Thursday 4 September 2008

Server Core and the NetSH command - Error: Only the enable parameter can be used to update rules specified by a group

We just finished doing some updates to the Server Core - From Scratch to Hyper-V Production posts because some of the steps were not working as expected.

The critical hit was this command: netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=domain [Enter]

We could not get port 3389 opened on the domain no matter how hard we tried.

The error:

Only the enable parameter can be used to update rules specified by a group.
Yikes! And try to search for that one folks. :(

But, this KB article says we should do the above: KB 947709: How to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista.

MS KB 947709

After no amount of struggling to figure it out, including asking other specialists, we finally hit upon the answer via another blog: Ask the Directory Services Team: How to Enable Remote Administration of Server Core via MMC using NETSH in the comments thread.

Philip asked! ;)

Thank you very much to Ned on the Ask blog for promptly replying and helping us to see the light! :)

Essentially, we got straightened out as far as the syntax of the NetSH command on Server Core to allow only certain protocols inbound when connected to the domain.

This is how the above command should read: netsh advfirewall firewall set rule name="remote desktop (tcp-in)" new enable=Yes profile=domain [Enter]

Some NetSH links:

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

1 comment:

Anonymous said...

It would have been especially nice if Ned Pyle could have updated the KB "ASAP" as he said he would over two years ago. Not surprising though. Frankly, the error is rather self explanatory... but intuitively it seems like something you should be able to do!