After the agent installation is complete, network connectivity to the workstation or server is lost.
In Windows Server 2008 and later versions, the Windows Firewall service is an integral part of the operating system's network stack. As such, Microsoft no longer recommends stopping or disabling the service under any circumstances, and this is now an unsupported configuration. When the Windows agent is installed, it needs to make a number of changes to the Windows Firewall. To make these changes, the agent first enables the firewall service, and then disables it once the changes have been made. The problem we see is disabling the service will cause a number of network-related problems, including the following:
- The server will stop responding to ping requests.
- You will be disconnected from, and unable to connect to, the server via RDP.
- You will be unable to connect to shares on the server.
Although network operations initiated from that server will succeed for the most part, it will appear to other machines as though the server has been disconnected from the network.
Use at your own risk. These commands are provided as is, and are not supported by Ivanti. Please test thoroughly prior to use in a production environment.
Use the following commands in a batch file to properly enable and stop the Windows Firewall service, then properly disable the service again once installation in complete.
Enable, start, and turn off firewall:
sc config MpsSvc start= auto
net start MpsSvc
netsh advfirewall set domainprofile state off
netsh advfirewall set privateprofile state off
netsh advfirewall set publicprofile state off
Stop and disable Firewall:
net stop MpsSvc
sc config MpsSvc start= disabled