Checkpoint Secure Client : RPC Failures/Filter Rejected Issues

Checkpoint Secure Client : RPC Failures / Filter Rejected Issues

WMI/RPC calls from Windows Server 2003 SP1 / SP2 servers to client running Checkpoint Secure Client R60 (pre-HFA02) may experience unexpected shutdowns/restarts. When viewing theSecure Client firewall log you will see that RPC traffic is being dropped by rule 995, even though it may be explicitly allowed by another rule.

WMI query errors may report: Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))

This is a known issue caused by the ‘Server2003NegotiateDisableoption that is enabled by default upon installation of Windows Server 2003 SP1 or newer – http://support.microsoft.com/kb/899148. There are two potential solutions – a quick fix, and a ‘proper’ fix. I’ll cover the quick fix first.

The quick-fix

   Download and install the hotfix available from the above MS knowledgebase article – this should be installed on the server affected by this issue.

   Once installed, create a new DWORD registry key on the server, setting the value to 1: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc\Server2003NegotiateDisable

   Reboot the server, the RPC calls will now fuction as expected to devices with non-RPC compliant VPN clients.

The ‘proper’ fix

   Initally, you can perform the above. This will get RPC working with the non-RPC compliant VPN clients.

   You should then proceed to update all of the SecureClient installs to at least version R60 HFA02, when this is complete set the registry key to 0 on the server and reboot once again.

   An updated version of the client is easily obtainable form the Checkpoint Website.

   For further information from Checkpoint see the following URL: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk31818