KB1139 - Unique assigned TCP port for WM Software

For some existing customers and companies doing Proof-of-Concept work, there might be a situation where their computers (clients and/or servers) have their firewalls enabled, either the firewall that comes with Windows or a 3rd party firewall. Enabling the firewall caused an issue for Safe AutoLogon™ and Safe AutoLogon Password Server™ products as they were unable to communicate. To get around this, companies had to open port 135, 139 and/or 445. However, having these well-known ports open can expose a security vulnerability that could be exploited by an unauthenticated attacker with network access to these ports.

To remediate this issue and to minimize the security footprint, WM Software applied for and was granted a TCP port to use by iana.org, IANA (Internet Assigned Numbers Authority) is the organization that oversees the assignment of TCP ports, among other IP allocations. WM Software is assigned port 21801. By enabling the use of port 21801 in its software, and opening up port 21801 in the computer's firewall, WM Software products are able to fully communicate.

TCP ports are arranged in the following three ranges (see RFC700):
Well-known ports range from 0 through 1023.
Registered ports are 1024 to 49151.
Dynamic ports (also called private ports) are 49152 to 65535.

There are two steps that need to be done so the software can communicate over port 21801:

Step 1. Enable the WM Software product to use 21801. This can be done either from within the WM Software product, by downloading and running our Port 21801 Enabler, or by adding a REG_SZ in the Settings key of the product with name "WMSCommPort" and the value "21801".

Step 2. Open and enable port 21801 in the firewall.
For Windows firewall, this can be done by downloading and running our Port 21801 Enabler, or by using this command:
netsh advfirewall firewall add rule name="21801" dir=in action=allow protocol=tcp localport=21801

Step 3: Install the WM Software product
If installing on a client, the port and Registry entry MUST be done first. Otherwise, the software will need to be restarted, both the software's service(s) and the software GUI itself.


Once those steps are done at the client and server, the software can fully communicate.



No questions yet.