Applications that reply on the RPC service are blocked in Windows Vista SP1 or Windows Server 2008 when you block Windows Firewall incoming connections and enable remote management
On a computer that is running Windows Vista Service Pack 1 (SP1) or Windows Server 2008, consider the following scenario:
- You set the state of Windows Firewall incoming connections as “Block all connections.” This puts Windows Firewall in “shields-up” mode.
- You enable the Windows Firewall Remote Management rule for Windows Firewall incoming rules.
In this scenario, applications that reply on the Microsoft remote procedure call (RPC) service are blocked.
For example, the Forefront Server Security Management Console (FSSMC) agent is blocked from the RPC service and cannot enforce the Windows Firewall policy on the endpoint. Additionally, you may receive an error message that resembles the following:
0x800706D9 – “There are no more endpoints available from the endpoint mapper”
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB971800.