当前位置:首页 > 服务器类 > Windows服务器 > > SP2 技巧 - 解决Windows Firewall引起的应用程序无法运行问题

SP2 技巧 - 解决Windows Firewall引起的应用程序无法运行问题

点击次数:24 次 发布日期:2008-11-29 19:44:02 作者:源代码网
源代码网推荐

  安装Microsoft Windows XP Service Pack 2 (SP2)后, 一些应用程序可能无法在更新的操作系统上运行. 这是因为默认情况下, Windows Firewall 为启用状态并屏蔽未被认可的外来连接. 本文讨论了如何建立一个防火墙例外项,通过将一个应用程序加入例外列表从而允许这个程序继续运行。

  为了提高基于Windows XP SP2的计算机的安全性能,Windows Firewall 屏蔽了未被认可的外来连接。但是有时我们还是需要建立一个例外规则来允许一些入站的连接。例如,在下列情况下:

  通过Internet进行多人联网游戏时;

  要从即时通讯软件接收文件;

  安装了Windows XP SP2后,客户端应用程序可能不能够成功的从服务器接收数据,以下是一些例子:

  FTP 客户端;

  流媒体M播放软件;

  邮件客户端的新邮件提醒;

  同样,运行在Windows XP SP2上的服务器端的应用程序也可能不能成功的回应客户端请求,以下是一些例子:

  Web服务器, 如IIS;

  远程桌面;

  文件共享;

  Windows XP SP2在默认情况下使用下面的交互式组件来实现这个例外规则:

  Windows Firewall 安全提醒

  有时Windows Firewall在屏蔽一个应用程序的运行时,会出现一个Windows Firewall 安全提醒 对话框。这个对话框包含以下信息:

  ...to help protect your computer, Windows Firewall has blocked this program from receiving unsolicited information from the Internet or a network

  这个提醒信息显示了程序的名称和程序的开发者。这个对话框包含3个选择:

  Unblock the program

  Keep blocking this program

  Keep blocking this program, but ask me again later

  下面说明如何使用这个对话框来允许这个程序运行。

  允许程序运行

  一些程序为了能够正常运行,必须从网络上接收信息。这些信息通过入站端口进入计算机。Windows Firewall 要允许这些信息进入,必须在计算机上打开正确的入站端口。要使程序和未装SP2之前一样的进行通信来允许程序正常的运行,可以使用以下的任何一个方法:

  通过安全提醒来允许程序运行

  在 安全提醒 对话框中,选择 Unblock this program.

  单击确定.

  通过Windows防火墙设置来允许程序运行

  如果你在安全提醒对话框中没有选择 Unblock the program,这个程序将被禁止运行。你可以通过配置Windows Firewall 来同样达到这个目的:

  点击开始,运行,在打开输入框中输入 wscui.cpl,然后点击确定

  点击Windows Firewall

  在Windows Firewall对话框中,选择例外选项卡,然后选择添加程序

  在添加程序的对话框中,选择列表中的程序或者通过浏览来选定一个程序

  如果你不能确定这个需要设定的程序的具体名称,参见后面所述

  选定程序后,确定
  
  在例外列表中,确定你选中的程序项前面的选择框为选中状态,确定

  注意 如果你以后不想将这个程序作为例外,只需要清除这个程序项的选择框.

  把程序添加到例外列表中有以下好处:

  你不需要知道程序具体使用的哪一个端口(与此相比,当你想通过打开端口方式来达到目的,你必须知道程序所使用的端口号,这将在后面详述)

  例外列表中的程序所使用的端口仅在等待接收一个连接的时候才会打开


 

  确定并打开端口

  如果将程序加入到例外列表之后还是不能够正常运行,或者是在选定例外程序时无法确定程序名称,你可以手工打开端口。在手工打开端口之前,必须先确定程序使用了哪些端口。确定程序使用端口的可靠方法当然是联系程序开发或支持厂商以获得所需的信息。但这种方法多数情况下不是那么方便,而且有时程序所用端口的列表不可提供时,你可以使用 Netstat.exe 来确定这些端口。

  用 Netstat.exe 来确定端口

  要使用 Netstate.exe 来确定程序所使用的端口,按照以下步骤:

  运行这个出问题的程序,并试图使用其网络功能。如对于媒体播放程序,打开一个音频流;对于Web服务器,启动Web服务;

  点击开始,运行,输入 cmd ,确定;

  获取监听端口列表 - 在命令提示行中输入以下命令并回车:

  netstat –ano > etstat.txt

  获取进程标识符来确定正在运行的进程 - 在命令提示行中输入以下命令并回车:

  tasklist > tasklist.txt

  注意 如果问题程序是作为服务运行的,需要在输入的命令中加入 /svc 开关来得到每个进程中加载的服务:

  tasklist /svc > tasklist.txt

  打开 Tasklist.txt,定位到需要诊断的那个问题程序,记下这个进程的进程标识符;

  打开 Netstat.txt,记下关联到那个进程标识符的的所有入口,同时记下所使用的通信协议(TCP或UDP);

  这个进程所使用的端口号将影响到如何解决这个问题:

  如果进程使用大于1024的端口,这些端口号可能不能改变;

  如果端口号小于1024,这个程序可能使用的是一个端口范围。因此,仅仅打开某些单独的端口可能没法解决这个问题;

  用 Windows Firewall 手工打开端口

  要确定确切的端口号可以联系程序开发或支持厂商以获得所需的信息或者查看用户文档。确定端口需要打开的端口后,按以下步骤:

  单击开始,运行,输入 wscui.cpl ,确定;

  选择 Windows Firewall;

  选择例外选项卡,单击添加端口;

  在添加端口对话框中,在端口号栏中输入需要打开的端口号,并选择 TCP 或 UDP 类别;

  输入端口名称,然后确定,例如输入 GamePort;

  要显示或设定这个端口例外的范围,点击改变范围,然后确定;

  在例外选项卡中,注意到新的服务已经列出,要打开这个端口,选中这个服务前面的选择框,然后确定;


 需要手工打开端口的程序列表见下页列表

应用程序:

Program Vendor Ports Default exception Notes
Visual Studio .NET Microsoft See the documentation See the documentation Needed only for Remote DCOM debugging
SQL Microsoft Dynamically assigned ports for RPC and DCOM Needed only for remote debugging
Backup Exec 9 Veritas 10000 C:Program Files
VeritasBackup Exec
RANT32eremote.exe 		Needed only to back up a client from a server
Ghost Server Corporate Edition 7.5 Symantec 139-TCP-NetBIOS Session Service; 445-TCP-SMB over TCP; 137-UDP-NetBIOS Name Service; 138-UDP-NetBIOS Datagram Service See the documentation Needed to push down a ghost client
Symantec AntiVirus Corporate Edition 8.0 Symantec File and Printer Sharing Checking the “Allow file and printer sharing” check box opens these ports: UDP 137, 138; TCP 139, 445. Needed to install client
SMS 2003 Server Microsoft Enable File and Printer Sharing ports See the documentation Needed to view Windows XP SP2 Client Event Viewer
Cute FTP 5.0 XP GlobalSCAPE 21 or FTP server See the documentation Needed to FTP in to a Windows XP SP2-based computer
Exceed 7.0, 8.0 Hummingbird 21 or FTP server See the documentation Needed so that FTP for Windows Explorer can connect to remote computers
KEA! 340 5.1 Attachmate 23 or "Telnet server" See the documentation Needed to establish Telnet session to remote host
WRQ Reflection X 10 and 11 WRQ 23 or "Telnet server" See the documentation Needed to establish Telnet session to remote host
Reflection for IBM 9, 9.03, 10 and Reflection X 10 and 11 WRQ 21 or FTP server See the documentation Needed so that FTP client can connect to remote computers
Smarterm Office 10 and Smarterm 11 Esker Software 23 or "Telnet server" See the documentation Needed to establish Telnet session to remote host
Smarterm Office 10 and Smarterm 11 Esker Software 21 or FTP server See the documentation Needed so that the FTP tool can connect to remote computers
ViewNow 1.05 Netmanage FTP server or 21 See the documentation Needed so that FTP tool can connect to remote computers
ViewNow 1.0 and 1.05 Netmanage 6000 (TCP/IP) and 177 (UDP) See the documentation Needed to establish X-Windows Sessions
ViewNow 1 or 1.05 Netmanage Telnet Server or 23 See the documentation Needed to establish Telnet session to remote host
Microsoft Operations Manager 2000 SP1 Microsoft Enable ICMP echo request, File and Printer Sharing and UDP See the documentation Needed to push MOM Agent onto a Windows XP SP2-based client that has Windows Firewall enabled
AutoCAD 2000, 2002, 2004 Autodesk 21 See the documentation Needed to browse projects using FTP viewer (File Open dialog) when remote FTP host has Windows Firewall enabled.
Backup Exec 9.1.4691 Veritas See the documentation %Program Files%
VeritasBackup Exec
RANTeremote.exe 		Needed to back up Windows XP SP2-based client
Windows Scanner and Camera Wizard Xerox Network Scanners 21 See the documentation Needed so that the Scanner and Camera Wizard starts and the scanned images are available for the user to access.
Symantec Corporate AntiVirus 9.0 Symantec See the documentation See the documentation Needed so that while pushing anti virus Definition to clients, the client computer will accept the updates and can be scanned.
ColdFusion MX Server Edition 6 Macromedia TCP (by default, 8500) See the documentation Needed to allow remote access as Web server
CA ARCserve Computer Associates 137-UDP-NetBIOS Name Service; 138-UDP-NetBIOS Datagram Service; 139-TCP-NetBIOS Session Service; 704-UDP; 1478-UDP-MS-sna-base; 1900-UDP-SSDP; 6050-TCP-ARCserve Service; 6051-TCP-ARCserve Service See the documentation Needed for remote installs, licensing, and client communications
EDM File System Agent 4.0 EMC 3895 See the documentation Needed to install EDM client from server to Windows XP SP2
Microsoft Systems Management Server 2003 Microsoft TCP:2701 %WINDIR%System32CCMCLICOMP
RemCtrlWuser32.exe 		Needed so that Remote Tool can remote control a Windows XP SP2-based client computer
Aelita ERdisk for Active Directory 6.7 Quest Software See the documentation File and Printer Sharing Needed to contact a remote computer
Hummingbird Host Explorer 8 Hummingbird 23 TCP and 21 TCP See the documentation Needed to Telnet in to a Windows XP SP2-based client
BV-Admin Mobile Bind View See the documentation File and Printer Sharing Needed to contact a remote computer
SQL 2000a Microsoft 1433 and 1434 See the documentation Needed to connect to remote computer
Backup Exec 8.6.1 Needed so that the server can push remote agent to a Windows XP SP2-based client
Microsoft SNA 4.0 SP3 Microsoft See documentation File and Printer Sharing Needed to see a Windows XP SP2-based client
Extra! Personal Client 6.5 and 6.7 Attachmate Telnet Server or port 23 See the documentation Needed to establish Telnet session to remote host
Extra! Enterprise 2000 Attachmate Telnet Server or port 23 See the documentation Needed to establish Telnet session to remote host
Extra! Bundle for TCP/IP 6.6 Attachmate Telnet Server or port 23 See the documentation Needed to establish Telnet session to remote host
Volume Manager 3.1 Veritas 2148 c:Progam FilesVeritas
Veritas Object BusBinvxsvc.exe 		Needed to connect to a Windows XP SP2-based client
BMC Patrol for Windows 2000 BMC Software On the Windows XP SP2-based (client) computer: TCP ports 3181, 10128 and 25; UDP ports 3181, 10128 and 25 \<Server Name>BMC SoftwarePatrol 3-4
Best16.5.00gsin
Best1CollectGroup.exe 		Needed to allow connection of server to client computer. Make sure that you have shared the BMC Patrol file on the server before you try to move to the default exception path on the client.
eTrust 6.0.100 Computer Associates File and Printer Sharing ports and ICMP echo request and port TCP 42510 See the documentation Needed to remote install to Windows XP SP2
NetShield 4.5 McAfee Security See the documentation File and Printer sharing Needed to Remote Connect to a Windows XP SP2-based client
Computer Associates eTrust 7.0 Computer Associates Add the File and Printer Sharing ports and ICMP echo request See the documentation Needed so that a Windows Server 2003 eTrust 7.0 server can remotely test logon to a Windows XP SP2-based client
Computer Associates eTrust 7.0 Needed so that a Windows Server 2003 eTrust 7.0 server can remotely install the client eTrust software on Windows XP SP2-based computers. Resolved by setting the following to 0 and then rebooting: HKEY_LOCAL_MACHINE
SOFTWAREPoliciesMicrosoft
Windows NTRPC
RestrictRemoteClients (DWORD value)

游戏

Game Vendor Ports Default exception
Chess Advantage III: Lego Chess Encore See the documentation See the documentation
Need for Speed Hot Pursuit 2 EA Games See the documentation See the documentation
Unreal Tournament 2003 Atari See the documentation See the documentation
Unreal Tournament Game of the Year Edition Atari See the documentation See the documentation
Midnight Outlaw: Illegal Street Drag 1.0 VALUSoft See the documentation Defwatch.exe
Scrabble 3.0 Atari See the documentation See the documentation
Star Trek StarFleet Command III 1.0 Activision See the documentation See the documentation


源代码网供稿.
网友评论 (0)
我也要写评论
会员中心
服务器类
本站推荐
服务器类之精华