DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 946567 - Last Review: April 7, 2008 - Revision: 3.1

Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.

On This Page

SYMPTOMS

Consider the following scenario:
  • You have a Windows Vista-based computer that is running Windows Firewall.
  • A client application tries to connect through TCP port 1723.
In this scenario, Windows Vista may disconnect communications to the client. The following are examples of such client applications:
  • FTP applications that connect through port 1723
  • P2P applications that connect through port 1723
  • Multifunction printers on which scanning or faxing options use port 1723 for communications

    Note In this situation, no error message is displayed in Windows. However, an error is displayed on the printer.

CAUSE

This problem may occur when Windows Vista disconnects from a client because the client connection is determined to be invalid.

When a connection is made through TCP port 1723 in Windows Vista, Windows Firewall recognizes the connection as being established through PPTP. By default, Windows Firewall uses a stateful PPTP protocol analyzer to determine whether it can receive packets through the TCP port 1723 connection. Therefore, the stateful PPTP protocol analyzer may reject as invalid any traffic that uses a protocol other than PPTP.

WORKAROUND

Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

To disable the stateful PPTP protocol analyzer, use one of the following methods.

Method 1: Use an elevated command prompt

  1. Open an elevated command prompt. To do this, click Start
    Collapse this imageExpand this image
     Start button
    , type cmd in the Start Search box, right-click cmd in the Programs list, and then click Run as administrator.

    Collapse this imageExpand this image
     User Account Control permission
    If you are prompted for an administrator password or for confirmation, type your password, or click Continue.
  2. At the command prompt, type the following command to disable stateful packet filtering for outgoing PPTP traffic, and then press ENTER:
    netsh advfirewall set global statefulpptp disable
  3. Close the command prompt

Method 2: Use Group Policy

  1. Open an elevated command prompt. To do this, click Start
    Collapse this imageExpand this image
     Start button
    , type cmd in the Start Search box, right-click cmd in the Programs list, and then click Run as administrator.

    Collapse this imageExpand this image
     User Account Control permission
    If you are prompted for an administrator password or for confirmation, type your password, or click Continue.
  2. At the command prompt, type netsh, and then press ENTER.
  3. Type advfirewall, and then press ENTER.
  4. Type set store=name of Group Policy object (GPO) to modify, and then press ENTER. This action sets the context to the GPO that you want to modify by using the new firewall settings.
  5. Type set global statefulpptp disable, and then press ENTER to disable stateful packet filtering for outgoing PPTP traffic. This action creates a Registry.pol file in the SYSVOL shared folder on one domain controller. This policy file is then replicated to all other domain controllers during the next replication cycle.

    Note For the new policy to be applied, the client computers must be restarted.

REFERENCES

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
939321  (http://support.microsoft.com/kb/939321/ ) Error message when you use Outlook 2007 in Windows Vista to try to connect to a computer that is running Exchange Server 2003: "Task reported error 0x8004011D. The server is not available"

APPLIES TO
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Home Basic
  • Windows Vista Home Premium
  • Windows Vista Ultimate
  • Windows Vista Business 64-bit Edition
  • Windows Vista Home Basic 64-bit Edition
  • Windows Vista Home Premium 64-bit Edition
  • Windows Vista Ultimate 64-bit Edition
Keywords: 
kbharmony kb3rdpartyhardware kbprb kbtshoot kbexpertiseinter KB946567
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support