Some programs seem to stop working after you install Windows XP Service Pack 2
适用于SUMMARY
After you install Microsoft Windows XP Service Pack 2 (SP2), some programs may seem not to work. By default, Windows Firewall is enabled and blocks unsolicited connections to your computer. This article discusses how to make an exception and enable a program to run by adding it to the list of exceptions. This procedure permits the program to work as it did before the service pack was installed.
INTRODUCTION
To help provide security for your Windows XP SP2-based computer, Windows Firewall blocks unsolicited connections to your computer. However, sometimes you might want to make an exception and permit someone to connect to your computer. For example, the following scenarios describe occasions when you might want someone to be able to connect to your computer:- You are playing a multiplayer game over the Internet.
- You are expecting to receive a file that is sent through an instant message program.
- An FTP client
- Multimedia streaming software
- New mail notifications in some e-mail programs
- A Web server such as Internet Information Services (IIS)
- Remote Desktop
- File Sharing
Windows Firewall Security Alert
Sometimes, when Windows Firewall blocks a program, a Windows Firewall Security Alert dialog box appears. The dialog box includes the following information:The message displays the name of the program and the name of the publisher of the program. This dialog box has 3 options:
- Unblock the program
- Keep blocking this program
- Keep blocking this program, but ask me again later
Back to the top
Enabling programs
To work correctly, some programs and games must receive information over the network. The information enters your computer through an inbound port. For Windows Firewall to permit this information to enter, the correct inbound port must be open on your computer. To enable a program to communicate like it did before Windows XP SP2 was installed, and to enable programs that you want to run, use one of the following methods.Enable programs by using the Security Alert dialog box
- In the Security Alert dialog box, click Unblock this program.
- Click OK.
Enable programs by using Windows Firewall
If you do not click Unblock the program in the Security Alert dialog box, the program continues to be blocked. To enable a program by using Windows Firewall, follow these steps:- Click Start, click Run, type wscui.cpl in the Open box, and then click OK.
- Click Windows Firewall.
- In the Windows Firewall dialog box, click the Exceptions tab, and then click Add Program.
- In the Add a Program dialog box, either select the program from the list that appears, or click Browse to locate your program.
If you cannot locate your program, see the next section. - After you select your program, click OK.
- On the Exceptions tab, make sure that the check box next to your program is selected, and then click OK.
Note If you later decide that you do not want the program to be an exception, clear this check box.
- You do not have to know a specific port number. (By contrast, when you want to open a port, you have to know the number of the port that is used by the program. This is described later.)
- The port that is used by the program that is on the list of exceptions will be open only when the program is waiting to receive a connection.
Identifying and opening ports
If your program still does not seem to work after you add the program to the list of exceptions, or if you cannot locate the program in step 4 of the previous section, you can open a port manually. Before you can add a port or ports manually, you have to identify the ports that are used by the program. A reliable method for identifying the ports that are used by the program is to contact the vendor. If you cannot do this, or if a list of ports that are used by the program is not available, you can use Netstat.exe to identify the ports that are used by the program.Identify ports by using Netstat.exe
To use Netstate.exe to identify the ports that are used by a program, follow these steps:- Start the program in question and try to use its network features. For a multimedia program, try to start an audio stream. For a Web server, start the service.
- Click Start, click Run, type cmd in the Open box, and then click OK.
- Obtain a list of all listening ports. To do this, type the following at a command prompt, and then press ENTER:
netstat –ano > netstat.txt
- Obtain the process identifiers for the processes that are running. Type the following command at the command prompt, and then press ENTER:
tasklist > tasklist.txt
Note If the program in question is running as a service, add the /svc switch to list the services that are loaded in each process:tasklist /svc > tasklist.txt
- Open Tasklist.txt and locate the program that you are troubleshooting. Note the process identifier for the process.
- Open Netstat.txt and note any entries that are associated with that process identifier. Also note the protocol that is used (TCP or UDP).
- If the process uses more than 1024 ports, the number of ports probably will not change.
- If the process uses less than 1024 ports, the program may be using a range of ports. Therefore, opening individual ports may not reliably resolve the issue.
Open ports manually by using Windows Firewall
If you cannot identify the ports that are used by the program, you can open a port manually. To identify the specific port number to open, contact the product vendor or see the product user documentation. After you identify the port number that you want to open, follow these steps:- Click Start, click Run, type wscui.cpl in the Open box, and then click OK.
- Click Windows Firewall.
- On the Exceptions tab, click Add Port.
- In the Add a Port dialog box, type the number of the port that you want to open in the Port number box, and then click either TCP or UDP.
- Type a name for the port, and then click OK. For example, type GamePort.
- To view or set the scope for the port exception, click Change Scope, and then click OK.
- On the Exceptions tab, notice that the new service is listed. To enable the port, click to select the check box next to the service, and then click OK
875357 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2
Back to the topPrograms that may require you to open ports manually
The following lists the programs and games that may require you to open the port or ports manually so that the programs can work correctly.Programs
Program | Vendor | Ports | Default exception | Notes |
---|---|---|---|---|
Visual Studio .NET | Microsoft | See the documentation | See the documentation | Needed only for Remote DCOM debugging |
SQL | Microsoft | Dynamically assigned ports for RPC and DCOM | Needed only for remote debugging | |
Backup Exec 9 | Veritas | 10000 | C:/Program Files/Veritas/Backup Exec/RANT32/beremote.exe | Needed only to back up a client from a server |
Ghost Server Corporate Edition 7.5 | Symantec | 139-TCP-NetBIOS Session Service; 445-TCP-SMB over TCP; 137-UDP-NetBIOS Name Service; 138-UDP-NetBIOS Datagram Service | See the documentation | Needed to push down a ghost client |
Symantec AntiVirus Corporate Edition 8.0 | Symantec | File and Printer Sharing | Checking the “Allow file and printer sharing” check box opens these ports: UDP 137, 138; TCP 139, 445. | Needed to install client |
SMS 2003 Server | Microsoft | Enable File and Printer Sharing ports | See the documentation | Needed to view Windows XP SP2 Client Event Viewer |
Cute FTP 5.0 XP | GlobalSCAPE | 21 or FTP server | See the documentation | Needed to FTP in to a Windows XP SP2-based computer |
Exceed 7.0, 8.0 | Hummingbird | 21 or FTP server | See the documentation | Needed so that FTP for Windows Explorer can connect to remote computers |
KEA! 340 5.1 | Attachmate | 23 or 'Telnet server' | See the documentation | Needed to establish Telnet session to remote host |
WRQ Reflection X 10 and 11 | WRQ | 23 or 'Telnet server' | See the documentation | Needed to establish Telnet session to remote host |
Reflection for IBM 9, 9.03, 10 and Reflection X 10 and 11 | WRQ | 21 or FTP server | See the documentation | Needed so that FTP client can connect to remote computers |
Smarterm Office 10 and Smarterm 11 | Esker Software | 23 or 'Telnet server' | See the documentation | Needed to establish Telnet session to remote host |
Smarterm Office 10 and Smarterm 11 | Esker Software | 21 or FTP server | See the documentation | Needed so that the FTP tool can connect to remote computers |
ViewNow 1.05 | Netmanage | FTP server or 21 | See the documentation | Needed so that FTP tool can connect to remote computers |
ViewNow 1.0 and 1.05 | Netmanage | 6000 (TCP/IP) and 177 (UDP) | See the documentation | Needed to establish X-Windows Sessions |
ViewNow 1 or 1.05 | Netmanage | Telnet Server or 23 | See the documentation | Needed to establish Telnet session to remote host |
Microsoft Operations Manager 2000 SP1 | Microsoft | Enable ICMP echo request, File and Printer Sharing and UDP | See the documentation | Needed to push MOM Agent onto a Windows XP SP2-based client that has Windows Firewall enabled |
AutoCAD 2000, 2002, 2004 | Autodesk | 21 | See the documentation | Needed to browse projects using FTP viewer (File Open dialog) when remote FTP host has Windows Firewall enabled. |
Backup Exec 9.1.4691 | Veritas | See the documentation | %Program Files%/Veritas/Backup Exec/RANT/beremote.exe | Needed to back up Windows XP SP2-based client |
Windows Scanner and Camera Wizard | Xerox Network Scanners | 21 | See the documentation | Needed so that the Scanner and Camera Wizard starts and the scanned images are available for the user to access. |
Symantec Corporate AntiVirus 9.0 | Symantec | See the documentation | See the documentation | Needed so that while pushing anti virus Definition to clients, the client computer will accept the updates and can be scanned. |
ColdFusion MX Server Edition 6 | Macromedia | TCP (by default, 8500) | See the documentation | Needed to allow remote access as Web server |
CA ARCserve | Computer Associates | 137-UDP-NetBIOS Name Service; 138-UDP-NetBIOS Datagram Service; 139-TCP-NetBIOS Session Service; 704-UDP; 1478-UDP-MS-sna-base; 1900-UDP-SSDP; 6050-TCP-ARCserve Service; 6051-TCP-ARCserve Service | See the documentation | Needed for remote installs, licensing, and client communications |
EDM File System Agent 4.0 | EMC | 3895 | See the documentation | Needed to install EDM client from server to Windows XP SP2 |
Microsoft Systems Management Server 2003 | Microsoft | TCP:2701 | %WINDIR%/System32/CCM/CLICOMP/RemCtrl/Wuser32.exe | Needed so that Remote Tool can remote control a Windows XP SP2-based client computer |
Aelita ERdisk for Active Directory 6.7 | Quest Software | See the documentation | File and Printer Sharing | Needed to contact a remote computer |
Hummingbird Host Explorer 8 | Hummingbird | 23 TCP and 21 TCP | See the documentation | Needed to Telnet in to a Windows XP SP2-based client |
BV-Admin Mobile | Bind View | See the documentation | File and Printer Sharing | Needed to contact a remote computer |
SQL 2000a | Microsoft | 1433 and 1434 | See the documentation | Needed to connect to remote computer |
Backup Exec 8.6.1 | Needed so that the server can push remote agent to a Windows XP SP2-based client | |||
Microsoft SNA 4.0 SP3 | Microsoft | See documentation | File and Printer Sharing | Needed to see a Windows XP SP2-based client |
Extra! Personal Client 6.5 and 6.7 | Attachmate | Telnet Server or port 23 | See the documentation | Needed to establish Telnet session to remote host |
Extra! Enterprise 2000 | Attachmate | Telnet Server or port 23 | See the documentation | Needed to establish Telnet session to remote host |
Extra! Bundle for TCP/IP 6.6 | Attachmate | Telnet Server or port 23 | See the documentation | Needed to establish Telnet session to remote host |
Volume Manager 3.1 | Veritas | 2148 | c:/Progam Files/Veritas/Veritas Object Bus/Bin/vxsvc.exe | Needed to connect to a Windows XP SP2-based client |
BMC Patrol for Windows 2000 | BMC Software | On the Windows XP SP2-based (client) computer: TCP ports 3181, 10128 and 25; UDP ports 3181, 10128 and 25 | //<Server Name>/BMC Software/Patrol 3-4/Best1/6.5.00/bgs/bin/Best1CollectGroup.exe | Needed to allow connection of server to client computer. Make sure that you have shared the BMC Patrol file on the server before you try to move to the default exception path on the client. |
eTrust 6.0.100 | Computer Associates | File and Printer Sharing ports and ICMP echo request and port TCP 42510 | See the documentation | Needed to remote install to Windows XP SP2 |
NetShield 4.5 | McAfee Security | See the documentation | File and Printer sharing | Needed to Remote Connect to a Windows XP SP2-based client |
Computer Associates eTrust 7.0 | Computer Associates | Add the File and Printer Sharing ports and ICMP echo request | See the documentation | Needed so that a Windows Server 2003 eTrust 7.0 server can remotely test logon to a Windows XP SP2-based client |
Computer Associates eTrust 7.0 | Needed so that a Windows Server 2003 eTrust 7.0 server can remotely install the client eTrust software on Windows XP SP2-based computers. Resolved by setting the following to 0 and then rebooting: HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows NT/RPC/RestrictRemoteClients (DWORD value) |
Games
Game | Vendor | Ports | Default exception | |
---|---|---|---|---|
Chess Advantage III: Lego Chess | Encore | See the documentation | See the documentation | |
Need for Speed Hot Pursuit 2 | EA Games | See the documentation | See the documentation | |
Unreal Tournament 2003 | Atari | See the documentation | See the documentation | |
Unreal Tournament Game of the Year Edition | Atari | See the documentation | See the documentation | |
Midnight Outlaw: Illegal Street Drag 1.0 | VALUSoft | See the documentation | Defwatch.exe | |
Scrabble 3.0 | Atari | See the documentation | See the documentation | |
Star Trek StarFleet Command III 1.0 | Activision | See the documentation | See the documentation |
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products. For information about how to contact any of the vendors that are listed in one of the following articles, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:
65416 Hardware and software vendor contact information, A-K
60781 Hardware and software vendor contact information, L-P
60782 Hardware and software vendor contact information, Q-Z