Internet Connection Firewall is Blocking BES Traffic - BES Relay/Server (WSH disabled)
Log In or Register to download the BES file, and more.

0 Votes

Description

The listed computers have Windows Internet Connection Firewall (ICF) enabled. ICF is currently configured to block inbound UDP or TCP traffic on the port used by BES (BES uses port 52311 by default).

Both UDP and TCP packets are used by the BES Server and BES Relays to send information about new actions and fixlets. After configuring Windows Firewall to allow inbound traffic on the BES Listen Port, BES Servers and BES Relays will resume normal communication.

Note: After this action is applied, affected BES Relays will not report until they have performed their standard once-per-day gather or until the BES Relay is restarted.

Note: Running the actions below may cause client machines to briefly display pop-up and command prompt windows.

Note: Windows Scripting Host is disabled for this computer and it will be temporarily enabled to run a script which will configure ICF to allow inbound TCP and UDP connections. WSH will be disabled immediately after the script has run.

Property Details

ID561
TitleInternet Connection Firewall is Blocking BES Traffic - BES Relay/Server (WSH disabled)
CategorySupport
Download Size0
SourceBigFix
Source ID<Unspecified>
Source SeverityImportant
Source Release Date10/3/2005 12:00:00 AM
KeywordsBES Firewall ICF UDP TCP
Added by on 10/17/2012 1:16:12 PM
Last Modified by on 10/17/2012 1:16:12 PM
Counters 3164 Views / 5 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 85 fixlets and 10 analyses   * Results in a true/false
Show indented relevance
exists relay service OR exists main gather service
Used in 2 fixlets   * Results in a true/false
Show indented relevance
(not exists application of file type ".vbs" of registry) OR (not exists file "cscript.exe" of system folder)
Used in 2 fixlets   * Results in a true/false
Show indented relevance
(it >= "5.1" AND it < "8.0") of version of client
Used in 2 fixlets   * Results in a true/false
Show indented relevance
((name of it = "WinXP" AND (it = "" OR it ends with "1") of csd version of it) OR ((name of it = "Win2003" OR name of it = "WinXP-2003") AND csd version of it = "")) of operating system
Used in 2 fixlets   * Results in a true/false
Show indented relevance
(exist internet connection firewall whose (enabled of it AND (not exists port mapping whose (enabled of it AND protocol of it = "tcp" AND internal port of it as string = (value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry) as string) of it OR not exists port mapping whose (enabled of it AND protocol of it = "udp" AND internal port of it as string = (value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry) as string) of it)) of adapters of network)

Actions

Action 1

Action Link Click here for information on how to make this action a "policy" action that will automatically open the BES port on any computer that has this Fixlet message relevant.
Script Type URL 
http://support.bigfix.com/cgi-bin/kbdirect.pl?id=113

Action 2

Action Link Click here for more information about the Internet Connection Firewall from Microsoft.
Script Type URL 
http://technet.microsoft.com/en-us/library/bb457033.aspx

Action 3

Action Link Click here to enable incoming traffic on the port reserved for BES.
Script Type BigFix Action Script 
// enable the WSH
download http://www.symantec.com/avcenter/noscript.exe
continue if {(size of it = 127432 and sha1 of it = "c19722c97b73210065ec58fd43cbf4b0c84dd3e5") of file "noscript.exe" of folder "__download"}
wait __download/noscript.exe /silent /on
// Change the firewall settings
run "{pathname of client folder of site "BESSupport" & "\RunQuiet.exe"}" "{pathname of system folder}\cscript.exe" "{pathname of client folder of site "BESSupport"}\icfconfirm.vbs"
wait "{pathname of system folder}\cscript.exe" "{pathname of client folder of site "BESSupport"}\besport.js" 127.0.0.1 "{value "ListenPort" of key "HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry}" 0 both
// disable WSH 
wait __download/noscript.exe /silent
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 4

Action Link Click here to disable the Internet Connection Firewall.
Script Type BigFix Action Script 
// enable the WSH
download http://www.symantec.com/avcenter/noscript.exe
continue if {(size of it = 127432 and sha1 of it = "c19722c97b73210065ec58fd43cbf4b0c84dd3e5") of file "noscript.exe" of folder "__download"}
wait __download/noscript.exe /silent /on
// Change the firewall settings
run "{pathname of client folder of site "BESSupport" & "\RunQuiet.exe"}" "{pathname of system folder}\cscript.exe" "{pathname of client folder of site "BESSupport"}\icfconfirm.vbs"
wait "{pathname of client folder of site "BESSupport" & "\RunQuiet.exe"}" "{pathname of system folder}\cscript.exe" "{pathname of client folder of site "BESSupport"}\icfdisable.vbs"
// disable WSH 
wait __download/noscript.exe /silent
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer


Comments

Log In or Register to leave comments!
 

Content

Search
Share
Learn
Projects

Utilities

View SCM Scripts
Base64 Converter
Shell to Action Script

About

About Us
Tour
FAQ
Terms
Contact Us

BigFix Resources

Download BigFix
Support
Forum
Github/Bigfix
bigfix.me All Content
Hosted on bigfixme-as