Some people don’t like to enable the Windows Firewall on Windows Server 2008 (R2) servers, because of the (little) extra server administration or other undefinable reasons 😉 . I think a wrong decision because the Windows Firewall will give you extra protection against attacks from the LAN or such.
More and more you see that applications need the Windows Firewall enabled, like during the installation of Exchange 2010. The Windows Firewall cannot be disabled because the setup procedure wants to create firewall rules.
If you disable the Windows Firewall on for instance a Configuration Manager Primary Site server with SQL Server installed, you will never get your site in an healthy state. Configuration Manager 2012 wants to be able to check if port 1433 and 4022 are open so that Configuration Manager database on the SQL server is reachable.
When you look at the SMS_HIERARCHY_MANAGER component status you will see the following error messages.
To fix this you need to enable the Windows Firewall on the server. If you really don’t want to use the Windows Firewall, which you should not, you can always disable the Domain Profile in the Windows Firewall.
But if you ask me, just use the recommended settings and create firewall exception rules for the (in this case) TCP ports 1433 and 4022.
Why does this error occur when SQL is on the same server as SCCM? There is no need to open the ports but SCCM gripes about them not being open. The firewall is enabled.
I know this is an old article, but I have a question that’s super related to this and I’m hoping you’ll know the answer. I’ve found that there are times if a client machine has the firewall turned off it won’t check in to the SCCM server. Is this related somehow to your article? I’ve actually had to turn on the firewall, set the ports, then it will check in.