Powershell – Find Windows Firewall Rule by Port & Modify

Posted on March 3, 2020 by Nick






A little script I wrote to standardize a bunch of manually created Windows Firewall rules on hosts, with a variety of Display Names. Also added the ability to configure specific parameters, and insert Remote Site / Address to the newly renamed / created rule:

# Set up the variables
$Port = "9000"
$DisplayName = "ServiceName Inbound - $Port"
$Description = "Allow inbound traffic from whitelisted IPs on $Port"
$Whitelist = @("10.0.0.1", "8.8.8.8") 

# Pull a list of all firewall rules
$Rules=(New-object -ComObject HNetCfg.FWPolicy2).rules

# Filter down to the ones that contain LocalPorts=$Port
$RuleFound = $Rules | Where-Object {$_.LocalPorts -eq $Port}

# Pull the name of the rule(s) from the array
if ($RuleFound -eq $null)
        {
        # There is no rule matching, so we need to create one
        New-NetFirewallRule -Direction Inbound -LocalPort $Port -Protocol TCP -RemoteAddress $Whitelist -Action Allow -Profile Domain -DisplayName "$DisplayName" -Description "$Description" 
        }

else
    {
    foreach ($rule in $RuleFound)
        {
        $RuleName = $Rule.Name
        # There was a matching rule, let's amend & rename both the rule Name & DisplayName
        Set-NetFirewallRule -DisplayName "$RuleName" -Direction Inbound -LocalPort $Port -Protocol TCP -RemoteAddress $Whitelist -Action Allow -Profile Domain -Description "$Description" -NewDisplayName "$Displayname" 
        }
    }

 

Posted in Uncategorized | Leave a comment

No Server GUI – Avaya IP Office ACCS Ignition

Posted on February 24, 2017 by Nick

We encountered a problem on the Ignition Wizard install of two Avaya IP Office ACCS Contact Centres, whereby after rebooting we could no longer see the Desktop after login, only receiving a black screen. Ctrl-Alt-Delete worked and we could run Task Manager OK, but not spawn Explorer. This happened to two separate 2012 R2 servers, at the same point in the installation process.

When you attempted to RDP to the servers and logon with the Domain admin account there are some errors raised in the Windows Application logs. In particular Event ID 18214

The machine-default access security descriptor for the COM Server application C:\Windows\System32\rdpclip.exe with APPID Unavailable is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool

This error message led me to start looking into DCOM permissions on the server. Below is where I found the modified permission, and the steps to fix it without explorer.exe:

  • CTRL+ALT+END to invoke Taskmanager
  • File > Run New Task
  • Browse to: C:\Windows\System32\dcomcnfg.exe & execute
  • Expand ‘Component Services’
  • Expand ‘Computers’
  • Right-Click ‘My Computer’ & select ‘Properties’
  • Select ‘COM Security’ tab
  • Under ‘Access Permissions’, select ‘Edit Default’
  • Change ‘SYSTEM’ object to remove ‘Remote Access’. Hit “OK”
  • From task manager, Start > Run > shutdown /r
  • Server reboots & GUI is restored

 





Posted in Uncategorized | 1 Comment

WSUS Connection Error

Posted on November 8, 2016 by Nick

Went to administer WSUS today, and my MMC window prompted this:

Update Services: Error: Connection Error An error occurred trying to connect the WSUS server. This error can happen for a number of reasons. Check connectivity with the server. Please contact your network administrator if the problem persists. Click Reset Server Node to try to connect to the server again.

Strange. Started investigating and found the following

  • Server was up and connecting via RDP / RPC
  • IIS was up
  • Windows Internal Database & WSUS Service both up
  • Server connecting via telnet on port 8530
  • Local admin of the WSUS console via MMC failed with the same error message

Found errors in the event log:

clientwebThe WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists, Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\. System.NullReferenceException -- Object reference not set to an instance of an object. Source Microsoft.UpdateServices.UI.SnapIn Stack Trace: at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ResetScopeNode() Update Services failed its initialization and stopped.

Ran a “wsutil checkhealth”:

wsusutil checkhealth

Which led me to this error:

WebHost failed to process a request. Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/40282060 Exception: System.ServiceModel.ServiceActivationException: The service '/ClientWebService/client.asmx' cannot be activated due to an exception during compilation. The exception message is: This collection already contains an address with scheme http. There can be at most one address per scheme in this collection. If your service is being hosted in IIS you can fix the problem by setting 'system.serviceModel/serviceHostingEnvironment/multipleSiteBindingsEnabled' to true or specifying 'system.serviceModel/serviceHostingEnvironment/baseAddressPrefixFilters'. Parameter name: item. ---> System.ArgumentException: This collection already contains an address with scheme http. There can be at most one address per scheme in this collection. If your service is being hosted in IIS you can fix the problem by setting 'system.serviceModel/serviceHostingEnvironment/multipleSiteBindingsEnabled' to true or specifying 'system.serviceModel/serviceHostingEnvironment/baseAddressPrefixFilters'. Parameter name: item at System.ServiceModel.UriSchemeKeyedCollection.InsertItem(Int32 index, Uri item) at System.Collections.Generic.SynchronizedCollection`1.Add(T item) at System.ServiceModel.UriSchemeKeyedCollection..ctor(Uri[] addresses) at System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses) at System.ServiceModel.Activation.ServiceHostFactory.CreateServiceHost(Type serviceType, Uri[] baseAddresses) at System.ServiceModel.Activation.ServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses) at System.ServiceModel.ServiceHostingEnvironment.HostingManager.CreateService(String normalizedVirtualPath, EventTraceActivity eventTraceActivity) at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(ServiceActivationInfo serviceActivationInfo, EventTraceActivity eventTraceActivity) at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath, EventTraceActivity eventTraceActivity) --- End of inner exception stack trace --- at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath, EventTraceActivity eventTraceActivity) at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath, EventTraceActivity eventTraceActivity) Process Name: w3wp Process ID: 2536

So I went off to C:\Program Files\Update Services\WebServices\ClientWebService\ to edit the web.config file. Had to take ownership of the file to enable me to make a change, and added the required flag at the appropriate level:

<serviceHostingEnvironment aspNetCompatibilityEnabled=”true”  multipleSiteBindingsEnabled=”true”/>

Restarted the server and everything started working again

 

Posted in Uncategorized | 1 Comment

Forums Online

Posted on September 20, 2015 by Nick

Mucking around with some forum software, and have made a forum available at http://forum.stott.asia

You need to register to post, which will probably put most people off posting – The alternative is a forum full of Indonesian viagra spam, which the internet already has enough of.

You can post threads and request assistance with anything you come across here, or any other server issues which you would like to discuss.

Posted in Uncategorized | Leave a comment