09-16-2014 07:34 AM
Hi there,
User-end LV exe installer located on user PCs located anywhere over the internet I want to communicate back to my server. I want to establish multiple connections and pass data back and forth.
Question, during the installation on end user PC do I need to set OS permissions for use of a particular Port associated with the EXE?
Thanks.
09-16-2014 08:30 AM
09-16-2014 03:17 PM - edited 09-16-2014 03:24 PM
@nathand wrote:
If the end-user software acts as a client - it initiates the connection - then you probably don't need to do anything special to the operating system. You might have a firewall that prevents unknown software from opening ANY connection, in which case you'd need to allow it, but that's not the normal configuration.
Actually it is the standard setting for the Windows Firewall. An application that tries to open a TCP/UDP port for the first time (identification based on executable name AND path location of that executable) triggers normally a dialog that requires the user to explicitedly allow this application to use such a network resource. If that dialog gets dismissed without selecting to allow this the application is totally blocked from any further attempts to open those network sockets and silently fails any and all network operations as if there was no network available.
You then have to go in the Firewall configuration and enable the according protocol explicitedly to allow network operation for that app.
I have happened to end up with applications being blocked because of the according Firewall rules, without ever haven seen that initial dialog from the Windows Firewall. Not sure if this is caused by my trigger happy mouse finger tending to click away windows without noticing them or some deeper problem with the Windows firewall.
09-16-2014 03:45 PM
Good to know. I thought the firewall blocked only incoming connections. Apparently that changed since Windows XP, which didn't block outgoing connections at all, and I hadn't noticed because our corporate policy disables the firewall when connected to the company network.
09-16-2014 04:17 PM
09-16-2014 04:28 PM - edited 09-16-2014 04:34 PM
An application installer has to always be invoked with elevated rights, to be able to access the registry, and write into Program Files folder. This installer can add extra calls to add explicit firewall rules to the system and whatever else the developer of the application deems necessary. Since the installer was started with elevated privileges these options are all available.
All professional installer builders allow such settings in one way or the other to be added to the installer.
NI doesn't add such an exception for LabVIEW itself but they install also some services for support of various features and some of them need network access to do their work. For these either a rule is added or the services are installed as system service which might not need firewall exceptions.
09-16-2014 04:30 PM
The notification happens when an application first tries to open a network connection. I suspect that's what you're seeing just after installing LabVIEW - the first time you run it, it asks you whether to allow LabVIEW to establish network connections (which the Getting Started window does by default, to get updates from ni.com). An administrator can create an exception to the firewall rules through the command line: http://support.microsoft.com/kb/947709 which would allow you to do this at install time, rather than first run, if the user installing the software has admin privileges.
09-16-2014 05:04 PM
Exactly rolf the time to do it is during installation with elevated permissions.
@nathand wrote:
The notification happens when an application first tries to open a network connection. I suspect that's what you're seeing just after installing LabVIEW - the first time you run it, it asks you whether to allow LabVIEW to establish network connections (which the Getting Started window does by default, to get updates from ni.com). An administrator can create an exception to the firewall rules through the command line: http://support.microsoft.com/kb/947709 which would allow you to do this at install time, rather than first run, if the user installing the software has admin privileges.
Has anybody using LV created these Firewall exceptions??
What about VI Package Manager? I don't recall receiving a similar firewall permission dialog and the only port (I'm aware of) which is used by VIPM seems to be the same port as LV. However, VIPM must communicate over the internet. How does it work???
09-17-2014 12:15 AM
In terms of the Port to use.
Is Port 3363 the one to use? This is used by Default by LV for VI server comms according to here.
Is it correct to presume when LV RTE is installed with exe that exception for comms over Port 3363 is performed by LV.
I'm really interested if anybody can shed some light on how NI and VIPM do it and can share any tips..
Thanks.
09-17-2014 12:45 AM