Jump to content

What ports need opening on domain server?

Bad boy Warrior
 Share

Recommended Posts


Bad boy Warrior

Bad boy Warrior

Posted
  • Author
Posted

Thanks i did check google but damm i didnt find that page. I did what it said on the given link but i have problems when a user logs on. The jpeg should explain (hopefully) my settings and where ive went wrong - anyone know why or what setting i need to adjust? Also what is localsubset? how can i find out my locall subset? i think its 255.255.255.0......

Thx

post-42895-1134147815_thumb.jpg

Link to comment
Share on other sites
Bad boy Warrior

Bad boy Warrior

Posted
  • Author
Posted

Thanks. Ive added ports 135, 136, 137 and 445 for both UDP and TCP. I forgot to mention that i already had checked those two articles and have created the registry keys.

I still have the same problem where the users cant logon so ill tell you what i have setup incase it needs addidtional ports opened:

When a user logs on their profile is copied from the server onto their local drive which is mapped automatically.

The start menu is copied from the server too so only the items we have applied are shown.

I cant ping the server which i guess is due to the port being closed (if thats of any use).

Anything else i can try?

Thx again

Link to comment
Share on other sites
cluberti

cluberti

Posted
Posted (edited)

Well, I hate to keep throwing this at you piecemeal, but you also have to take into consideration that clients use RPC to do most network connections to a server - the initial connection is always made on the endpoint mapper port (135), but that port is only used as a control channel to set up the actual transfer channel on a dynamically assigned port above 1024 on both the client and server. You'll have to force this to use a specific range of TCP ports on both the clients and servers, and you'll have to allow this range in through the firewall at the server end.

If you really need a firewall on your DC's, you'll probably have to use network monitoring and watch ports on the server to see exactly what is being opened by your clients. My best suggestion, though, is to firewall external to your servers, and leave the Windows firewall disabled on your DC's (at least). Active directory is a chatty SOB, and it requires LOTS and LOTS of ports open. I seem to remember an article about limiting RPC port ranges on Exchange servers, but it should work for plain jane Windows servers as well if you do really need the firewall enabled on your DC's.

Edited by cluberti
Link to comment
Share on other sites
Bad boy Warrior

Bad boy Warrior

Posted
  • Author
Posted

Ok i gave it a go over this week and a bit to see if i could resolve this darn issue and still no luck. Is there something you can direct me to read on about knowing what ports i need open?

I tried a few tools but none of them worked. Any help in identifying what ports i need open or a program to help me or even an article to read to get the understanding of this would be helpful..

Thx

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...