Thanks for this. I checked the settings.
DCOM is unrestricted (for administrators) Users are allowed to access computer from the network. I'm in the remote assistance users list, both as an admin and as my own id We're not using a local (xp or 3rd party) software firewall. The only thing I did find is that an ethereal trace shows the client failing to make a connection on port 4213 - but I can find no docs on this port in Technet so I find this somewhat confusing - why that port? (also a LOT of TCP checksum errors - but I suspect this is ethereal rather than a real network issue) I think I'm gonna just stick with the sms RC tool for now. Thanks all. Mike Guest IT Solutions HML Padiham DDI: +44 (0)1282 682550 Internal Extension: (61) 2550 -----Original Message----- From: Lucas, Bryan [mailto:[EMAIL PROTECTED] Sent: 24 October 2006 16:58 To: [email protected] Subject: RE: [ActiveDir] OT: Issue with remote assistance offers I snagged this from my notes on when we deployed XP/GPO's and RA. It was a beating to get this to work, maybe something in this will spark a thought on your part. Edit the new custom GPO to have the following settings 1. CompConfig, Windows Settings, Local Policies, Security Options: a. DCOM: Machine Access Restrictions b. DCOM: Machine Launch Restrictions Grant TCURAP-XYZ full control on all these rights when you define this setting. 2. CompConfig, Windows Settings, Local Policies, User Rights Assignments: a. Access this computer from the network (add the TCURAP-XYZ group) 3. CompConfig, Administrative Templates, System, Remote Assistance a. Offer Remote Assistance - Add the TCURAP-XYZ group (be sure to include the TCU\) 4. Make sure the department has a TCU WinXP Firewall GPO with the following entries: SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedAppl ications\List\%systemroot%\PCHEALTH\HelpCtr\Binaries\Helpctr.exe:*:enabl ed:Helpctr.exe %systemroot%\PCHEALTH\HelpCtr\Binaries\Helpctr.exe:*:enabled:Helpctr.exe SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedAppl ications\List\%systemroot%\PCHEALTH\HelpCtr\Binaries\helpsvc.exe:*:enabl ed:helpsvc.exe %systemroot%\PCHEALTH\HelpCtr\Binaries\helpsvc.exe:*:enabled:helpsvc.exe SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedAppl ications\List\%systemroot%\system32\sessmgr.exe:*:enabled:sessmgr.exe %systemroot%\system32\sessmgr.exe:*:enabled:sessmgr.exe Bryan Lucas Server Administrator Texas Christian University > > PS: forgot to mention. XP box is a domain member, windows firewall > disabled > > Mike Guest > IT Solutions > *HML > *Padiham DDI: +44 (0)1282 682550 > Internal Extension: (61) 2550 > > ------------------------------------------------------------------------ > > *From:* Mike Guest > *Sent:* 24 October 2006 10:30 > *To:* [email protected] > *Subject:* [ActiveDir] OT: Issue with remote assistance offers > > Anyone seen this before? > > I have an xp box sitting behind an internal firewall (long story) that > I want to be able to offer unsolicited remote assistance to. I can > already RDP to the box, but the session on that box I want to offer > assistance to is already an RDP session, so that solution's out. > > I have opened TCP135 and 3389. I can create an offer on the remote > system (as a file), move it to my machine and successfully initiate an > RA session. > > However, when I try to initiate an RA session without an invite, the > help and support center window freezes for about 30 seconds then tells > me "The remote machine does not exist or is unavailable" - I've tried > both by name and by IP > > I've double-checked with a port scanner and 135 is definitely open (as > is 3389, but I couldn't do the invited RA or RDP without that) > > Anybody? > > Thanks > > > > ********************************************************************* > This email is intended only for the addressee named above. As this > email may contain confidential or privileged information, if you are > not the named addressee or receive this message in error, please > notify us immediately, delete it and do not make use of or copy it. > > This message is protected by copyright. HML accepts no responsibility > for viruses found in this message or any file attachment. > > Homeloan Management Limited > Registered in England No. 2214839 > 1 Providence Place, Skipton, North Yorkshire BD23 2HL > > ********************************************************************** > > > > ********************************************************************* > This email is intended only for the addressee named above. As this > email may contain confidential or privileged information, if you are > not the named addressee or receive this message in error, please > notify us immediately, delete it and do not make use of or copy it. > > This message is protected by copyright. HML accepts no responsibility > for viruses found in this message or any file attachment. > > Homeloan Management Limited > Registered in England No. 2214839 > 1 Providence Place, Skipton, North Yorkshire BD23 2HL > > ********************************************************************** List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/[email protected]/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/[email protected]/ ********************************************************************* This email is intended only for the addressee named above. As this email may contain confidential or privileged information, if you are not the named addressee or receive this message in error, please notify us immediately, delete it and do not make use of or copy it. This message is protected by copyright. HML accepts no responsibility for viruses found in this message or any file attachment. Homeloan Management Limited Registered in England No. 2214839 1 Providence Place, Skipton, North Yorkshire BD23 2HL ********************************************************************** List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/[email protected]/
