How to: Manually Configure the Windows XP Firewall for Remote Debugging
This topic applies to:
Edition |
Visual Basic |
C# |
C++ |
Web Developer |
---|---|---|---|---|
Express |
||||
Standard |
||||
Pro and Team |
Table legend:
Applies |
|
Does not apply |
|
Command or commands hidden by default. |
On Windows XP SP2 platforms, remote debugging setup requires some additional steps to configure the Windows Firewall. These steps are performed automatically when you run the remote debugger for the first time. If manual setup is needed for any reason, follow the procedures in this section.
If the Windows Firewall is off, no firewall configuration is necessary.
If the Windows Firewall is on, some ports must be opened and permissions must be granted to Visual Studio and other executables involved in the remote debugging. The Windows Firewall must not be in Shielded mode.
Warning
Configuring the Windows Firewall to allow remote debugging could allow other users to gain remote access. You can restrict this remote access to computers on your local subnet, which will limit the security risk.
To configure the Visual Studio host computer
In Control Panel,click Security Center.
In the Windows Security Center, click Windows Firewall.
In the Internet Connection Firewall window, click the Exceptions tab.
Steps 6-9 open TCP port 135 (used by DCOM to communicate with remote computers).
On the Exceptions tab, click the Add a Port button.
In the Add Port dialog box, do the following:
For Port Number, type 135.
For Description, type a description (such as remote debugging DCOM).
Select TCP.
(Optional) Limiting access to computers on your local subnet enhances security. You should do this unless you have to debug outside the local subnet.
Click Change Scope.
In the Change Scope dialog box, select My network (subnet) only.
Click OK.
Click OK to close the Add a Port dialog box.
If your domain policy requires network communication to be done through IPSec, do this step. Otherwise, skip it.
Open UDP port 4500 (used for IP security) by repeating the prior step, substituting UDP for the Protocol, and 4500 for the Port Number.
Open UDP port 500 (used for IP security) the same way, substituting UDP for the Protocol, and 500 for the Port Number.
Steps 11-16 add Devenv.exe (the Microsoft Visual Studio development environment) to the SP2 application security Exception list so that it can dynamically open ports at runtime.
Click Add a program.
In the Add program dialog box, click the Browse button.
In the Browse dialog box, navigate to where devenv.exe is located (typically SystemDrive:\Program Files\Microsoft Visual Studio 8 Common7\IDE). Select devenv.exe.
Click OK to close the Browse dialog box.
(Optional) Limiting access to computers on your local subnet enhances security. You should do this unless you have to debug outside the local subnet.
Click Change Scope.
In the Change Scope dialog box, select My network (subnet) only.
Click OK.
Click OK to close the Add a program dialog box.
To configure the remote computer
In Control Panel,click Security Center.
In the Windows Security Center, click Windows Firewall.
In the Internet Connection Firewall window, click the Exceptions tab.
Steps 5-8 open the TCP 135 port, which is used by DCOM to communicate with remote computers.
On the Exceptions tab, click the Add Port button
In the Add Port dialog box, do the following:
For Port Number, type 135.
For Description, type a description (such as remote debugging DCOM).
Select TCP.
(Optional) Limiting access to computers on your local subnet enhances security. You should do this unless you have to debug outside the local subnet.
Click Change Scope.
In the Change Scope dialog box, select My network (subnet) only.
Click OK.
Click OK to close the Add Port dialog box.
If your domain policy requires network communication to be done through IPSec, do this step. Otherwise, skip it.
Open UDP port 4500 (used for IP security) by repeating the prior step, substituting UDP for the Protocol, and 4500 for the Port Number.
Open UDP port 500 (used for IP security) the same way, substituting UDP for the Protocol, and 500 for the Port Number.
Steps 10-14 open ports necessary for file and print sharing.
In the Programs and Services box, select File and Print Sharing.
Click the Edit button.
In the Edit a Service dialog box, select the following ports: TCP 139, TCP 445, UDP 137, and UDP 138.
(Optional) Limiting access to computers on your local subnet enhances security. You should do this unless you have to debug outside the local subnet.
Click Change Scope.
In the Change Scope dialog box, select My network (subnet) only.
Click OK.
Click OK to close the Edit a Service dialog box.
Steps 15-19 add msvsmon to the SP2 Exception list. This enables it to dynamically open ports at run time.
Click the Add a Program button.
In the Add a Program dialog box, click the Browse button.
In the Browse dialog box, navigate to where Msvsmon.exe is located, which will be one of the following directories:
Install path \Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86
Install path \Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64
Install path \Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\ia64
(Optional) Limiting access to computers on your local subnet enhances security. You should do this unless you have to debug outside the local subnet.
Click Change Scope.
In the Change Scope dialog box, select My network (subnet) only.
Click OK.
Click OK to close the Add a program dialog box.
Click OK to close Windows Firewall.