Our Safe AutoLogon Password Server, Rolling Restart, and Relevos consoles communicate with remote computers. If the remote computers are running firewalls, network administrators need to know which ports to open on their firewall for the console and clients. This information also applies to activating licenses using our LAS Server software.
TLDR version - disable Windows Firewall for 'Domain networks'. Or, at a minimun, enable these ports:
Microsoft APIs use RPC over TCP. "If" your clients' firewalls are turned on and you only enable the above ports, the time RR takes to do its initialization checks prior to restarting (in the case of Rolling Restart) will take much longer, upwards of a few minutes per client. To alleviate this delay, open up Registry Editor, and under the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control, create a new DWORD called SCMApiConnectionParam. Set its data value to Hex and enter: 80000000. This will use RPC/NP instead of RPC/TCP and is up to 20x faster.
We recommend, if possible, to turn off the firewall for Domain networks. This applies to Rolling Restart, Relevos, Safe AutoLogon Password Server, and all LAS license activations. They all use port 135 or port 445 to communicate with the remote computer, so be sure at least one of these two ports are open on your firewalls/routers. If you cannot turn off the firewall for Domain networks, then follow the guides below.
Additionally, parts of our software may use WMI for remote information we are unable to obtain by any other method. Microsoft assigns WMI a random port from 49152 – 65535 in Windows 2008 and above. There are articles on how to force WMI to use a fixed port, but WM Software has not tested this.
How to open ports using Windows Defender Firewall:
Option A: Let Windows change the Inbound Firewall Rules
Option B: Manually change the Inbound Firewall Rules to open the necessary ports
No questions yet.