Bad boy Warrior Posted April 5, 2005 Share Posted April 5, 2005 Guys i keep getting this ID showing on my Windows XP machine when logging onto my server with the newly released SP1:Event Type: Failure AuditEvent Source: SecurityEvent Category: Detailed Tracking Event ID: 861Date: 05/04/2005Time: 22:17:15User: Kill-Bill\Quentin TarantinoComputer: PulpFictionDescription:The Windows Firewall has detected an application listening for incoming traffic. Name: - Path: C:\WINDOWS\system32\mstsc.exe Process identifier: 4056 User account: Quentin TarantinoUser domain: Kill-Bill Service: No RPC server: No IP version: IPv4 IP protocol: UDP Port number: 1221 Allowed: No User notified: NoFor more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.that MS link is a waste of time as it never answers anything. I have configured Security Configuration Wizard to what i thought was right (unless you guys know why this occurs). I have also disabled the firewall on my server which only speeds up me connecting to the server (Ill get to that problem very soon)- Could you experts tell me whats going on here please and how to resolve? also i have done the following after reading this on MS websiteOpen Computer Configuration, open Administrative Templates, open Network, open Network Connections, open Windows Firewall, and then click Domain Profile and enabled "Allow local program exceptions" - that didnt do anythingThx as always to you guys Link to comment Share on other sites More sharing options...
valter Posted April 6, 2005 Share Posted April 6, 2005 check www.eventid.net Link to comment Share on other sites More sharing options...
Bad boy Warrior Posted April 6, 2005 Author Share Posted April 6, 2005 Thanks. Heres an odd one i turn off the firewall - same problem (turn off firewall on both server and client) disable firewall on server only - same problem disable firewall on client - problem resolved (this is with the firewall turned on the server) so how am i suppose to configure the firewall on the client if the only way to resolve it is to disable the service?thx Link to comment Share on other sites More sharing options...
valter Posted April 6, 2005 Share Posted April 6, 2005 Thanks. Heres an odd one i turn off the firewall - same problem (turn off firewall on both server and client) disable firewall on server only - same problem disable firewall on client - problem resolved (this is with the firewall turned on the server) so how am i suppose to configure the firewall on the client if the only way to resolve it is to disable the service?thx<{POST_SNAPBACK}>try configuring firewall using gpo Link to comment Share on other sites More sharing options...
jpatto Posted April 6, 2005 Share Posted April 6, 2005 I was going to say the same as Klasika as thats what i did with my problem (listed about Visual sourcesafe) Link to comment Share on other sites More sharing options...
Bad boy Warrior Posted April 7, 2005 Author Share Posted April 7, 2005 which GPO do i need to alter or set? and is this for the LOcal Group Policy? Link to comment Share on other sites More sharing options...
valter Posted April 7, 2005 Share Posted April 7, 2005 which GPO do i need to alter or set? and is this for the LOcal Group Policy?<{POST_SNAPBACK}>Open GPO on the OU u want to configure and navigate to COmputer Configuration/Administrative Templates/Network/Windows Firewall ... Link to comment Share on other sites More sharing options...
Bad boy Warrior Posted April 7, 2005 Author Share Posted April 7, 2005 ok i did that and have still some issues (same event id still logged in my client machine) ive set up the domain profile as in this picture - so what am i doing wrong? do i have enable something on the client machine?thx Link to comment Share on other sites More sharing options...
valter Posted April 7, 2005 Share Posted April 7, 2005 ok i did that and have still some issues (same event id still logged in my client machine) ive set up the domain profile as in this picture - so what am i doing wrong? do i have enable something on the client machine?thx<{POST_SNAPBACK}>Well you need to enable the very first option, otherwise firewall is not working ... and don't forget to update your gpo, open cmd and type gpupdate /force on both the server and the client ... Link to comment Share on other sites More sharing options...
Bad boy Warrior Posted April 7, 2005 Author Share Posted April 7, 2005 done that and i still have a few problems. So ill tell you one of them as i may be able to do the rest if i get this one right :angrym: When connect using RDP to my server i have this event written in my client event log:Event Type: Failure AuditEvent Source: SecurityEvent Category: Detailed Tracking Event ID: 861Date: 07/04/2005Time: 17:11:46User: Kill-Bill\Quentin TarantinoComputer: PulpFictionDescription:The Windows Firewall has detected an application listening for incoming traffic. Name: - Path: C:\WINDOWS\system32\mstsc.exe Process identifier: 2584 User account: Quentin TarantinoUser domain: Kill-Bill Service: No RPC server: No IP version: IPv4 IP protocol: UDP Port number: 2149 Allowed: No User notified: NoNow this as it says is caused by the FW so im assuming that i need to add C:\WINDOWS\system32\mstsc.exe to a safe list under these GPOs and my guess is Windows Firewall: Define Program Exceptions - so if i add C:\WINDOWS\system32\mstsc.exe to that GP shoudl it be put on both (client and server) and shoudl it be under the DOMAIN PROFILE only? or the Standard profile too?Thanks Link to comment Share on other sites More sharing options...
valter Posted April 7, 2005 Share Posted April 7, 2005 Try to disable autdit on that file ... Link to comment Share on other sites More sharing options...
Bad boy Warrior Posted April 8, 2005 Author Share Posted April 8, 2005 Try to disable autdit on that file ...sorry could you explain that a bit more as i dont know what autdit is and the file your referring to.thx Link to comment Share on other sites More sharing options...
valter Posted April 10, 2005 Share Posted April 10, 2005 In your event you have failure audit on the file C:\WINDOWS\system32\mstsc.exe so right click on the file, Properties, Security, Advanced and the Audit and remove the audit for the file Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now