My Network Places and select Properties.
2. In the Network Connections dialog, under the Network Tasks section, select Change Windows Firewall Settings.
3. Now the Windows Firewall dialog is displayed.
4. Click on the Exceptions Tab, then click on the "Add a Port" button.
5. Specify the Name you want to assign the Port. Use a good description, something like "DameWare MRC - 11111".
6. Then Specify 11111 in the Port Number field and make sure TCP is selected.
6. Then click on the Change Scope button and modify the Scope to match your network configuration (i.e Any Computers, Same Subnet, or a custom list of subnets).
7. Click on OK to exit the Change Scope dialog.
8. Click on OK to exit the Add a Port dialog.
9. Now, make sure the "DameWare MRC - 11111" port is enabled.
10. Click on OK to exit the Windows Firewall configuration.

Please also remember that in my example above the Client Agent must also be installed & listening on TCP port 11111 (or whatever port you chose). If the Mini Remote Client Agent Service is not installed & running on the remote machine, or if you are attempting to connect to the remote machine via the DameWare NT Utilities program, then additional ports are required in order to connect to that remote machine, basically File & Printer Sharing. However, please also note that the File & Printer Sharing ports are not enabled by default. Furthermore, once you enable the File & Printer Sharing Port, you must also adjust the Scope on each of those ports correctly to match your network environment.

Another thing to keep in mind that the installation of the Mini Remote Client Agent Service is actually performed via the Operating System itself, via the Operating System's installed protocols, basically File & Printer Sharing (137-139/445), not a straight TCP connection. Whereas once the Client Agent Service is installed and running on a machine, then only a single TCP port is used.

Please refer to the knowledgebase article below for a list of ports required to remotely install, start, stop, or remove the Mini Remote Client Agent Service. These same ports described in the knowledgebase article (i.e. 137/139, 445, etc...), basically "File & Printer Sharing", referenced below are also the same ports that are required to remotely install, start, stop, or remove the Mini Remote Client Agent Service (or any other Service) . These same ports are also required for the DameWare NT Utilities program to function properly.

How to Use DameWare Development Software in Conjunction with a Firewall
http://www.dameware.com/support/kb/article.aspx?ID=201045

Basically, if the Mini Remote Client Agent is already installed & running on the remote machine, then whatever port you chose for the Service to listen on is the port you need to open in the firewall.

In order to remotely install, start, stop, or remove the MRC Client Agent, then you will need to open additional File & Printer Sharing Ports, as well as possibly change the default scope for that port/protocol.

Also, the default port for the Mini Remote Client Agent is TCP 6129, however, any one of the valid 65,000 TCP ports can be used. We also recommend that you install & configure the Client Agent Service on some obscure port, something other than TCP 6129. TCP 6129 is a well known port for the Mini Remote Control program.