Configuring a Windows Firewall for Integration Services Access
The Windows Firewall system helps prevent unauthorized access to computer resources over a network connection. To access Integration Services through this firewall, you have to configure the firewall to enable access. The Integration Services service uses the DCOM protocol. For more information about how the DCOM protocol works through firewalls, see the MSDN Library.
There are many firewall systems available. If you are running a firewall other than Windows Firewall, see your firewall documentation for information that is specific to the system you are using.
If the firewall supports application-level filtering, you can use the user interface that Windows provides to specify the exceptions that are allowed through the firewall, such as programs and services. Otherwise, you have to configure DCOM to use a limited set of TCP ports. The Microsoft Web site link previously provided includes information about how to specify the TCP ports to use.
The Integration Services service uses port 135, and the port cannot be changed. You have to open TCP port 135 for access to the service control manager (SCM). SCM performs tasks such as starting and stopping Integration Services services and transmitting control requests to the running service.
The information in the following section is specific to Windows Firewall. You can configure the Windows Firewall system by running a command at the command prompt, or by setting properties in the Windows Firewall dialog box.
You can use the following commands to open TCP port 135, add MsDtsSrvr.exe to the exception list, and specify the scope of unblocking for the firewall.
Run the command:
netsh firewall add portopening protocol=TCP port=135 name="RPC (TCP/135)" mode=ENABLE scope=SUBNET
Run the command:
netsh firewall add allowedprogram program="%ProgramFiles%\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" name="SSIS Service" scope=SUBNET
Note: To open the firewall for all computers, and also for computers on the Internet, replace scope=SUBNET with scope=ALL.
The following procedure describes how to use the Windows user interface to open TCP port 135, add MsDtsSrvr.exe to the exception list, and specify the scope of unblocking for the firewall.