Fax Software

Community Forums

  • This topic is empty.
Viewing 1 post (of 1 total)
  • Author
    Posts
  • #4161
    Administrator
    Keymaster

    Situation:
    After you install the Windows® XP Service Pack 2 (SP2), WinFax Fax Sharing no longer functions. When you start the WinFax Message Manager, you see an error message that is similar to “WinFax PRO cannot connect to Host, RPC server not available.”

    Solution:
    This problem is caused by the new security features that are added by SP2.

    Note: Service Pack 2 increases the security of your computer by adding new security features and by blocking specific functions. The following procedure reverses some of the SP2 changes by unblocking some of the blocked functions. For some types of computer attacks, the procedure increases your computer’s vulnerability to pre-SP2 levels. For more information, read the Technical Information section in this document.

    Reconfiguring Windows XP security settings
    To enable Fax Sharing, perform the following steps at the host computer, and then repeat sections 1-4 at the client computer. Do all of the sections in the order given.

    Section 1: To ensure that the Windows Firewall is enabled
    1 At the host computer, log on as a user with Administrative privileges. If you already performed sections 1-7 at the host computer, logon at the client computer instead.
    2 From the Start menu, click Settings > Control Panel.
    3 If using the Classic View, double-click Windows Firewall. Otherwise, click Security Center and then, in the “Manage security settings for:” section, click Windows Firewall.
    4 Select On (recommended).

    Section 2: To add the WinFax Controller program to the Windows Firewall Exceptions list.
    1 On the Exceptions tab, click Add Program.
    2 Select Controller. The “Path:” box displays a path that ends in Wfxctl32.exe.
    3 If the host and client are on the same network (subnet), click Change scope and select My network (subnet) only.
    4 Click OK, and then click OK again.
    5 In the Programs and Services list, ensure that the box next to Controller is selected.
    6 Click OK, and close the Windows Control Panel.

    Section 3: To enable Remote Administration traffic through the Firewall by enabling RPC and DCOM
    1.From the Start menu, select All Programs > Accessories > Command Prompt.
    2.Type netsh
    3.Type firewall
    4. If the host and client are on the same subnet, type:
    set service REMOTEADMIN ENABLE SUBNET

    otherwise, type:
    set service REMOTEADMIN ENABLE ALL

    5.Type show service and verify that Remote Administration is enabled.
    6.Type exit and then type exit again.

    Section 4: To enable machine wide, remote access to COM for Anonymous Logon users
    1.From the Start menu, click Settings > Control Panel.
    2.If using the Classic View, double-click Administrative Tools. Otherwise, click Performance and Maintenance, and then double-click Administrative Tools.
    3.Double-click Component Services.
    4.From the Console Root, open Component Services > Computers > My Computer.
    5.If you see a Security Alert dialog box, click Unblock.
    6.Right-click My Computer, and click Properties.
    7.In the My Computer Properties dialog box, on the COM Security tab, in the Access Permissions group, click Edit Limits.
    8.In the Access Permission dialog box, choose ANONYMOUS LOGON, and select Allow on the Remote Access entry.
    9.Click OK, and then click OK again.
    10.Close the Component Services window and the Administrative Tools window.
    11. If you are performing these steps at the host computer, continue with section 5. Otherwise, go to section 7.

    Section 5: To enable Anonymous Logon users to have machine wide, remote activation access to COM
    1.From the Start menu, click Settings > Control Panel.
    2.If using the Classic View, double-click Administrative Tools. Otherwise, click Performance and Maintenance and then double-click Administrative Tools.
    3.Double-click Component Services.
    4.From the Console Root, open Component Services > Computers > My Computer.
    5.Right-click My Computer, and click Properties. This step opens the My Computer Properties dialog box.
    6.Click the COM Security tab.
    7.In the Launch and Activation Permissions group, select Edit Limits.
    8.In the Launch Permission dialog box, click Add, type ANONYMOUS LOGON and click OK.
    9.Select ANONYMOUS LOGON, and select Allow on the “Remote Activation” entry. All other boxes should be deselected.
    10.Click OK, and then click OK again.
    11.Close the Component Services window and the Administrative Tools window.
    12. Restart the computer.

    Section 6: To enable Anonymous Logon users to have remote activation access to the WinFax.Attachment DCOM component
    1.From the Start menu, click Settings > Control Panel.
    2.If using the Classic View, double-click Administrative Tools. Otherwise, click Performance and Maintenance, and then double-click Administrative Tools.
    3.Double-click Component Services.
    4.From the Console Root, open Component Services > Computers > My Computer > DCOM Config.
    5.From the menu, click View > Detail.
    6.From the DCOM Config list, right-click WinFax.Attachment, and click Properties.
    7.On the Security tab, in the Launch and Activation Permissions group, select Customize, and click Edit.
    8.Click Add, type ANONYMOUS LOGON and click OK.
    9.Choose ANONYMOUS LOGON, and select Allow on the Remote Activation entry. All other boxes should be deselected.
    10.Click OK, and then click OK again.
    11.Close the Component Services window and the Administrative Tools window.

    Section 7: Apply the changes
    Restart the computer.

    If you are performing these steps at the host computer, repeat sections 1-4 at the client computer. Otherwise, stop here. You have completed all the steps. Fax Sharing should now work between the client and host.

    Technical Information:
    Explanation of specific SP2 changes and their effect on WinFax Fax Sharing
    The Fax Sharing client cannot connect to the host because the SP2 installation turns on Network Protection Technologies, which prevent the client and host from communicating with each other. To solve this problem, the procedure in this document configures those technologies to permit WinFax communications. The procedure adds WinFax to the Windows Firewall Exceptions list of “Programs and services,” configures the firewall to permit ICMP echo requests, and configures the firewall to permit remote administration.

    SP2 also changes Windows DCOM. These changes prevent a program on a remote computer from communicating with the same program on a local computer unless the communication uses an authentication protocol. WinFax does not use an authentication protocol. To solve this problem, the procedure in this document disables the DCOM changes that cause this problem.

    For a detailed explanation of how the SP2 changes affect your computer’s security, go to the Security Enhancements in Microsoft Windows XP Service Pack 2, article number 832490 Web page.

    References: Rpcserver errors
    If you see error messages about rpcserver after you make the above changes, read the document Error: “Setup cannot connect to WinFax . . . cannot access (or locate) the RPCSERVER” in WinFax PRO 10.0.

Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.