Sdílet prostřednictvím

How to: Manually Configure the Windows Vista Firewall for Remote Debugging

  • Článek

This topic applies to:

Edition

Visual Basic

C#

F#

C++

Web Developer

Express

 Topic does not apply Topic does not apply Topic does not apply Topic does not apply Topic does not apply

Pro, Premium, and Ultimate

 Topic applies Topic applies Topic applies Topic applies Topic applies

On Windows Vista platforms, remote debugging setup requires some additional steps to configure the Windows Firewall. These steps are performed automatically when you run the remote debugger for the first time. If manual setup is needed for any reason, follow the procedures in this section.

If the Windows Firewall is off, no firewall configuration is necessary.

If the Windows Firewall is on, some ports must be opened and permissions must be granted to Visual Studio and other executables involved in the remote debugging. The Windows Firewall must not be in Shielded mode.

Upozornění

Configuring the Windows Firewall to allow remote debugging could allow other users to gain remote access. You can restrict this remote access to computers on your local subnet, which will limit the security risk.

To configure the Visual Studio host computer

  1. In Control Panel,click Classic View.

  2. Double-click Security Center.

  3. In Windows Security Center, click Windows Firewall.

  4. In the Windows Firewall window, click Change Settings.

    The User Account Control dialog box appears.

    1. If the User Account Control dialog box requests your permission to continue, click Continue.

    2. If the User Account Control dialog box requests your Administrator password, type your password and click Submit.

    The Windows Firewall Settings dialog box appears.

    Steps 6-9 open TCP port 135 (used by DCOM to communicate with remote computers).

  5. On the Exceptions tab, click the Add a Port button.

  6. In the Add Port dialog box, do the following:

    • For Name, type a description (such as remote debugging DCOM).

    • For Port Number, type 135.

    • Select TCP.

  7. (Optional) Limiting access to computers on your local subnet enhances security. You should do this unless you have to debug outside the local subnet.

    1. Click Change Scope.

    2. In the Change Scope dialog box, select My network (subnet) only.

    3. Click OK.

  8. Click OK to close the Add a Port dialog box.

  9. If your domain policy requires network communication to be done through IPSec, do this step. Otherwise, skip it.

    • Open UDP port 4500 (used for IP security) by repeating the prior step, substituting UDP for the Protocol, and 4500 for the Port Number.

    • Open UDP port 500 (used for IP security) the same way, substituting UDP for the Protocol, and 500 for the Port Number.

    Steps 11-16 add Devenv.exe (the Microsoft Visual Studio development environment) to the SP2 application security Exception list so that it can dynamically open ports at runtime.

  10. Click Add a program.

  11. In the Add program dialog box, click the Browse button.

  12. In the Browse dialog box, navigate to where devenv.exe is located (typically SystemDrive:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE). Select devenv.exe.

  13. Click OK to close the Browse dialog box.

  14. (Optional) Limiting access to computers on your local subnet enhances security. You should do this unless you have to debug outside the local subnet.

    1. Click Change Scope.

    2. In the Change Scope dialog box, select My network (subnet) only.

    3. Click OK.

  15. Click OK to close the Add a program dialog box.

To configure the remote computer

  1. In Control Panel, click Classic View.

  2. Double-click Security Center.

  3. In Windows Security Center, click Windows Firewall.

  4. In the Windows Firewall window, click Change Settings.

    The User Account Control dialog box appears.

    • If the User Account Control dialog box requests your permission to continue, click Continue.

    • If the User Account Control dialog box requests your Administrator password, type your password and click Submit.

    Steps 6-9 open the TCP 135 port, which is used by DCOM to communicate with remote computers.

  5. On the Exceptions tab, click the Add Port button.

  6. In the Add Port dialog box, do the following:

    • For Port Number, type 135.

    • For Description, type a description (such as remote debugging DCOM).

    • Select TCP.

  7. (Optional) Limiting access to computers on your local subnet enhances security. You should do this unless you have to debug outside the local subnet:

    1. Click Change Scope.

    2. In the Change Scope dialog box, select My network (subnet) only.

    3. Click OK.

  8. Click OK to close the Add Port dialog box.

  9. If your domain policy requires network communication to be performed through IPSec, do this step. Otherwise, skip it:

    • Open UDP port 4500 (used for IP security) by repeating the prior step, substituting UDP for the Protocol and 4500 for the Port Number.

    • Open UDP port 500 (used for IP security) the same way, substituting UDP for the Protocol, and 500 for the Port Number.

    Follow steps 10–16 to add msvsmon to the SP2 Exception list. This enables it to dynamically open ports at run time.

  10. Click the Add a Program button.

  11. In the Add a Program dialog box, click the Browse button.

  12. In the Browse dialog box, locate Msvsmon.exe, which will be in one of the following directories:

    Install path \Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\x86

    Install path \Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\x64

    Install path \Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\ia64

  13. (Optional) By limiting access to computers on your local subnet, you enhance security. You should do this unless you have to debug outside the local subnet.

    1. Click Change Scope.

    2. In the Change Scope dialog box, select My network (subnet) only.

    3. Click OK.

  14. Click OK to close the Add a program dialog box.

  15. Click OK to close Windows Firewall.

  16. Close the Windows Security Center.

    Steps 17–22 open ports that are required for file and print sharing.

  17. In Control Panel, double-click Administrative Tools.

  18. In Administrative Tools, double-click Windows Firewall with Advanced Security.

    If the User Account Control dialog box appears, click Yes to continue.

    The Windows Firewall with Advanced Security application appears.

  19. Add an exception for TCP 135, which is the port that is used by DCOM to communicate with the remote computer.

    1. Click Inbound Rules.

    2. In the Actions pane, click New Rule.

      The New Inbound Rule Wizard appears.

    3. Under What type of rule would you like to create?, select Port, and then click Next.

    4. Select TCP and Specific local ports, and then enter 135 in the Specific local ports box.

    5. Click Next.

    6. On the Action page, select Allow the Connection, and then click Next.

    7. On the Profile page, select the profiles where you want the rule to apply. Usually, you will want Domain and possibly Private, but not Public.

    8. Click Next.

    9. On the Name page, type a meaningful name in the name box, such as Remote Debugging DCOM.

    10. Click Finish.

  20. If your domain policy requires network communication to occur through IPSec, follow this step. Otherwise, see step 5.

    1. Click New Rule.

      The New Inbound Rule Wizard appears.

    2. Under What type of rule would you like to create?, select Port, and then click Next.

    3. Select UDP and Specific local ports, and then enter 4500 and 500 in the Specific local ports box.

    4. Click Next.

    5. On the Action page, select Allow the Connection, and then click Next.

    6. On the Profile page, select the same profiles that you selected in step 3.

    7. Click Next.

    8. On the Name page, type a name in the name box, such as Remote Debugging DCOM UDP.

    9. Click Finish.

  21. Add exceptions for TCP 139, TCP 445, UDP 137, and UDP 138, which are the ports that are used by DCOM to communicate with the remote computer.

    1. Click New Rule.

      The New Inbound Rule Wizard appears.

    2. Under What type of rule would you like to create?, select Port, and then click Next.

    3. Select TCP and Specific local ports, and then enter 139, 445 in the Specific local ports box.

    4. Click Next.

    5. On the Action page, select Allow the Connection, and then click Next.

    6. On the Profile page, select the same profiles that you selected in step 3.

    7. Click Next.

    8. On the Name page, type a name in the name box, such as Remote Debugging File and Printer Sharing TCP.

    9. Click Finish.

    10. Click New Rule again.

      The New Inbound Rule Wizard appears.

    11. Under What type of rule would you like to create?, select Port, and then click Next.

    12. Select UDP and Specific local ports, and then enter 137, 138 in the Specific local ports box.

    13. Click Next.

    14. On the Action page, select Allow the Connection, and then click Next.

    15. On the Profile page, select the same profiles that you selected in step 3.

    16. Click Next.

    17. On the Name page, type a name in the name box, such as Remote Debugging File and Printer Sharing UDP.

    18. Click Finish.

  22. Close the Windows Firewall with Advanced Security window.

See Also

Tasks

How to: Set Up Remote Debugging

Change History

Date

History

Reason

October 2010

Updated procedures to show correct steps for Windows Vista.

Customer feedback.