locked
Onecare live - domain installation RRS feed

  • Question

  • I have just installed Onecare live 2.0 on a couple of computers within my office network as a trial.  The product seems fine, good even, but they seem to be blocking a great deal of the necessary network traffic.  I notice the firewall turns off ICMP and Kerberos by default which are necessary.  I also cannot connect from the server using the MMC console to the onecare clients.  Their A records have also disappeared from DNS.

     

    So, the question, what ports/applications do I need to enable on the clients for them to function successfully within the domain?  And a request would be to make this a bit simpler to implement!  I'm sure I'm not the only IT consultant who is tempted to implement OneCare Live with the very small end of the SME spectrum (5 - 20 workstations)

     

    Cheers

    Ben

    Monday, May 26, 2008 8:46 AM

Answers

  • You can probably enable much of what you desire in the Advanced Firewall settings within OneCare. You will also want to make sure that the network on each client PC is identified to the OneCare firewall as "home or work."

    Note that OneCare really isn't intended to be used in a Domain environment at this point, although there is a version of OneCare coming later this year to work with the next version of SBS.

    -steve

     

    Monday, May 26, 2008 6:54 PM
    Moderator

All replies

  • You can probably enable much of what you desire in the Advanced Firewall settings within OneCare. You will also want to make sure that the network on each client PC is identified to the OneCare firewall as "home or work."

    Note that OneCare really isn't intended to be used in a Domain environment at this point, although there is a version of OneCare coming later this year to work with the next version of SBS.

    -steve

     

    Monday, May 26, 2008 6:54 PM
    Moderator
  • Thanks Steve,

     

    I was hoping you were going to give me a list of ports that I need to open!  When I have time I will fossick around and work it out.  Good to hear there is a version for SBS.  Hopefully it will be available separately and be compatible with SBS 2003 networks.  Do you know if this will be the case?

     

    Ben

    Thursday, May 29, 2008 4:18 AM
  • And yes, I have identified the network as "home or work" for the client PCs but it still is blocking some ports

     

    Thursday, May 29, 2008 4:23 AM
  •  muaddib32 wrote:

    Thanks Steve,

     

    I was hoping you were going to give me a list of ports that I need to open!  When I have time I will fossick around and work it out.  Good to hear there is a version for SBS.  Hopefully it will be available separately and be compatible with SBS 2003 networks.  Do you know if this will be the case?

     

    Ben

    Having no experience with SBS, I can't tell you what ports may need to be opened, but perhaps support can lend a hand.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    As for running on SBS 2003, I suspect not, but could be wrong. SBS 2003 is Windows Server 2003, while the next version of SBS is based on the same core as Vista, so porting OneCare to it was possible. Coding for Server 2003 is probably not in the cards.

    -steve

    Thursday, May 29, 2008 4:09 PM
    Moderator
  • Ben,

    I have installed SBS 2008 with the new Live OneCare for servers.  I have also installed the regular version of OneCare on a number of PC's throughout our network.  Here's what I have noticed from the install.  First of all, OneCare for SBS does not (at this time) integrate with the client computer's OneCare.  All of the client computers can see each other in the network of PC's however the server is not in the client computers list nor are the client computers in the servers list of PC's in the servers "circle".  One issue that I had with SBS and the OneCare firewall was that port 135 on the client PC's was not open.  This caused a number (thousands) of critical errors on the server.  The error was "DCOM was unable to communicate with the computer <COMPUTER NAME> using any of the configured protocols."  It took a while to figure out what exactly was causing this and the only thing that I could come up with was to enable port 135 on all client PC's. Of course this was a real pain in the ... but I didn't want to see, literally, thousands of errors on my server.  So hopefully microsoft can find a better way to merge the server version of OneCare with the client version.

    The only good part of SBS and the client version of OneCare is that when you connect a new PC to the SBS it sets up OneCare as the default security software and configures "most" of the settings for the server.  The only problem that I experienced was the aforementioned.  Just a side note:  I really like SBS 2008 and think that it's interface really saves a lot of time.  Many techs that I speak with and work with dislike it because it's almost easy enough for an end user to setup.  I don't think that many company's will do so and I think that everyone's over reacting.  It's definately a time saver because SBS configues almost everything with a few wizards.  Of course GPO's needed to be modified and there was a lot of Exchange 2007 work to be done.  The only thing I dislike is that I can't have 2 NIC's and it doesn't like non-UPNP routers.

    Good Luck,

    Todd

    Tuesday, June 17, 2008 12:23 AM
  • Hi Todd,

     

    Thanks for the information.  Very useful.  Yes, I have played around with SBS 2008 a bit too.  Not many extra features but I agree the new interface is good.

     

    Cheers

    Ben

    Tuesday, June 17, 2008 12:36 AM
  • I haven't had the opportunity to look at SBS 2008 or the OneCare implementation that ships with certain editions, but I can tell you that if you installed OneCare 2.0 to the client PCs, they will be unrelated to OneCare for Server, which is in beta and is the 2.5 code. As I understand it, the version of SBS that will have licenses for OneCare clients has some integration, but I'm pretty clueless as to what that is.

    -steve

     

    Tuesday, June 17, 2008 5:33 PM
    Moderator