How to turn on remote debugging for Visual Studio 2005 in Windows XP with Service Pack 2

The Windows Firewall feature in Windows XP SP2 includes significant enhancements over the earlier the Internet Connection Firewall (ICF) feature. These enhancements help protect the computer from attack by malicious users or by malicious software such as viruses. By default, Windows Firewall is turned on for all network connections including connections to the Internet.

Turn on remote debugging

To turn on remote debugging in Windows XP with SP2, you must configure Windows Firewall as follows:
  • If Windows Firewall is in "shielded" mode, you must perform the appropriate actions so that Windows Firewall is no longer in "shielded" mode.
  • If Windows Firewall is on, you must open some ports. You must also grant some permissions to Microsoft Visual Studio 2005 and to other executable programs that are used in remote debugging.
  • If Windows Firewall is off, you may not have to configure a firewall.
  • Additionally, if the user who runs Microsoft Visual Studio 2005 does not have Administrator user rights on the remote computer, you must configure the DCOM settings on the computer that is running Visual Studio 2005.
To turn on remote debugging, you must have Administrator user rights on the computer that is running Visual Studio 2005. These instructions are only for Internet Protocol version 4 (IPV4) based network settings.

Configure DCOM on the computer that is running Visual Studio 2005

Note After you make changes by using the DCOM Configuration tool (Dcomcnfg.exe), you must restart the computer for the changes to take effect.
  1. At a command prompt, type dcomcnfg, and then press ENTER. Component Services opens.
  2. In Component Services, expand Component Services, expand Computers, and then expand My Computer.
  3. On the toolbar, click Configure My Computer. The My Computer dialog box appears.

    Note If you cannot click Configure My Computer, go to the "Remove and then re-install the MSDTC service" section.
  4. In the My Computer dialog box, click the COM Security tab.
  5. Under Access Permission, click Edit Limits. The Access Permission dialog box appears.
  6. Under Group or user names, click ANONYMOUS LOGON.
  7. Under Permissions for ANONYMOUS LOGON, click to select the Remote Access check box, and then click OK.

Remove and then re-install the MSDTC service

If you cannot click Configure My Computer that is described in step 3 in the "Configure DCOM on the computer that is running Visual Studio 2005" section, follow these steps.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
  1. Remove the Microsoft Distributed Transaction Service (MSDTC):
    1. Click Start, click Run, type cmd, and then click OK.
    2. At the command prompt, run the following command to stop the MSDTC service:
      Net stop msdtc
    3. At the command prompt, run the following command to remove the MSDTC service:
      Msdtc –uninstall
      The command prompt will return without a message.
  2. In Registry Editor, delete the HKEY_LOCAL_MACHINE\Software\Microsoft\MSDTC subkey.
  3. Re-install and then start the MSDTC service:
    1. At the command prompt, run the following command to re-install the MSDTC service:
      Msdtc –install
    2. At the command prompt, run the following command to start the MSDTC service:
      Net start msdtc
  4. Go to step 4 in the "Configure DCOM on the computer that is running Visual Studio 2005" section.

Configure the computer that is running Visual Studio 2005

Open Windows Firewall

To open Windows Firewall, click Start, click Run, type firewall.cpl, and then click OK.

Open TCP port 135

DCOM remote procedure call (RPC) uses Transfer Control Protocol (TCP) port 135. If the application uses DCOM to communicate with remote computers, port 135 must be open.

To open TCP port 135, follow these steps:
  1. In Windows Firewall, click Add Port on the Exceptions tab. The Add a Port dialog box appears.
  2. In the Name box, type TCP port 135.
  3. In the Port Number box, type 135.
  4. In the Protocol area, click TCP.
  5. Click Change scope to open Change Scope dialog box, click My network (subnet) only, and then click OK. (This step is optional.)
  6. In the Add a Port dialog box, click OK.

Open UDP port 4500

User Datagram Protocol (UDP) port 4500 is used for Internet Protocol security (IPsec). If your domain policy requires that all network communication be completed through IPsec, this port must be open for any network operation. If your domain policy does not require IPsec, go to the "Turn on file and print sharing" section.

To open UDP port 4500, follow these steps:
  1. In Windows Firewall, click Add Port on the Exceptions tab. The Add a Port dialog box appears.
  2. In the Name box, type UDP port 4500.
  3. In the Port Number box, type 4500.
  4. In the Protocol area, click UDP.
  5. Click Change scope. The Change Scope dialog box appears. Click My network (subnet) only, and then click OK. (This step is optional.)
  6. In the Add a Port dialog box, click OK.

Open UDP port 500

UDP port 500 is used for IPsec. If your domain policy requires that all network communication be completed through IPsec, this port must be open for any network operation. If your domain policy does not require IPsec, go to the "Turn on file and print sharing" section.

To open UDP port 500, follow these steps:
  1. In Windows Firewall, click Add Port on the Exceptions tab. The Add a Port dialog box appears.
  2. In the Name box, type UDP port 500.
  3. In the Port Number box, type 500.
  4. In the Protocol area, click UDP.
  5. Click Change scope. The Change Scope dialog box appears. Click My network (subnet) only, and then click OK. (This step is optional.)
  6. In the Add a Port dialog box, click OK.

Turn on file and print sharing

  1. In the Programs and Services area of the Exceptions tab, click File and Print Sharing, and then click Edit. The Edit a Service dialog box appears.
  2. In the Edit a Service dialog box, click to select the following check boxes:
    • TCP 139
    • TCP 445
    • UDP 137
    • UDP 138
  3. Click Change scope. The Change Scope dialog box appears. Click My network (subnet) only, and then click OK. (This step is optional.)
  4. In the Change Scope dialog box, click OK to save your settings.
  5. Click OK to close the Edit a Service dialog box.

Add Devenv.exe to the application exceptions list

To enable applications that cannot run correctly unless the required ports are opened dynamically at runtime, you must add the applications to the application exceptions list.

To add the Visual Studio 2005 Development Environment (Devenv.exe) to the application exceptions list, follow these steps:
  1. In Windows Firewall, click Add Program on the Exceptions tab. The Add a Program dialog box appears.
  2. In the Add a Program dialog box, click Browse. Locate Devenv.exe, and then click OK.

    Note The Devenv.exe file is typically located in the following folder:
    C:\Program Files\Microsoft Visual Studio 8\Common7\IDE
    Microsoft Visual Studio 2005 appears in the Add a Program dialog box.
  3. Click Change scope. The Change Scope dialog box appears. Click My network (subnet) only, and then click OK. (This step is optional.)
  4. In the Add a Program dialog box, click OK.
  5. In Windows Firewall, click OK to save your settings.

Configure the remote computer

All the ports that you have opened on the debugger computer must also be open on the remote computer. To open the TCP 135 port, the UDP 4500 port, and the UDP 500 port, and to turn on file and print sharing, follow the steps in the "" section.

You must also add the Msvsmon.exe file to the application exceptions list.

Add MSVSMon.exe to the application exceptions list

  1. In Windows Firewall, click Add Program on the Exceptions tab. The Add a Program dialog box appears.
  2. In the Add a Program dialog box, click Browse. Locate Msvsmon.exe, and then click OK.

    Note Depending on the computer architecture, the Msvsmon.exe file may be located in any one of the following folders:
    • Drive:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86
    • Drive:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64
    • Drive:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\ia64
    Visual Studio 2005 Remote Debugger appears in the Add a Program dialog box.
  3. Click Change scope. The Change Scope dialog box appears. Click My network (subnet) only, and then click OK. (This step is optional.)
  4. In the Add a Program dialog box, click OK.
  5. In Windows Firewall, click OK to save your settings.

Enable Web server debugging

HTTP uses TCP port 80. To do Web-based debugging, you must open TCP port 80. This is true for Microsoft ASP.NET debugging, for classic ASP debugging, and for ATL Server debugging.

To open TCP port 80, follow these steps:
  1. In Windows Firewall, click Add Port on the Exceptions tab. The Add a Port dialog box appears.
  2. In the Name box, type TCP port 80.
  3. In the Port Number box, type 80.
  4. In the Protocol area, click TCP.
  5. Click Change scope. The Change Scope dialog box appears. Click My network (subnet) only, and then click OK. (This step is optional.)
  6. In the Add a Port dialog box, click OK.
  7. In Windows Firewall, click OK to save your settings.

Enable script debugging

To debug script code that runs on a remote computer, you must add the process that hosts the script code to the application exceptions list. Typically, in classic ASP debugging, the Dllhost.exe process or the Inetinfo.exe process hosts the script code. However, for a script that runs in Microsoft Internet Explorer, the Iexplore.exe process or in the Explorer.exe process generally hosts the script code.

To add the process that hosts the script code to the application exceptions list, follow these steps:
  1. Click Start, click Run, type firewall.cpl, and then click OK.
  2. In Windows Firewall, click Add Program on the Exceptions tab. The Add a Program dialog box appears.
  3. In the Add a Program dialog box, click Browse. Locate the process that hosts the script code, and then click OK. The application of the process that hosts the script code appears in the Add a Program dialog box.

    For example, if you locate the iexplore.exe process in this step, Internet Explorer appears in the Add a Program dialog box.
  4. In the Scope area, click My network (subnet) only. (This step is optional.)
  5. In the Add a Program dialog box, click OK.
  6. In Windows Firewall, click OK to save your settings.

Run the debugger as a typical user

If you want to run the debugger as a typical user, you must have full user rights to the folder where the executable files are located. Additionally, if you do not have Administrator user rights on the remote computer, you must have access permissions and start permissions to run the debugger as a typical user.

Note A typical user is a user who does not have Administrator user rights.

Note After you make changes by using the DCOM Configuration tool (Dcomcnfg.exe), you must restart the computer for the changes to take effect.

To grant access permissions and start permissions, you must have Administrator user rights. First, obtain Administrator user rights. Then, follow these steps:
  1. At a command prompt, type dcomcnfg, and then press ENTER. Component Services opens.
  2. In Component Services, expand Component Services, expand Computers, and then expand My Computer.
  3. On the toolbar, click Configure My Computer. The My Computer dialog box appears.

    Note If you cannot click Configure My Computer, go to the "Remove and then re-install the MSDTC service" section.
  4. In the My Computer dialog box, click the COM Security tab.
  5. Under Launch and Activate Permissions, click Edit Limits.
  6. If your group or user name does not appear in the Groups or user names list in the Launch Permission dialog box, follow these steps:
    1. In the Launch Permission dialog box, click Add.
    2. In the Select Users or Groups dialog box, enter your user name and your group in the Enter the object names to select box, and then click OK.
  7. In the Launch Permission dialog box, select your user name and your group in the Group or user names box.
  8. In the Allow column under Permissions for User, select Remote Activation, and then click OK.

    Note User is a placeholder for the user name or the group that is selected in the Group or user names box. Repeat steps 7 and 8 for all the users and groups for which you want to grant permissions.

Remove and then re-install the MSDTC service

If you cannot click Configure My Computer that is described in step 3 in the "Run the debugger as a typical user" section, follow these steps.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
  1. Remove the MSDTC service:
    1. Click Start, click Run, type cmd, and then click OK.
    2. At the command prompt, run the following command to stop the MSDTC service:
      Net stop msdtc
    3. At the command prompt, run the following command to remove the MSDTC service:
      Msdtc –uninstall
      The command prompt will return without a message.
  2. In Registry Editor, delete the HKEY_LOCAL_MACHINE\Software\Microsoft\MSDTC subkey.
  3. Re-install and then start the MSDTC service:
    1. At the command prompt, run the following command to re-install the MSDTC service:
      Msdtc –install
    2. At the command prompt, run the following command to start the MSDTC service:
      Net start msdtc
  4. Go to step 4 in the "Run the debugger as a typical user" section.

MORE INFORMATION

For more information about Windows Firewall, click the following article number to view the article in the Microsoft Knowledge Base:
843090 (http://support.microsoft.com/kb/843090/ ) Description of the Windows Firewall feature in Windows XP Service Pack 2
For more information about Windows XP SP2, visit the following Microsoft Developer Network (MSDN) Web site:
http://msdn2.microsoft.com/en-us/security/aa570371.aspx (http://msdn2.microsoft.com/en-us/security/aa570371.aspx)
For more information about remote debugging, click the following article number to view the article in the Microsoft Knowledge Base:
833977 (http://support.microsoft.com/kb/833977/ ) How to turn on remote debugging in Windows XP with Service Pack 2

0 Responses to "How to turn on remote debugging for Visual Studio 2005 in Windows XP with Service Pack 2"