How to: Manually Configure the Windows Vista Firewall for Remote Debugging

  • Article

This topic applies to:

Edition

Visual Basic

C#

C++

Web Developer

Express

 Topic does not apply Topic does not apply Topic does not apply Topic does not apply

Standard

 Topic does not apply Topic does not apply Topic does not apply Topic does not apply

Pro and Team

 Topic applies Topic applies Topic applies Topic applies

Table legend:

Topic applies

Applies
Topic does not apply

Does not apply
Topic applies but command hidden by default

Command or commands hidden by default.

On Windows Vista platforms, remote debugging setup requires some additional steps to configure the Windows Firewall. These steps are performed automatically when you run the remote debugger for the first time. If manual setup is needed for any reason, follow the procedures in this section.

If the Windows Firewall is off, no firewall configuration is necessary.

If the Windows Firewall is on, some ports must be opened and permissions must be granted to Visual Studio and other executables involved in the remote debugging. The Windows Firewall must not be in Shielded mode.

Warning

Configuring the Windows Firewall to allow remote debugging could allow other users to gain remote access. You can restrict this remote access to computers on your local subnet, which will limit the security risk.

To configure the Visual Studio host computer

  1. In Control Panel,click Classic View.

  2. Double-click Security Center.

  3. In Windows Security Center, click Windows Firewall.

  4. In the Windows Firewall window, click the Allow a Program through the Firewall.

    The User Account Control dialog box appears.

    1. If the User Account Control dialog box requests your permission to continue, click Continue.

    2. If the User Account Control dialog box requests your Administrator password, type your password and click Submit.

    The Allow a Program through the Firewall dialog box appears.

    Steps 6-9 open TCP port 135 (used by DCOM to communicate with remote computers).

  5. On the Exceptions tab, click the Add a Port button.

  6. In the Add Port dialog box, do the following:

    • For Port Number, type 135.

    • For Description, type a description (such as remote debugging DCOM).

    • Select TCP.

  7. (Optional) Limiting access to computers on your local subnet enhances security. You should do this unless you have to debug outside the local subnet.

    1. Click Change Scope.

    2. In the Change Scope dialog box, select My network (subnet) only.

    3. Click OK.

  8. Click OK to close the Add a Port dialog box.

  9. If your domain policy requires network communication to be done through IPSec, do this step. Otherwise, skip it.

    • Open UDP port 4500 (used for IP security) by repeating the prior step, substituting UDP for the Protocol, and 4500 for the Port Number.

    • Open UDP port 500 (used for IP security) the same way, substituting UDP for the Protocol, and 500 for the Port Number.

    Steps 11-16 add Devenv.exe (the Microsoft Visual Studio development environment) to the SP2 application security Exception list so that it can dynamically open ports at runtime.

  10. Click Add a program.

  11. In the Add program dialog box, click the Browse button.

  12. In the Browse dialog box, navigate to where devenv.exe is located (typically SystemDrive:\Program Files\Microsoft Visual Studio 8 Common7\IDE). Select devenv.exe.

  13. Click OK to close the Browse dialog box.

  14. (Optional) Limiting access to computers on your local subnet enhances security. You should do this unless you have to debug outside the local subnet.

    1. Click Change Scope.

    2. In the Change Scope dialog box, select My network (subnet) only.

    3. Click OK.

  15. Click OK to close the Add a program dialog box.

To configure the remote computer

  1. In Control Panel, click Classic View.

  2. Double-click Security Center.

  3. In Windows Security Center, click Windows Firewall.

  4. In the Windows Firewall window, click the Allow a Program through the Firewall.

    The User Account Control dialog box appears.

    • If the User Account Control dialog box requests your permission to continue, click Continue.

    • If the User Account Control dialog box requests your Administrator password, type your password and click Submit.

    Steps 6-9 open the TCP 135 port, which is used by DCOM to communicate with remote computers.

  5. Click the Add Port button

  6. In the Add Port dialog box, do the following:

    • For Port Number, type 135.

    • For Description, type a description (such as remote debugging DCOM).

    • Select TCP.

  7. (Optional) Limiting access to computers on your local subnet enhances security. You should do this unless you have to debug outside the local subnet.

    1. Click Change Scope.

    2. In the Change Scope dialog box, select My network (subnet) only.

    3. Click OK.

  8. Click OK to close the Add Port dialog box.

  9. If your domain policy requires network communication to be done through IPSec, do this step. Otherwise, skip it.

    • Open UDP port 4500 (used for IP security) by repeating the prior step, substituting UDP for the Protocol, and 4500 for the Port Number.

    • Open UDP port 500 (used for IP security) the same way, substituting UDP for the Protocol, and 500 for the Port Number.

    Steps 11-15 open ports necessary for file and print sharing.

  10. In the Programs and Services box, select File and Print Sharing.

  11. Click the Edit button.

  12. In the Edit a Service dialog box, select the following ports: TCP 139, TCP 445, UDP 137, and UDP 138.

  13. (Optional) Limiting access to computers on your local subnet enhances security. You should do this unless you have to debug outside the local subnet.

    1. Click Change Scope.

    2. In the Change Scope dialog box, select My network (subnet) only.

    3. Click OK.

  14. Click OK to close the Edit a Service dialog box.

    Steps 16-20 add msvsmon to the SP2 Exception list. This enables it to dynamically open ports at run time.

  15. Click the Add a Program button.

  16. In the Add a Program dialog box, click the Browse button.

  17. In the Browse dialog box, navigate to where Msvsmon.exe is located, which will be one of the following directories:

    Install path \Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86

    Install path \Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64

    Install path \Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\ia64

  18. (Optional) Limiting access to computers on your local subnet enhances security. You should do this unless you have to debug outside the local subnet.

    1. Click Change Scope.

    2. In the Change Scope dialog box, select My network (subnet) only.

    3. Click OK.

  19. Click OK to close the Add a program dialog box.

  20. Click OK to close Windows Firewall.

  21. Close the Windows Security Center.

See Also

Tasks

How to: Set Up Remote Debugging