Windows Vista may disconnect client communications that use TCP port 1723

Consider the following scenario:

You have a Windows Vista-based computer that is running Windows Firewall.
A client application tries to connect through TCP port 1723.

In this scenario, Windows Vista may disconnect communications to the client. The following are examples of such client applications:

FTP applications that connect through port 1723
P2P applications that connect through port 1723
Multifunction printers on which scanning or faxing options use port 1723 for communications

Note In this situation, no error message is displayed in Windows. However, an error is displayed on the printer.

 

CAUSE

This problem may occur when Windows Vista disconnects from a client because the client connection is determined to be invalid.

When a connection is made through TCP port 1723 in Windows Vista, Windows Firewall recognizes the connection as being established through PPTP. By default, Windows Firewall uses a stateful PPTP protocol analyzer to determine whether it can receive packets through the TCP port 1723 connection. Therefore, the stateful PPTP protocol analyzer may reject as invalid any traffic that uses a protocol other than PPTP.

 

WORKAROUND

Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk. To disable the stateful PPTP protocol analyzer, use one of the following methods.

 

Method 1: Use an elevated command prompt

1. Open an elevated command prompt. To do this, click Start, type cmd in the Start Search box, right-click cmd in the Programs list, and then click Run as administrator.

If you are prompted for an administrator password or for confirmation, type your password, or click Continue.

2. At the command prompt, type the following command to disable stateful packet filtering for outgoing PPTP traffic, and then press ENTER:

netsh advfirewall set global statefulpptp disable

3. Close the command prompt

 

Method 2: Use Group Policy

1. Open an elevated command prompt. To do this, click Start, type cmd in the Start Search box, right-click cmd in the Programs list, and then click Run as administrator.

If you are prompted for an administrator password or for confirmation, type your password, or click Continue.

2. At the command prompt, type netsh, and then press ENTER.
3. Type advfirewall, and then press ENTER.
4. Type set store=name of Group Policy object (GPO) to modify, and then press ENTER. This action sets the context to the GPO that you want to modify by using the new firewall settings.
5. Type netsh advfirewall set global statefulpptp disable, and then press ENTER to disable stateful packet filtering for outgoing PPTP traffic. This action creates a Registry.pol file in the SYSVOL shared folder on one domain controller. This policy file is then replicated to all other domain controllers during the next replication cycle.

Note For the new policy to be applied, the client computers must be restarted.


APPLIES TO
Windows Vista Business
Windows Vista Enterprise
Windows Vista Home Basic
Windows Vista Home Premium
Windows Vista Ultimate
Windows Vista Business 64-bit Edition
Windows Vista Home Basic 64-bit Edition
Windows Vista Home Premium 64-bit Edition
Windows Vista Ultimate 64-bit Edition

——————————————–

Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
Microsoft Corporation. All rights reserved. Terms of Use | Trademarks

 


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

AddThis Social Bookmark Button

Leave a Reply

*
To prove that you're not a bot, enter this code
Anti-Spam Image