We have an application that creates a COM+ application when it is installed. On Windows 2008 Servers with the firewall enabled, we have not been able to figure out how to poke a hole through the firewall so workstations can use the COM+ application through the application proxy.
We have worked with Microsoft support on this issue for two different companies using the application, and the resolution in both cases has been to disable the Windows firewall and use a third-party firewall.
Can this be done?
Best Answer
Remote access would use DCOM, so you'd need to open tcp/135 (there's a prebuilt rule,
COM+ Network Access (DCOM-In)) for the initial RPC connection. The RPC Endpoint Mapper will hand out a dynamic port for the secondary connection. So, you also need a rule to allowDynamic RPC- which are the specific ports that RPC has handed out.If basically turning off your firewall for ports > 1024 makes you a bit uneasy (as it probably should, doubly so if you're internet facing) then you can either restrict the RPC range or use a fixed endpoint for the application.