When I asked this question (both here on SF and IRL) about how to remotely access WMI, the answer I got from multiple sources was "use a fixed port." I've tried doing this, but it doesn't seem to be working, and as the other question is about firewalls, I'm asking this separately:
- Why is the WMI service not listening on port 24158? When I use
netstat -ano, port 24158 is nowhere to be found, nor is the WMI service process ID. - How will client machines know to use this port in the first place?
Do client machines have to make an RPC call over port 135, get the port number, which will then make the WMI process start listening, and the client will then contact the WMI service over whatever port it was told?
I've confirmed that the WMI service is running as a stand-alone process, and that it is using static port 24158 (by going to Component Services, DCOM Config, WMI properties, Endpoints, TCP/IP properties). The RPC service is also running.
Best Answer
The answer is "Yes," you contact the target on port 135, it opens up port 24158 in response to that and replies to you that it is available on port 24158, and you can continue the conversation there. (Before you made this change, it would pick a port from the range and provide that port in the response.)
Given the comments, it appears you have figured that out, but I'm posting the answer anyway to make it clear to others who may stumble across this.