This article refers to the Barracuda ArchiveOne and Microsoft Windows Server 2008 and higher.
Windows Server 2008 introduced an improved version of the Windows Firewall as enabled and running by default. As part of that default configuration, DCOM connections to a Windows 2008 server are blocked. However, there are various scenarios where it would be advantageous to allow DCOM connections to that server, for example, Quick Link Client or ArchiveOne Admin console.
Step 1. Apply the Default Firewall Rule
Use the steps outlined in the Microsoft TechNet article Event ID 10006 - COM Remote Service Availability to apply the default firewall rule COM+ Network Access (DCOM In) to permit DCOM connections on TCP port 135.
Step 2. Configure RPC
Use the steps outlined in the Microsoft TechNet article How to configure RPC dynamic port allocation to work with firewalls to allow DCOM connections to the Server.
This limits the range of ports you need to open on the Windows Firewall. If you do not assign a static port, you must create a firewall rule permitting the entire dynamic range of ports:
- On the Archive server, open the Windows Firewall application from the Control Panel.
- Click Advanced Settings in the left pane.
- Right-click the Inbound Rules node, and click New Rule.
- The New Inbound Rule wizard opens. On the Rule Type page, select Custom, and then click Next.
- On the Program page, select All Programs, and click Next.
- On the Protocol and Ports page:
- Select TCP from the Protocol Type drop-down menu.
- Select RPC Dynamic Ports from the Local Port drop-down menu.
- Select Specific Ports from the Remote Port drop-down menu, and enter 1024-65535 in the associated field.
- Click Next.
- On the Scope page:
- Under Which local IP addresses does this rule apply to, select Any IP Address.
- Under Which remote IP addresses does this rule apply to?, select Any IP Address to allow all remote connections, or select These IP addresses and enter the specific IP address(es).
- On the Action plan, select Allow the connection, and click Next.
- On the Profile page, select only the Domain option, and then click Next.
- On the Name page, enter a name to identify the rule, for example, ArchiveOne incoming DCOM connections.
- Click Finish.
- Verify the rule is enabled.