Some programs seem to stop working after you install Windows XP Service Pack 2 (842242)


The information in this article applies to:

  • Microsoft Windows XP Professional Service Pack 2 (SP2)
  • Microsoft Windows XP Home Edition Service Pack 2 (SP2)

SUMMARY

After you install Microsoft Windows XP Service Pack 2 (SP2), some programs may seem not to work. By default, Windows Firewall is enabled and blocks unsolicited connections to your computer. This article discusses how to make an exception and enable a program to run by adding it to the list of exceptions. This procedure permits the program to work as it did before the service pack was installed.

TABLE OF CONTENTS

INTRODUCTION

To help provide security for your Windows XP SP2-based computer, Windows Firewall blocks unsolicited connections to your computer. However, sometimes you might want to make an exception and permit someone to connect to your computer. For example, the following scenarios describe occasions when you might want someone to be able to connect to your computer:
  • You are playing a multiplayer game over the Internet.
  • You are expecting to receive a file that is sent through an instant message program.
After you install Windows XP SP2, client applications may not successfully receive data from a server. Following are some examples:
  • An FTP client
  • Multimedia streaming software
  • New mail notifications in some e-mail programs
Alternatively, server applications that are running on a Windows XP SP2-based computer may not respond to client requests. Following are some examples:
  • A Web server such as Internet Information Services (IIS)
  • Remote Desktop
  • File Sharing
Back to the top

Windows Firewall Security Alert

Sometimes, when Windows Firewall blocks a program, a Windows Firewall Security Alert dialog box appears. The dialog box includes the following information:

...to help protect your computer, Windows Firewall has blocked some features of this program

The message displays the name of the program and the name of the publisher of the program. This dialog box has these options:
  • Keep Blocking
  • Unblock
  • Ask Me Later
The next section explains how to use this dialog box as one of the methods to enable programs.

Back to the top

Enabling programs

To work correctly, some programs and games must receive information over the network. The information enters your computer through an inbound port. For Windows Firewall to permit this information to enter, the correct inbound port must be open on your computer. To enable a program to communicate like it did before Windows XP SP2 was installed, and to enable programs that you want to run, use one of the following methods.

Enable programs by using the Windows Security Alert dialog box

  1. In the Windows Security Alert dialog box, click Unblock.

    Windows Security Alert dialog box

Enable programs by using Windows Firewall

If you do not click Unblock in the Windows Security Alert dialog box, the program continues to be blocked. To enable a program by using Windows Firewall, follow these steps:
  1. Click Start, and then click Run.

    Start menu
  2. In the Open box, type wscui.cpl, and then click OK.

    Run dialog box
  3. Click Windows Firewall.

    Windows Security Center
  4. In the Windows Firewall dialog box, click the Exceptions tab, and then click Add Program.

    Windows Firewall dialog box
  5. In the Add a Program dialog box, either select the program from the list that appears, or click Browse to locate your program.

    "Add a Program" dialog box

    If you cannot locate your program, see the next section.
  6. After you select your program, click OK.
  7. On the Exceptions tab, make sure that the check box next to your program is selected, and then click OK.

    Windows Firewall dialog box


    Note If you later decide that you do not want the program to be an exception, clear this check box.
Adding a program to the list of exceptions has the following advantages:
  • You do not have to know a specific port number. (By contrast, when you want to open a port, you have to know the number of the port that is used by the program. This is described later.)
  • The port that is used by the program that is on the list of exceptions will be open only when the program is waiting to receive a connection.
Back to the top

Identifying and opening ports

If your program still does not seem to work after you add the program to the list of exceptions, or if you cannot locate the program in step 4 of the previous section, you can open a port manually.

ImportantBefore you can add a port or ports manually, you have to identify the ports that are used by the program. A reliable method for identifying the ports that are used by the program is to contact the vendor. If you cannot do this, or if a list of ports that are used by the program is not available, you can use Netstat.exe to identify the ports that are used by the program.

Identify ports by using Netstat.exe

  1. Start the program in question and try to use its network features. For a multimedia program, try to start an audio stream. For a Web server, start the service.
  2. Click Start, and then click Run.

    Start menu
  3. In the Open box, type cmd, and then click OK.

    Run dialog box
  4. Type the following at a command prompt.Press ENTER after each line:

    netstat -ano > netstat.txt
    tasklist > tasklist.txt
    notepad tasklist.txt
    notepad netstat.txt


    Note If the program in question is running as a service, add the /svc switch to list the services that are loaded in each process:

    tasklist /svc > tasklist.txt



    Command Prompt window
  5. In Tasklist.txt, locate the program that you are troubleshooting. Note the process identifier (PID) for the process.

    Tasklist.txt Notepad window
  6. In Netstat.txt, note any entries that are associated with the process identifierNote the protocol that is used (TCP or UDP).

    Netstat.txt Notepad window
Important If the program uses more than one port, repeat this procedure to identify the additional ports that are used by the program. If you repeat the procedure and the port number that the program uses continues to change, add a program-based exception or contact the vendor of the program.

Back to the top

Open ports manually by using Windows Firewall

If you cannot identify the ports that are used by the program, you can open a port manually. To identify the specific port number to open, contact the product vendor or see the product user documentation. After you identify the port number that you want to open, follow these steps:
  1. Click Start, and then click Run.

    Start menu

  2. In the Open box, type wscui.cpl, and then click OK.

    Run dialog box

  3. Click Windows Firewall.

    Windows Security Center

  4. On the Exceptions tab, click Add Port.

    Windows Firewall dialog box

  5. In the Add a Port dialog box, type a name for the port exception in the Name box, type the number of the port that you want to open in the Port number box, and then click either TCP or UDP.

    "Add a Port" dialog box

  6. To view or set the scope for the port exception, click Change Scope.

    Change Scope dialog box

    Select the scope options that you want to use for this exception, and then click OK.

    Change Scope dialog box

  7. On the Exceptions tab, notice that the new service is listed. To enable the port, click to select the check box next to the service, and then click OK.

    Windows Firewall dialog box

For additional information about configuring Windows Firewall, click the following article number to view the article in the Microsoft Knowledge Base:

875357 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2

Back to the top

Programs that may require you to open ports manually

The following lists the programs and games that may require you to open the port or ports manually so that the programs can work correctly.

Programs

ProgramVendorPortsDefault exceptionNotes
Visual Studio .NETMicrosoft See the third-party documentationSee the third-party documentationNeeded only for Remote DCOM debugging
SQLMicrosoft Dynamically assigned ports for RPC and DCOM Needed only for remote debugging
Backup Exec 9Veritas 10000 C:
\Program Files
\Veritas
\Backup Exec
\RANT32
\beremote.exe 		Needed only to back up a client from a server
Ghost Server Corporate Edition 7.5 Symantec139-TCP-NetBIOS Session Service; 445-TCP-SMB over TCP; 137-UDP-NetBIOS Name Service; 138-UDP-NetBIOS Datagram Service See the third-party documentationNeeded to push down a ghost client
Symantec AntiVirus Corporate Edition 8.0Symantec File and Printer SharingChecking the "Allow file and printer sharing" check box opens these ports: UDP 137, 138; TCP 139, 445. Needed to install client
SMS 2003 ServerMicrosoft Enable File and Printer Sharing ports See the third-party documentationNeeded to view Windows XP SP2 Client Event Viewer
Cute FTP 5.0 XPGlobalSCAPE21 or FTP server See the third-party documentationNeeded to FTP in to a Windows XP SP2-based computer
Exceed 7.0, 8.0Hummingbird21 or FTP server See the third-party documentationNeeded so that FTP for Windows Explorer can connect to remote computers
KEA! 340 5.1Attachmate23 or 'Telnet server' See the third-party documentationNeeded to establish Telnet session to remote host
Reflection 10 and 11WRQ23See the third-party documentationNeeded to establish Telnet session to remote host
Reflection 10 and 11WRQ6000 (TCP/IP) and 177 (UDP)See the third-party documentationNeeded to establish X-Windows Sessions
Reflection 10 and 11WRQ20 or 21See the third-party documentationNeeded so that FTP client can connect to remote computers
Smarterm Office 10 and Smarterm 11Esker Software23 or 'Telnet server' See the third-party documentationNeeded to establish Telnet session to remote host
Smarterm Office 10 and Smarterm 11Esker Software21 or FTP server See the third-party documentationNeeded so that the FTP tool can connect to remote computers
ViewNow 1.05 NetmanageFTP server or 21 See the third-party documentationNeeded so that FTP tool can connect to remote computers
ViewNow 1.0 and 1.05 Netmanage6000 (TCP/IP) and 177 (UDP) See the third-party documentationNeeded to establish X-Windows Sessions
ViewNow 1 or 1.05 NetmanageTelnet Server or 23 See the third-party documentationNeeded to establish Telnet session to remote host
Microsoft Operations Manager 2000 SP1Microsoft Enable ICMP echo request, File and Printer Sharing and UDP See the third-party documentationNeeded to push MOM Agent onto a Windows XP SP2-based client that has Windows Firewall enabled
AutoCAD 2004, 2005Autodesk21 See the third-party documentationNeeded to browse projects using FTP viewer (File Open dialog) when remote FTP host has Windows Firewall enabled.
Backup Exec 9.1.4691VeritasSee the third-party documentation%Program Files%
\Veritas
\Backup Exec
\RANT
\beremote.exe 		Needed to back up Windows XP SP2-based client
Windows Scanner and Camera WizardXerox Network Scanners 21 See the third-party documentationNeeded so that the Scanner and Camera Wizard starts and the scanned images are available for the user to access.
ColdFusion MX Server Edition 6MacromediaTCP (by default, 8500) See the third-party documentationNeeded to allow remote access as Web server
CA ARCserveComputer Associates137-UDP-NetBIOS Name Service; 138-UDP-NetBIOS Datagram Service; 139-TCP-NetBIOS Session Service; 704-UDP; 1478-UDP-MS-sna-base; 1900-UDP-SSDP; 6050-TCP-ARCserve Service; 6051-TCP-ARCserve Service See the third-party documentationNeeded for remote installs, licensing, and client communications
EDM File System Agent 4.0EMC3895 See the third-party documentationNeeded to install EDM client from server to Windows XP SP2
Microsoft Systems Management Server 2003Microsoft TCP:2701 %WINDIR%
\System32
\CCM
\CLICOMP
\RemCtrl
\Wuser32.exe 		Needed so that Remote Tool can remote control a Windows XP SP2-based client computer
Aelita ERdisk for Active Directory 6.7Quest SoftwareSee the third-party documentationFile and Printer Sharing Needed to contact a remote computer
Hummingbird Host Explorer 8Hummingbird23 TCP and 21 TCP See the third-party documentationNeeded to Telnet in to a Windows XP SP2-based client
BV-Admin MobileBind ViewSee the third-party documentationFile and Printer Sharing Needed to contact a remote computer
SQL 2000aMicrosoft 1433 and 1434 See the third-party documentationNeeded to connect to remote computer
Backup Exec 8.6.1Needed so that the server can push remote agent to a Windows XP SP2-based client
Microsoft SNA 4.0 SP3Microsoft See documentationFile and Printer Sharing Needed to see a Windows XP SP2-based client
Extra! Personal Client 6.5 and 6.7AttachmateTelnet Server or port 23 See the third-party documentationNeeded to establish Telnet session to remote host
Extra! Enterprise 2000AttachmateTelnet Server or port 23 See the third-party documentation Needed to establish Telnet session to remote host
Extra! Bundle for TCP/IP 6.6AttachmateTelnet Server or port 23 See the third-party documentationNeeded to establish Telnet session to remote host
Volume Manager 3.1Veritas2148 C:
\Progam Files
\Veritas
\Veritas Object Bus
\Bin
\vxsvc.exe 		Needed to connect to a Windows XP SP2-based client
BMC Patrol for Windows 2000BMC SoftwareOn the Windows XP SP2-based (client) computer: TCP ports 3181, 10128 and 25; UDP ports 3181, 10128 and 25 \\<Server Name>
\BMC Software
\Patrol 3-4
\Best1
\6.5.00
\bgs
\bin
\Best1CollectGroup.exe 		Needed to allow connection of server to client computer. Make sure that you have shared the BMC Patrol file on the server before you try to move to the default exception path on the client.
eTrust 6.0.100Computer AssociatesFile and Printer Sharing ports and ICMP echo request and port TCP 42510See the third-party documentationNeeded to remote install to Windows XP SP2
NetShield 4.5McAfee SecuritySee the third-party documentationFile and Printer sharing Needed to Remote Connect to a Windows XP SP2-based client
Computer Associates eTrust 7.0Computer AssociatesAdd the File and Printer Sharing ports and ICMP echo request See the third-party documentationNeeded so that a Windows Server 2003 eTrust 7.0 server can remotely test logon to a Windows XP SP2-based client
Computer Associates eTrust 7.0 Needed so that a Windows Server 2003 eTrust 7.0 server can remotely install the client eTrust software on Windows XP SP2-based computers. Resolved by setting the following to 0 and then rebooting: HKEY_LOCAL_MACHINE
\SOFTWARE
\Policies
\Microsoft
\Windows NT
\RPC
\RestrictRemoteClients (DWORD value)
RetrospectDantz 497497Visit http://www.dantz.com/en/support/kbase.dtml?id=28189
Symantec Ghost Corporate Edition 7.5, 8.0, and 8.2SymantecIn File and Printer Sharing, select the Allow file and printer sharing check box that opens UPD ports 137 and 138, and TCP port 139 and 445Needed to do a remote client install
Symantec AntiVirus Corporate Edition 8.x and 9.xSymantecOpen IP (UDP) ports 2967 and 33345 for IPX. In addition, open ports 38293, 38037, and 38292 for UDP traffic. In File and Printer Sharing, select the Allow file and printer sharing check box that opens UPD ports 137 and 138, and TCP ports 139 and 445Visit http://www.symantec.com/techsupp/
enterprise/sp2/faq.html
IBM Tivoli Storage ManagerIBMSee IBM TechnoteSee IBM TechnoteThe IBM Technote title is "Windows XP Service Pack 2 firewall setting for TSM Client."
The IBM Technote is available at http://www.ibm.com/software/sysmgmt/products/support/
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Games

GameVendorPortsDefault exception
Chess Advantage III: Lego Chess Encore See the third-party documentationSee the third-party documentation
Need for Speed Hot Pursuit 2 EA GamesSee the third-party documentationSee the third-party documentation
Unreal Tournament 2003 AtariSee the third-party documentationSee the third-party documentation
Unreal Tournament Game of the Year Edition AtariSee the third-party documentationSee the third-party documentation
Midnight Outlaw: Illegal Street Drag 1.0 VALUSoftSee the third-party documentationDefwatch.exe
Scrabble 3.0 AtariSee the third-party documentationSee the third-party documentation
Star Trek StarFleet Command III 1.0 ActivisionSee the third-party documentationSee the third-party documentation

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products. For information about how to contact any of the manufacturers that are listed in one of the following articles, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:

65416 Hardware and software vendor contact information, A-K

60781 Hardware and software vendor contact information, L-P

60782 Hardware and software vendor contact information, Q-Z

Back to the top
Modification Type:MinorLast Reviewed:7/20/2006
Keywords:kbGraphxLink kbnomt kbScreenshot kbtshoot kbConfig kbSecurity kbAppCompatibility kbFirewall KB842242
©2004 Microsoft Corporation. All rights reserved.