Unable to do the windows update through batch patch. When I tried to check for available updates, some instances are showing the error message as “Error 1601: Failed to retrieve WMI info. The RPC server is unavailable".
I have tried the below troubleshooting steps for those instances which are showing error.
1. Windows Firewall – opened ports 135 and 445
2. Checked the RPC service to see if it is running and set to automatic
3. If the instance is stopped, we have left it alone
Followed this KB https://batchpatch.com/troubleshooting-common-errors-in-batchpatch no luck. Anyone who has experience or idea what is wrong please guide me.
It's peculiar that you would post on stackoverflow rather than contacting BatchPatch support directly (https://batchpatch.com/contact) or posting on the support forum (https://batchpatch.com/forum).
The page that you linked (batchpatch.com/troubleshooting-common-errors-in-batchpatch) contains additional links for troubleshooting the 'RPC server is unavailable' error. It specifically points to these two links:
batchpatch.com/using-batchpatch-with-windows-firewall
batchpatch.com/batchpatch-ports
It is not sufficient to just open 135 and 445 in the Windows Firewall. You must open 'File and Printer sharing' and 'Windows Management Instrumentation (WMI).' In your case, probably the error is occurring because you did not open 'Windows Management Instrumentation (WMI).'
The above link also further explains:
In order for WMI to work properly… The target computer must be able to
receive and process RPC (Remote Procedure Call) requests. Both the WMI
and RPC services must be running on the target computer. If you’re
using Windows Firewall on the target computer, then please follow the
instructions on this page to configure it properly: Using BatchPatch
with Windows Firewall
(batchpatch.com/using-batchpatch-with-windows-firewall).
If you are using a hardware firewall, the configuration for WMI can
potentially be a bit trickier, depending on the particular firewall
device. WMI connections, by default, are not established on a
static/fixed port. Instead WMI uses dynamic port configuration for its
connections, which means that the actual ports used for a given
connection are established on-the-fly at the time of connection. Each
connection will end up using different ports. In the context of a
classic hardware firewall, this used to be a problem because hardware
firewalls would typically require any open ports to be configured
manually. An enterprise firewall administrator could never know in
advance which ports would need to be opened. However, fortunately many
modern firewalls now implement DCE/RPC, which solves this problem and
allows the use of dynamic ports for WMI/RPC. If you have a network
level hardware firewall in place between the BatchPatch computer and
the target computers, you’ll need to configure it to allow DCE/RPC, so
that it can open the necessary ports, on-the-fly, for each WMI
connection. More info on DCE/RPC can be found at the following two
links:
en.wikipedia.org/wiki/DCE/RPC
wiki.wireshark.org/DCE/RPC
Related
We have written (in Go and Delphi) several Windows microservices, which respond to HTTP requests on specific ports in the 11000-12000 range. These are designed to run internally within the Domain or Private network of the client (i.e. not on the internet).
They run perfectly on all but one of our 50+ client systems, on OS's ranging from Windows 7/10/11 to Windows Server 2008R2/2012/2016/2019. The installation process for each of these services sets up rules in the Windows firewall to accept the requests to each service exe.
The one client system that they dont work on is running Windows Server 2016 Essentials. This is the only client system running that specific OS, so that may be a factor in the problem.
Even locally using a web browser on that system to query the services they dont work. The requests just wait for a while and then timeout: ERR_CONNECTION_TIMED_OUT.
However the same requests to the same ports at address 127.0.0.1 (localhost) work instantly - proving the services are actually running.
The mode of failure when the targeted service is not running, or if we address the wrong port, is different. In that case we get a quick "refused to connect" failure: ERR_CONNECTION_REFUSED
There are no third party antivirus or firewall products installed on the system, which is only using Windows Defender with the normal Windows firewall. We've tried everything we can think of with the Windows firewall, including turning it off completely. Nothing we've tried made any difference.
We've tried using many alternative port numbers, but we dont get any success until we get up to the 49000 range and above, but we'd really rather not have to change from our normal port number range unless its completely unavoidable.
We've spent many hours trying to find any solution without any luck. We are really hoping that some bright person out there has some idea that will lead to finding the cause of the problem.
I am trying to setup build servers, and a mac available for remote builds in VS. As results I have a Synology server setup with VPN enabled. The Firewall and all settings are setup according to the synology guide. I have then enabled port forwarding on my linksys WRT1900ACS router, for the three ports needed (500,1701,4500), which is also enabled in the firewall on the router. I then access the VPN locally without any issues, tried with different guides (guide1 guide2 guide3).
I then create copies of the vpn connection and inserting my static IP from my ISP. I logon to a tethered internet from my phone, as to ensure the network is different. I then get an error:
local l2tp connection attempt failed because the security layer encountered a processing error during initial negotiations.
Searching it seems like it is an error with the registry (reg 1 reg 2). Changing that just makes the vpn connection hang. What am I doing wrong? After waiting a long period of time (several minutes), the same error returns.
I have also tested on an Ipad using the settings defined in ios-settings.
For others the above guides solves the issue if you have a static IP. You however have to ensure that your ISP, have allowed the traffic, and that your router does not receive a double IP registration, rendering your static IP invalid.
which was the case for me.
I need to check if remote host is Windows or Unix/Linux.
I can't assume that it has web server configured.
All I can do is to try to connect to several TCP or UDP services.
Which TCP services (TCP port numbers) usually will be opened on Windows and not on Unix/Linux and vise versa?
The other way is to try to ssh to it, and if it fails assume that it Windows host. The problem is, that I need this in order to choose the remote access method ssh or something Windows friendly like psexec.
You can read the output of nmap to detect which OS a remote host is running. It has a whole module dedicated to this. Here is a guide to using it.
Why not just try to connect one way, and if that fails, connect the other way, and if neither work, tell the user?
If that's all you're trying to do, there's no need to actually check the OS.
This is not an easy thing to answer with any degree of certainty as there are very few ports that will always be open on one OS but not on another.
You could try some/all of the following
80 http obviously
22,23 Telnet and SSH (Not usually open on windows, one at least usually open on *nix)
135 Used by WMI so often open on windows
1443 (Possibly SQL Server)
691 Used by MS Exchange routing
3389 MS Remote Desktop
I would suggest that scanning ranges of ports may lead you into trouble particularly if these are not your machines. You may find your IP address logged as a possible source of "Port Scanners"
There are some fairly extensive lists of ports available on the web. e.g. http://keir.net/portlist.html
I am trying to develop one application which can block all urls using win32 api on windows desktop application.
So is there any api or any procedure doing programmatically so that i can block all urls?
It's impossible to block just URLs. If you want to make sure no one can access the internet the only way to do this would be to unplug the ethernet cable. (Or whatever is giving you connectivity) Here's why:
Blocking all DNS resolution won't stop someone from accessing http://206.132.84.265/
Blocking port 80 and 443 won't stop someone from accessing a web site hosted on a non-standard port.
Denying access to IE and installation of any other software won't stop someone from downloading a browser that doesn't require to be installed (Like a text browser) and putting it on a thumb drive.
Buying an expensive firewall that blocks HTTP traffic won't be able to stop SSL operating on a non-standard port.
Believe me, back in highschool I worked in a warehouse with a scanner gun and figured out how I could check my email with it (with a little help from my computer at home) since an internet gateway was on the same network.
If you want to block people from surfing the web, disconnect the internet.
I suppose you can do it using the Windows Firewall API
http://msdn.microsoft.com/en-us/library/Aa366453.aspx
You can do this using Windows Firewall Protocol. This is an API provided by Microsoft.
For Vista it's straight-forward, but for XP you need to do some work around, as examples are not available for that.
I'm in need of setting up cron-based VPN connectivity from Ubuntu "Jaunty" to a Windows-based VPN over PPTP for incremental DB synchronization. Using the default Network Manager and PPTP module everything seems to work fine. However, I have 2 issues:
1) Despite checking "Use this only for resources", I still lose my local internet connection and am routed through their servers.
2) As a result of 1 I have need to automate connecting to and disconnecting from the VPN in order to perform various tasks as the machine is at the office and I am not.
Much of the information I'm finding on PPTPing from Linux to Windows involves the use of GUI Network Manager, etc. However, I need to perform these steps from the command line for the sake of automation. Can anyone point me to a quality bit of documentation for this specific case?
Best.
http://pptpclient.sourceforge.net/
I think this site has everything that you need :)