Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#344095 - 07/04/2011 16:18 Windows file and printer sharing only works if firewall turned off?
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
I've narrowed down a problem that bugs me at regular intervals when setting up new test systems here at work, and I'd like to know if anyone else has seen this, and if they know how to solve this?

- Install the Windows Vista or Windows 7 operating system fresh, on a new PC or a new virtual machine. (The "target" machine.)

- Network type is "Work Network", i.e., it is a private network.

- Go into "Network and Sharing Center"

- Enable the following things in Network and Sharing center's advanced features that are normally turned off by default: "Network Discovery", "File and Printer Sharing".

- Note, by looking at the Windows Firewall settings, that the firewall has automatically added the exceptions for these two features in Windows Firewall. (There are now exceptions for "Network Discovery" and "File and Printer Sharing" activated in Windows Firewall.)

- From a different PC, note that I can ping the target computer (ping computername) successfully and that the DNS IP address that comes up in the ping results is correct. So Network Discovery is working.

- Attempt to connect to one of the computers' file shares by doing Start, Run, "\\computername" from a different PC.

- The attempt to connect to the file share fails with an unknown error. There is an extremely long pause before the failure box appears, at least 60-90 seconds.

- Turn off firewall completely on the target machine (instead of just relying on the firewall exceptions mentioned above) and try again.

- The attempt to connect to the file share succeeds, and does so instantly.


Why is it that, when I've gone into the correct Windows setting screen to enable file sharing, and the results are clearly visible in the Firewall screen, that it fails like that? What's going wrong here? What little secret setting have I not enabled on the target machine?
_________________________
Tony Fabris

Top
#344096 - 07/04/2011 16:37 Re: Windows file and printer sharing only works if firewall turned off? [Re: tfabris]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
Also tried going into "Windows Firewall with Advanced Security" and, under both "Inbound Rules" and "Outbound Rules", enabled all rules starting with the name "File and Printer Sharing" to be "Allow". Many of them were already enabled, but for things like Private Networks they were disabled. So I just enabled everything that starts with "File and Printer Sharing".

Still no joy.
_________________________
Tony Fabris

Top
#344097 - 07/04/2011 17:19 Re: Windows file and printer sharing only works if firewall turned off? [Re: tfabris]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
Found it.

Have to "add port" for TCP port 139 into firewall exceptions.

After adding TCP 139, can instantly connect to file shares on that computer.

Why is port 139 not already included in the existing pre-defined exception for "File and Printer Sharing"?
_________________________
Tony Fabris

Top
#344098 - 07/04/2011 17:36 Re: Windows file and printer sharing only works if firewall turned off? [Re: tfabris]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
Complete details for all the OS's I'm worried about:

- (XP) Open a folder. Tools, Folder Options. "View" tab. Advanced Settings. Scroll to bottom. Deactivate "Use Simple File Sharing".
- (XP) FIREWALL.CPL: enable the exception for File and Printer Sharing.
- (XP) FIREWALL.CPL: Edit the exception for File and Printer sharing and CHANGE SCOPE for each of the ports to be "any computer".
- (Vista+) Network and Sharing Center: Enable Network Discovery and File Sharing
- (Vista) FIREWALL.CPL: ADD PORT for port 139 TCP.
- (Win7) WF.MSC: add an INBOUND RULE to allow port 139 TCP.


Edited by tfabris (08/04/2011 17:02)
Edit Reason: Updated list to include the bit about turning off simple file sharing.
_________________________
Tony Fabris

Top
#344099 - 07/04/2011 17:41 Re: Windows file and printer sharing only works if firewall turned off? [Re: tfabris]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
Originally Posted By: tfabris
Why is port 139 not already included in the existing pre-defined exception for "File and Printer Sharing"?

Because Windows is crap.
_________________________
Bitt Faulk

Top
#344104 - 07/04/2011 19:26 Re: Windows file and printer sharing only works if firewall turned off? [Re: wfaulk]
siberia37
old hand

Registered: 09/01/2002
Posts: 702
Loc: Tacoma,WA
I wonder if it has to do with the machine name being resolved by broadcast. Have you tried connecting to the share directly by IP Address just for fun? e.g. \\192.168.1.1\c$

Officially I think resolving by broadcast is considered kind of deprecated you are suppoed to use either FQDN or IP addresses to do file sharing now.

Top
#344107 - 07/04/2011 22:27 Re: Windows file and printer sharing only works if firewall turned off? [Re: wfaulk]
andym
carpal tunnel

Registered: 17/01/2002
Posts: 3996
Loc: Manchester UK
Originally Posted By: wfaulk
Originally Posted By: tfabris
Why is port 139 not already included in the existing pre-defined exception for "File and Printer Sharing"?

Because Windows is crap.

I was going to post something about failing on the first task by installing Windows, but you kind of beat me to it.
_________________________
Cheers,

Andy M

Top
#344110 - 08/04/2011 01:32 Re: Windows file and printer sharing only works if firewall turned off? [Re: tfabris]
gbeer
carpal tunnel

Registered: 17/12/2000
Posts: 2665
Loc: Manteca, California
You Da Man!

I was struggling with this just an hour ago.
_________________________
Glenn

Top
#344112 - 08/04/2011 04:19 Re: Windows file and printer sharing only works if firewall turned off? [Re: tfabris]
BartDG
carpal tunnel

Registered: 20/05/2001
Posts: 2616
Loc: Bruges, Belgium
Thanks a lot for this 'complete details' post Tony! I've been struggling with this in the past as well!
_________________________
Riocar 80gig S/N : 010101580 red
Riocar 80gig (010102106) - backup

Top
#344115 - 08/04/2011 11:43 Re: Windows file and printer sharing only works if firewall turned off? [Re: BartDG]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
Isn't there an option when joining a network for the first time whether its setup as a public network i.e. no file sharing or your home/work network which does allow file sharing?

Top
#344116 - 08/04/2011 13:09 Re: Windows file and printer sharing only works if firewall turned off? [Re: andym]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
Originally Posted By: andym
I was going to post something about failing on the first task by installing Windows, but you kind of beat me to it.

I dealt with something similar to this problem a few years ago. By default, Windows turns on the firewall. The firewall prevents any sort of remote administration, even when joined to a domain. I finally put in a domain policy to disable the firewall when connected directly to the domain, but, really, Windows? I knew you were supposed to be "zero administration", but I didn't realize that that was an enforced policy.
_________________________
Bitt Faulk

Top
#344120 - 08/04/2011 17:06 Re: Windows file and printer sharing only works if firewall turned off? [Re: tman]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
Originally Posted By: tman
Isn't there an option when joining a network for the first time whether its setup as a public network i.e. no file sharing or your home/work network which does allow file sharing?


All that prompt does is define whether or not the network is private or public. It doesn't actively go in and add file sharing on private networks. You still have to do that separately. At least in my experience.

... AND it still needs me to add port 139 to the firewall or it doesn't work. Again, at least in my experience.

I've also updated my list above to include the thing on XP where you have to turn off simple file sharing before you can go browsing \\computername\c$ via its administrator password.
_________________________
Tony Fabris

Top
#344175 - 12/04/2011 08:57 Re: Windows file and printer sharing only works if firewall turned off? [Re: wfaulk]
frog51
pooh-bah

Registered: 09/08/2000
Posts: 2091
Loc: Edinburgh, Scotland
Originally Posted By: wfaulk
Originally Posted By: tfabris
Why is port 139 not already included in the existing pre-defined exception for "File and Printer Sharing"?

Because Windows is crap.


This!

You should always assume it will want some or all of the following:

135 RPC
137 NetBIOS
138 NetBIOS
139 NetBIOS
445 SMB

As well as various others - see http://support.microsoft.com/kb/832017
_________________________
Rory
MkIIa, blue lit buttons, memory upgrade, 1Tb in Subaru Forester STi
MkII, 240Gb in Mark Lord dock
MkII, 80Gb SSD in dock

Top