How to configure firwall to allow RPC

0

I am trying to change IIS App Pool Identity (user) remotely using C# and getting an error

System.Runtime.InteropServices.COMException (0x800706BA): The RPC server is unavailable.

I am able to do it properly if I allow all RPC dynamic port (in the range of 49152 to 65535) from firewall for all services on a remote machine. I just want to know the exact service or process name used by the remote system to complete the process so that I can allow the ports for that service only.

public static bool ChangeAppPoolUser(string ip, string machineName, string username, string password, string applicationPoolName)
{          
    try
    {
        var metabasePath = "IIS://" + ip + "/W3SVC/AppPools";
        // Get list of appPools at specified metabasePath location 
        using (DirectoryEntry appPools = new DirectoryEntry(metabasePath, username, password))
        {
            if(appPools==null)
            {
                Helper.PrepareDebugLog("appPools is null");
            }
            Helper.PrepareDebugLog("metabasePath:" + metabasePath + " username:" + username + " password:" + password);

            // From the list of appPools, Search and get the appPool  
            using (DirectoryEntry AppPool = appPools.Children.Find(applicationPoolName, "IIsApplicationPool"))
            {
                Helper.PrepareDebugLog("in");

                if (AppPool != null)
                {                            
                    AppPool.InvokeSet("AppPoolIdentityType", new Object[] { 3 });

                    // Configure username for the AppPool with above specified username                     

                    AppPool.InvokeSet("WAMUserName", new Object[] { Environment.UserDomainName + "\\" + Environment.UserName });

                    // Configure password for the AppPool with above specified password                       
                    AppPool.InvokeSet("WAMUserPass", new Object[] { CommonProgramVariables.localPassword });

                    // Write above settings to IIS metabase 
                    AppPool.Invoke("SetInfo", null);

                    // Commit the above configuration changes that are written to metabase 
                    AppPool.CommitChanges();
                    return true;
                }
            }
        }
    }
    catch (Exception e)
    {
        Helper.PrepareLogWithTimstamp("EXCEPTION WHILE CHNAGE USER: Parameter USED machineName:" + machineName + " username:" + username + " password:" + password + " applicationPoolName:" + applicationPoolName + " LocalPassword:" + CommonProgramVariables.localPassword + " Local User:" + Environment.UserDomainName + "\\" + Environment.UserName);
        Helper.PrepareLog("EXCEPTION:", e);
    }
    return false;
}

Expected: AppPool User should be changed for remote machine AppPool.

Actual result:

System.Runtime.InteropServices.COMException (0x800706BA): The RPC server is unavailable.

c#
iis
rpc
windows-firewall
asked on Stack Overflow Jul 28, 2019 by Girjesh Kumar Vishwakarma • edited Jul 28, 2019 by Alex

1 Answer

0

The error The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) can occur if RPC / WMI connections are blocked on the target machine due to Firewall restrictions or you entered incorrect hostname / IP address of the target machine.

To resolve this error you could follow the below steps:

1)Open Control Panel, click Security and then click Windows Firewall.

2)Click Change Settings and then click the Exceptions tab.

3)In the Exceptions window, select the check box for Windows Management Instrumentation (WMI) to enable WMI traffic through the firewall. enter image description here

answered on Stack Overflow Jul 30, 2019 by Jalpa Panchal

User contributions licensed under CC BY-SA 3.0