WMI over DCOM

WMI uses port 135 (RPC), but in addition to this, through its use of DCOM which it's built upon, it also uses a random port between 1065 and 65535 to continue the conversation. The following instructions will allow you to configure dynamic port allocation to work with the firewall, and there is also  the ability to restrict the port range or alternatively make it use a static port so that it can be allowed in the firewall.


RestrictionsInstructions
Dynamic ports

Not applicable for:

  • machines hosted in the cloud
  • when using VPN
Follow How to configure RPC dynamic port allocation to work with firewalls.
Static ports
  1. Add a static WMI endpoint
  •  Open Component Services (run "dcomcnfg" from command prompt).
  •  Go to My Computer > DCOM Config > Windows Management and Instrumentation.
  •  Open Properties from the context menu. Add a new endpoint and assign a static port to it e.g. 24158.
  •  Restart the "Windows Management Instrumentation" service.

2. Follow steps in this MSDN article: Setting Up a Fixed Port for WMI

3. Ensure either:

  • the machine you want to monitor is using a static IP address and add a lookup for that into %windir%\system32\drivers\etc\hosts – e.g. 94.229.131.27 myazurevm 

or

  • the DNS search suffix is added to the comma-separated search list located at HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters (you may need to run ipconfig /registerdns to re-register the dns search list for the first time after setting this registry value).

Didn't find what you were looking for?