Environment
Windows 2008 R2
Windows 2012 R2
Situation
Resolution
The existing Windows Firewall configuration prevents the remote loader from receiving any password changes as captured by the PWFilter.dll on other Domain Controllers within the domain. To solve this problem, do the following:
On the Windows Server firewall, (required only on the server which hosts the Active Directory Remote Loader) add the following rules:
--- Inbound Rules ---
Name Group Profile Enabled Action Override Program Local Address Remote Address Protocol Local Port Remote Port Allowed Users Allowed Computers.
Rule 1
dirxml port 8090 IN Domain Yes Allow No Any Any Any TCP 8090 Any Any Any
Rule 2
dirxml process dirxml_remote.exe IN Domain Yes Allow No %SystemDrive%\Novell\RemoteLoader\dirxml_remote.exe Any Any Any Any Any Any Any
NOTE: The port number should be the port number specified on the Remote Loader configuration. So instead of 8090, it will be whatever you specified in the configuration.
No specific Outbound Rules are needed.
The rules can be given any name.
They rules must be assigned to at least the Domain profile.
If using the 64 bit remote loader, the path differs: %SystemDrive%\Novell\RemoteLoader\64bit\dirxml_remote.exe
The rules can be also added from the command line using the following commands, modifying the port and path as applicable:
netsh advfirewall netsh advfirewall firewall add rule name="dirxml port 8090" dir=in action=allow enable=yes profile=domain protocol=TCP localport=80
netsh advfirewall firewall add rule name="dirxml process dirxml_remote.exe" dir=in action=allow program="%SystemDrive%\Novell\RemoteLoader\dirxml_remote.exe" enable=yes profile=domain