Server Service: Firewall Status Monitor

  • ID:  Microsoft.Windows.FileServices.Service.SMB.6.2.FirewallPortConfig
  • Description:  This object monitors firewall inbound rules for File and Printer Sharing and generates an alert if either the rules are disabled or the corresponding TCP ports are blocked.
  • Target:  SMB Service (Windows Server 2012)
  • Enabled:  Yes

Operational States

Name State Description
Error Error  
Success Success  

Overridable Parameters

Parameter Name Default Value Description Override
Interval in seconds 30  
Time at which to start time interval    
Script Arguments $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$  
Timeout Seconds 300  

Alert Details

Monitor State Message Priority Severity Auto Resolution
Error (Error) Server Service: File and Printer Sharing Ports Blocked Medium Critical Yes

Run As Profiles

Name
File Services Role Monitoring Account

Monitor Knowledgebase

Summary

This object monitors firewall inbound rules for File and Printer Sharing and generates an alert if either the rules are disabled or the corresponding TCP ports 445 and 139 are blocked.

Causes

This monitor can enter a Critical health state for the following reasons:

  • The Windows Firewall is not running.

  • Firewall rules for File and Printer Sharing targeting TCP port 445 or 139 are disabled.

If the health state is unknown, it means that monitoring has not yet begun for this object.

Resolutions

Determine if Windows Firewall is enabled

To determine if Windows Firewall is enabled, use the following procedure:

1. At an elevated command prompt on the affected server, type: sc query mpssvc and press ENTER.

2. If the firewall is not running, type the following command: net start mpssvc.

Determine if port firewall rules are enabled

To determine if the firewall rules for the ports are enabled, use the following procedure:

1. Open the Control Panel on the affected server, click System and Security, and then click Windows Firewall.

2. In the left pane, click Advanced Settings and then click Inbound Rules.

3. Check whether the following rules are enabled and the Action is Allow:

  • File and Printer Sharing (NB-Session-In)

  • File and Printer Sharing (SMB-In)

4. If the firewall rules are not enabled, click the rule, and on the Action menu, click Enable Rule.

This monitor automatically resets to a Healthy state after you resolve the issue.

External References
This monitor does not contain any external references.

See Also for Windows Server File & iSCSI Services Management Pack


Downloads for Windows Server File & iSCSI Services Management Pack

AZURE OPTIMIZATION ASSESSMENT GET STARTED
MIGRATION TO AZURE GET STARTED
SYSTEM CENTER MIGRATION TO AZURE GET STARTED
MIGRATION TO AZURE FOR SQL AND WINDOWS 2008 GET STARTED