locked
Which .exe's need to be allowed in the firewall for live mesh to work? (outgoing connections) RRS feed

  • Question

  • Hi,

    I would like to use live mesh on my Windows Server 2008 box, and for that I need to know which applications (.exe paths/services) I need to allow in the windows firewall with advanced security; I block all in- and outgoing connections that don't match a rule.

    The installation automatically added some rules for the incoming connections, and I carried those over to the outgoing ones+added a few exe's that I hoped were related, but the mesh client states that my PC is "offline".

    I currently have rules for the following applications:
    %USERPROFILE%\AppData\Local\Microsoft\Live Mesh\GacBase\Moe.exe
    %USERPROFILE%\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.3424.14\MoeMonitor.exe
    %ProgramFiles%\Live Mesh\Remote Desktop\wlcrasvc.exe
    %USERPROFILE%\AppData\Local\Microsoft\Live Mesh\Bin\rdpsvr.exe

    Can anybody help me with this?

    (PS: I hope that Windows Server 2008 isn't the issue here, as live mesh correctly identifies my PC as "online" when I allow all outgoing traffic.)
    Sunday, March 15, 2009 11:40 AM

Answers

All replies

  • I'll just add that Server is technically unsupported... Though someone should be able to lend a hand. Clearly, if it works when you drop the firewall, it isn't Live Mesh, but the firewall configuration.
    -steve
    Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator
    Monday, March 16, 2009 1:29 PM
    Moderator
  • I've checked my 2008 installation and I don't seem to have anything else allowed through the firewalls that you don't have.

    That said, my machine will sometimes come up as "unavailable" for remote desktop - but I will still be able to connect (even though it has the warning symbol next to it).

    To clarify, when you say the client says that the PC is "offline" you mean from other clients right? The actual client is syncing on the 2008 machine.

    Oren
    Monday, March 16, 2009 1:47 PM
  • nachmore said:

    I've checked my 2008 installation and I don't seem to have anything else allowed through the firewalls that you don't have.

    That said, my machine will sometimes come up as "unavailable" for remote desktop - but I will still be able to connect (even though it has the warning symbol next to it).

    To clarify, when you say the client says that the PC is "offline" you mean from other clients right? The actual client is syncing on the 2008 machine.

    Oren

    Thank you all for your replies so far!
    No, the live mesh icon is grey and my PC is flagged as offline with a yellow exclamation mark on the PC itself...
    screenshot
    Monday, March 16, 2009 7:36 PM
  • If that screenshot is from the Server itself, Live Mesh is off-line as the icon in your system tray is also gray. What happens when you sign into Live Mesh from the icon? It seems to me that Live Mesh is not able to connect at all based on that screenshot.

    You've listed the applications allowed. Are you also allowing the ports?

    This article actually defines how to block the ports. I assume you would need to allow them.
    http://support.microsoft.com/kb/951862

    At the very least, 443 and 80 need to be allowed.

    -steve


    Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator
    Tuesday, March 17, 2009 2:57 PM
    Moderator
  • Hi,

    Yes, it is a screenshot from the server itself; When I right-click the icon it only allows me to sign out and my email address is shown in the box that I censored, so I believe that I'm signed in already, but that certain necessary connections cannot be established.

    My firewall is configured to allow all outgoing traffic to/from any port on any protocol, as long as it comes from one of the applications listed, so the port's shouldn't be the problem.

    What I'm guessing is that there is some form of temporarily created process, extension in the explorer or something else that's outside the listed applications that handles some of the internet connections, and that because it's not captured by the rules it cannot perform it's job and shows me as offline.... or something along those lines. (I remember getting firewall-popups regularly from Microsoft's Freelancer (a space game), listing a process named (something random alphanumeric).exe, which judging from the IP's it tried to access, queried multiplayer servers that were added to the commandline... If I'd block the access the servers wouldn't show up, but I couldn't set up a rule since the exe was "untracable".. That was with my old firewall on WinXP though, but I'm just wondering whether something similar is going on here?)

    Do I need to allow any services e.g.?
    Tuesday, March 17, 2009 6:34 PM
  • Based on Orin's earlier reply, you should not need to. However, I think that you have set security on your server much more restricted.
    Even though it is technically unsupported, I'd suggest filing a bug with logs and perhaps the logs will reveal what's being blocked - the tray icon should be blue when you are connected and logged it, so it is not properly connected on your system.
    Sticky: How to Submit Bugs and Live Mesh Logs

    -steve
    Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator
    Tuesday, March 17, 2009 8:24 PM
    Moderator
  • Saturday, March 21, 2009 1:14 PM
  • Excellent. Thanks for filing the bug and providing the link here.
    -steve
    Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator
    Monday, March 23, 2009 12:37 PM
    Moderator
  •  the1freak,
    Give this a try, I found this to be causing the exact same connection problems....

    I resolved all of my connection issues with the Live Mesh with this simple fix. 

     

    This also fixed all of the problems I was having with any "Live" service, including Live Messenger, Live Sync, Live Mesh, Live Sign In Assistant, Outlook Connector, etc .   

    In Internet Explorer, under Tools--> Internet Options-->Advanced Tab

    Scroll down to the Security section and UNCHECK "Check for server certificate revocation"

    Restarted IE and everything related to Windows Live magically started working again.

    I am using IE 8, so I am not sure if this option is available in IE 7, but just wanted to let everyone know this fixed it for me.

    Seems that the Live Services Certificate may have been revoked....  Oops.


    Hope this helps others!

    I found this problem and wrote it up for Outlook Connector and Live Sync.  Forgot to cross post it here.

    -Paul

    Monday, March 23, 2009 10:33 PM
  • Hi,

    Thanks for the idea! I tried it, but unfortunately that didn't work. I've now also added every single executable in both the userdata and the program files live mesh folder into the list of allowed .exe files, and that still doesn't reslove the issue. :(

    I also found a service called "Live Mesh Remote Desktop", which I previously had not allowed, and integrated that into the list as well...

    I'm kind of confused.

    Windows Live Messenger works fine (even though that, too, isn't supported)
    Tuesday, March 24, 2009 1:05 AM