How to turn on remote debugging in Windows XP with Service Pack 2 (833977)
The information in this article applies to:
- Microsoft Visual Studio 2005 Standard Edition
- Microsoft Visual Studio 2005 Professional Edition
- Microsoft Visual Studio .NET (2003), Professional Edition
- Microsoft Visual Studio .NET (2003), Enterprise Architect Edition
- Microsoft Visual Studio .NET (2003), Enterprise Developer Edition
- Microsoft Visual Studio .NET (2003), Academic Edition
- Microsoft Visual Studio .NET (2002), Professional Edition
- Microsoft Visual Studio .NET (2002), Enterprise Architect Edition
- Microsoft Visual Studio .NET (2002), Enterprise Developer Edition
- Microsoft Visual Studio .NET (2002), Academic Edition
- Microsoft Windows XP Professional
Microsoft now provides a tool that will do most of the
required firewall configuration for you.
For more
information, click the following article number to view the article in the
Microsoft Knowledge Base: 841177
Description of the DebuggerFirewall utility that makes the Visual Studio Remote Debugger work through the Windows XP Service Pack 2 firewall
Important This article contains information about how to modify the
registry. Make sure to back up the registry before you modify it. Make sure
that you know how to restore the registry if a problem occurs. For more
information about how to back up, restore, and modify the registry, click the
following article number to view the article in the Microsoft Knowledge Base: 256986 Description of the Microsoft Windows registry SUMMARYThe Windows
Firewall feature in Windows XP Service Pack 2 (SP2) includes significant
enhancements to help protect your computer from attack by malicious users or by
malicious software such as viruses. Windows Firewall replaces the Internet
Connection Firewall (ICF) feature that is included in earlier versions of
Windows XP. By default, Windows Firewall is turned on for all network
connections, including connections to the Internet. For additional information
about Windows Firewall, click the following article number to view the article
in the Microsoft Knowledge Base: 843090 Description of the Windows Firewall feature in Windows XP Service Pack 2 (SP2) This step-by-step article describes how to turn on
remote debugging when you are using Microsoft Windows Firewall in Microsoft
Windows XP with SP2. Turn on remote
debuggingTo turn on remote debugging in Windows XP with SP2, Windows
Firewall must be configured as follows:
- If Windows Firewall is in "shielded" mode, you must
perform the appropriate actions so that Windows Firewall is no longer in
"shielded" mode.
- If Windows Firewall is on, some ports must be opened and
permissions must be granted to Microsoft Visual Studio 2005 or to Microsoft
Visual Studio .NET and to other executable programs that are used in remote
debugging.
- If Windows Firewall is off, you may not have to configure a
firewall.
- Additionally, if the user who runs Visual Studio 2005 or
Visual Studio .NET is not a system administrator on the remote computer, you
must configure the DCOM settings.
To follow the step-by-step instructions to turn on remote
debugging, the current user must have system administrative credentials. These
instructions are only for Internet Protocol version 4 (IPV4) based network
settings. Configure DCOM on the computer that is running Visual Studio 2005 or Visual Studio .NETNote After you make changes by using the Distributed Component Object
Model Configuration utility (Dcomcnfg.exe), you must restart your computer for
the changes to take effect.
- At a command prompt, type dcomcnfg,
and then press ENTER. Component Services opens.
- In Component Services, expand Component
Services, expand Computers, and then expand
My Computer.
- On the toolbar, click the Configure My
Computer button. The My Computer dialog box
appears.
- In the My Computer dialog box, click the
COM Security tab.
- Under Access Permission, click
Edit Limits. The Access Permission dialog box
appears.
- Under Group or user names, click
ANONYMOUS LOGON.
- Under Permissions for ANONYMOUS LOGON,
select the Remote Access check box, and then click
OK.
Note If you cannot click the Configure My Computer
button that is described in step 3, follow these steps: Warning Serious problems might occur if you modify the registry
incorrectly by using Registry Editor or by using another method. These problems
might require that you reinstall your operating system. Microsoft cannot
guarantee that these problems can be solved. Modify the registry at your own
risk. - At a command prompt, type net stop
msdtc, and then press ENTER.
- Remove the Microsoft Distributed Transaction Service
(MSDTC). To do this, follow these steps:
- Click Start, click Run, type cmd, and then click
OK.
- At the command prompt, type the following command to
stop the MSDTC service:
- At the command prompt, type the following command to
remove MSDTC: The command prompt will return without a message.
- In Registry Editor, delete the
\HKEY_LOCAL_MACHINE\Software\Microsoft\MSDTC
subkey.
- Install the MSDTC service. To do this, follow these steps:
- At the command prompt, type the following command to
install MSDTC:
- At the command prompt, type the following command to
start the MSDTC service:
Configure the computer that is running Visual Studio 2005 or Visual Studio .NETOpen Windows FirewallTo do this, click Start, click
Run, type firewall.cpl, and then click
OK. Open TCP port 135DCOM Remote Procedure Call (RPC) uses Transfer Control Protocol
(TCP) port 135. If the program uses DCOM to communicate with remote computers,
this port must be opened. To open TCP port 135, follow these steps:
- On the Exceptions tab, click Add
port, and then click TCP.
- In the Port number box, type
135.
- In the Name box, type Remote
Procedure Call (RPC).
- Click Change scope, click My
network (subnet) only, and then click OK. This step
is optional.
- If you have no other port exceptions to add, click
OK two times to close the Windows Firewall
dialog box.
Open UDP port 4500User Datagram Protocol (UDP) port 4500 is used for Internet
Protocol security (IPSec). If your domain policy requires that all network
communication be completed through IPSec, this port must be opened for any
network operation. If your domain policy does not require IPSec, go to the
" Open UDP port 500" section.
To open UDP port 4500, follow these steps:
- On the Exceptions tab, click Add
port, and then click TCP.
- In the Port number box, type
4500.
- In the Name box, type User
Datagram Protocol (UDP).
- Click Change scope, click My
network (subnet) only, and then click OK. (This step
is optional.)
- If you have no other port exceptions to add, click
OK two times to close the Windows Firewall
dialog box.
Open UDP port 500UDP port 500 is used for IPSec. If your domain policy requires
that all network communication be completed through IPSec, this port must be
opened for any network operation. If your domain policy does not require IPSec,
go to step 5. To open UDP port 500, follow these steps:
- On the Exceptions tab, click Add
port, and then click TCP.
- In the Port number box, type
500.
- In the Name box, type
IPSec.
- Click Change scope, click My
network (subnet) only, and then click OK. (This step
is optional.)
- Click OK two times to close the
Windows Firewall dialog box.
Turn on file and print sharing- In the Programs and Services area of the
Exceptions tab, click File and Print Sharing,
and then click Edit.
- In the Exceptions dialog box, select the
following check boxes:
- TCP 139
- TCP 445
- UDP 137
- UDP 138
- Click Local Subnet Only for all the ports
that are mentioned in step 2. (This step is optional.)
- Click OK.
Add Devenv.exe to the application exceptions listTo enable applications that require ports to be opened dynamically
at runtime to work correctly, you must add the applications to the application
exceptions list. To add the Visual Studio 2005 or Visual Studio .NET
Development Environment (Devenv.exe) to the application exceptions list, follow
these steps:
- On the Exceptions tab, click Add
Program. The Add a Program
dialog box appears.
- Click
Browse, locate Devenv.exe, and then click OK.
Note Devenv.exe is located in the following folder:
- For Visual Studio 2005:
Drive:\Program Files\Microsoft Visual Studio
8\Common7\IDE
- For Visual Studio .NET 2003:
Drive:\Program Files\Microsoft Visual Studio .NET
(2003)\Common7\IDE
- Click
Change scope, click to select My network (subnet)
only, and then click OK. (This step is optional.)
- In
the
Add
a Program
dialog box,
click OK.
- In Windows Firewall, click OK to save your
settings.
Configure the remote computerAll the ports that were opened on the debugger computer must also
be opened on the remote computer. To open the ports TCP 135, UDP 4500, and UDP
500, and to turn on file and print sharing, follow the steps in the " Configure the computer that is running Visual Studio 2005
or Visual Studio .NET" section. You must also add the
following executable (.exe) files to the application exceptions list:
- Mdm.exe
- Vs7Jit.exe
- Msvcmon.exe
These executable files are components that Visual Studio .NET
uses for remote debugging. To include these components in the list of
applications that can open DCOM ports dynamically at runtime, follow these
steps. Open Windows Firewall- Click Start, click Run,
type firewall.cpl, and then click
OK.
- Click the Exceptions tab.
Add Mdm.exe to the application exceptions list- On the Exceptions tab, click Add
Program. The Add
a Program dialog box appears.
- In the Add
a Program dialog box, click
Browse.
- Locate Mdm.exe, and then click
OK.
Note Mdm.exe is located in the
Drive:\Program Files\Common Files\Microsoft
Shared\VS7Debug folder. - Click Change scope, click to select
My network (subnet) only, and then click OK.
(This step is optional.)
- In the
Add a Program
dialog box, click OK.
- In Windows Firewall, click OK to save your
settings.
Add Vs7jit.exe to the application exceptions list- Determine the short file path of Vs7jit.exe. To do this,
follow these steps:
- At a command prompt, type the following command, and
then press ENTER:
for %d in
("%CommonProgramFiles%\Microsoft Shared\VS7Debug\vs7jit.exe" ) do @echo %~sd - Save the output from this command that looks similar
to the following:
C:\PROGRA~1\COMMON~1\MICROS~1\VS7Debug\vs7jit.exe
- On the Exceptions tab, click Add
Program. The Add
a Program dialog box appears.
- In the Add
a Program dialog box, click Browse.
- In the Filename box, type the path of
Vs7jit.exe that you saved in step 1b.
- Click Change scope, click to select
My network (subnet) only, and then click OK.
(This step is optional.)
- In the Add a Program dialog box, click
OK.
- In Windows Firewall, click OK to save your
settings.
Add MSVCMon.exe to the application exceptions list- On the Exceptions tab, click Add
Program. The Add
a Program dialog box appears.
- In the Add
a Program dialog box, click
Browse.
- Locate Msvcmon.exe, and then click
OK.
Note Msvcmon.exe is located in the
Drive:\Program Files\Common Files\Microsoft
Shared\VS7Debug folder. - Click Change scope, click to select
My network (subnet) only, and then click OK.
(This step is optional.)
- In the Add a Program dialog box, click
OK.
- In Windows Firewall, click OK to save your
settings.
Enable Web server debuggingHTTP uses TCP port 80. To do Web-based debugging, you must open
TCP port 80. This is true for Microsoft ASP.NET debugging, for classic ASP
debugging, and for ATL Server debugging. To open TCP port 80, follow
these steps: - Click Start, click Run,
type firewall.cpl, and then click
OK.
- On the Exceptions tab, click Add
Port, and then click TCP.
- In the Port number box, type
80.
- In the Name box, type HTTP.
- Click Change scope, click My
network (subnet) only, and then click OK. (This step
is optional.)
- Click OK two times to close the
Windows Firewall dialog box.
Enable script debuggingTo debug script code that runs on a remote computer, you must add
the process that hosts the script code to the application exceptions list.
Typically, in classic ASP debugging, script code is loaded in the Dllhost.exe
process or in the Inetinfo.exe process. However, for a script that runs in
Microsoft Internet Explorer, script code is generally loaded in the
Iexplore.exe process or in the Explorer.exe process. To add the
process that hosts the script code to the application exceptions list, follow
these steps:
- Click Start, click Run,
type firewall.cpl, and then click
OK.
- In Windows Firewall, click the Exceptions
tab.
- On the Exceptions tab, click Add
Program. The Add
a Program dialog box appears.
- In the Add
a Program dialog box, click
Browse.
- Locate the process that hosts the script code, and then
click OK.
- Click Change scope, click to select
My network (subnet) only, and then click OK.
(This step is optional.)
- In the Add
a Program dialog box, click
OK.
- In Windows Firewall, click OK to save your
settings.
Run the debugger as a typical userIf you want to run the debugger as a typical user, you must have
full user rights to the folder where the executables are located. Additionally,
if you do not have Administrator user rights on the remote computer, you must
have access permissions and launch permissions to run the debugger as a typical
user. Note A typical user is a user who does not have Administrator user
rights. Note After you make changes by using the Distributed Component Object
Model Configuration utility (Dcomcnfg.exe), you must restart your computer for
the changes to take effect. To grant access permissions and launch
permissions, you must have Administrator user rights. First, obtain
Administrator user rights. Then, follow these steps:
- At a command prompt, type dcomcnfg,
and then press ENTER. Component Services opens.
- In Component Services, expand Component
Services, expand Computers, and then expand
My Computer.
- On the toolbar, click the Configure My
Computer button. The My Computer dialog box
appears.
- In the My Computer dialog box, click the
COM Security tab.
- Under Launch and Activate Permissions,
click Edit Limits.
- If your group or user name does not appear in the
Groups or user names list in the Launch
Permission dialog box, follow these steps:
- In the Launch Permission dialog box,
click Add.
- In the Select Users, Computers, or
Groups dialog box, add your user name and your group in the
Enter the object names to select box, and then click
OK.
- In the Launch Permission dialog box,
select your user name and your group in the Group or user
names box.
- In the Allow column under
Permissions for User, select
Remote Activation, and then click
OK.
Note User is the user name or the group that
is selected in the Group or user names box. Repeat steps 7 and
8 for all your users and for all your groups. Note If you cannot click the Configure My Computer
button that is described in step 3, follow these steps. Warning Serious problems might occur if you modify the registry
incorrectly by using Registry Editor or by using another method. These problems
might require that you reinstall your operating system. Microsoft cannot
guarantee that these problems can be solved. Modify the registry at your own
risk. - At a command prompt, type net stop
msdtc, and then press ENTER.
- Remove the Microsoft Distributed Transaction Service
(MSDTC).
- In Registry Editor, delete the
\HKEY_LOCAL_MACHINE\Software\Microsoft\MSDTC
subkey.
- Install the MSDTC service.
- At the command prompt, type net start
msdtc, and then press ENTER.
REFERENCESFor more information about Windows XP SP2, visit the
following Microsoft Developer Network (MSDN) Web site:
Modification Type: | Major | Last Reviewed: | 4/13/2006 |
---|
Keywords: | kbvs2005applies kbvs2005swept kbDebug kbHOWTOmaster KB833977 kbAudDeveloper kbAudEndUser |
---|
|
|
©2004 Microsoft Corporation. All rights reserved.
|
|