DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 2568645 - Last Review: June 20, 2011 - Revision: 1.0

SYMPTOMS

Consider the following scenario:
 
•         You have a computer that is running Windows Server 2008 or Windows Server 2008 R2.  
•         You install the Failover Clustering feature 
•         You install an application to a shared cluster drive
•         You create a Firewall application exception rule for the application


In this scenario, when the resources fail over to another node, the Firewall service blocks network traffic to the application.

CAUSE

This issue occurs because the volume ID portion of the path to the application in the Firewall rule is different than when the Firewall rule was added. Thus, the Firewall service does not find the matching rule and blocks the traffic.

WORKAROUND

To work around the issue, write a script that utilizes the Firewall service script INetFwRule Interface to delete and recreate the appropriate rules.  
Then create a scheduled task that is triggered by the Event ID 1201 (The Cluster service successfully brought the clustered service or application '{name}' online.)

More information on the INetFwRule interface can be found below:
http://msdn.microsoft.com/en-us/library/aa365344(v=VS.85).aspx (http://msdn.microsoft.com/en-us/library/aa365344(v=VS.85).aspx)


MORE INFORMATION

Here is an example of such a script:
' Sample Code is provided for the purpose of illustration only and is not intended to be 
' used in a production environment. THIS SAMPLE CODE AND ANY RELATED INFORMATION ARE PROVIDED 
' "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED 
' TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. We 
' grant You a nonexclusive, royalty-free right to use and modify the Sample Code and to 
' reproduce and distribute the object code form of the Sample Code, provided that. 
' You agree: 
' (i) to not use Our name, logo, or trademarks to market Your software product in 
' which the Sample Code is embedded; 
' (ii) to include a valid copyright notice on Your software product in which the Sample Code 
' is embedded; and 
' (iii) to indemnify, hold harmless, and defend Us and Our suppliers from and against 
' any claims or lawsuits, including attorneys’ fees, that arise or result from the 
' use or distribution of the Sample Code
Option Explicit
Dim rule
Dim success
success = FALSE
' Add your application path and name below, 
' NOTE:  Case Sensitive
Const AppPath = "C:\temp\myapp.exe"

' Create the FwPolicy2 object.
Dim fwPolicy2
Set fwPolicy2 = CreateObject("HNetCfg.FwPolicy2")
' Get the Rules object
Dim RulesObject
Set RulesObject = fwPolicy2.Rules
For Each rule In Rulesobject
    if (rule.ApplicationName = AppPath) then
        
        Dim newApplication
    
        Set newApplication = CreateObject("HNetCfg.FWRule")
    
        ' Copy the Firewall Rule
        newApplication.Action = rule.Action
        newApplication.ApplicationName = rule.ApplicationName
        newApplication.Description = rule.Description
        newApplication.Direction = rule.Direction
        newApplication.EdgeTraversal = rule.EdgeTraversal
        newApplication.Enabled = rule.Enabled
        newApplication.Grouping = rule.Grouping
        newApplication.Interfaces = rule.Interfaces
        newApplication.LocalAddresses = rule.LocalAddresses
        newApplication.Name = rule.Name
        newApplication.Profiles = rule.Profiles
        newApplication.RemoteAddresses = rule.RemoteAddresses
        newApplication.ServiceName = rule.ServiceName
        
        'Remove the Firewall Rule
        RulesObject.Remove(rule.Name)
        
        WScript.Echo "Removed application """ & newApplication.Name & """"
        
        'Add back the Firewall Rule
        RulesObject.Add(newApplication)
        
        WScript.Echo "Added application """ & newApplication.Name & """"
        success = TRUE
    end if
Next
If success = FALSE Then
    WScript.Echo "FAIL: Did not perform the remove/add operation to the application.  Perhaps the AppPath does not exist"   
End If
'---References
' [1] http://msdn.microsoft.com/en-us/library/aa365344(v=VS.85).aspx


Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use (http://go.microsoft.com/fwlink/?LinkId=151500) for other considerations.

APPLIES TO
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 Enterprise
Keywords: 
KB2568645
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support