Search results for 'app:weblogs' matching tags 'dcpromo' and 'NTFRS Errors'http://msmvps.com/search/SearchResults.aspx?q=app:weblogs&tag=dcpromo,NTFRS+Errors&orTags=0&o=DateDescendingSearch results for 'app:weblogs' matching tags 'dcpromo' and 'NTFRS Errors'en-USCommunityServer 2008.5 SP2 (Build: 40407.4157)Active Directory Firewall Ports - Let's Try To Make This Simplehttp://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspxTue, 01 Nov 2011 05:00:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1801962acefekay<p>Ace Fekay, MCT, MVP, MCITP EA, MCTS Windows 2008, Exchange 2007 &amp; Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE 2003/2000, MCSA Messaging 2003<br />Microsoft Certified Trainer<br />Microsoft MVP: Directory Services</p> <p><strong><em>Original Publication Date: 11/1/2011<br />Port Matrix Table Resized to fit in browser - 12/7/2011</em></strong></p> <p><strong><em></em></strong></p> <p><strong><em></em></strong></p> <p><strong><em></em></strong></p> <h2></h2> <h2>RPC server not available?<br />Replication errors in the Event viewer?</h2> <h4>Sound familiar?</h4> <p>If so, you&#39;ve been succumbed to the fact and realization there are possibly necessary ports being blocked causing these errors. Whether between locations with firewall/VPN tunnel port blocks, Windows Firewall (which is usually not the culprit), or even security software or antivirus apps with some sort of &quot;network traffic protection&quot; feature enabled that is causing the problems. </p> <p>Simply speaking, if there are replication or other AD communication problems, and you have an antivirus software installed on the endpoints or installed on all of&nbsp; your DCs, disable it, or better yet, uninstall it. Uninstalling it is the best bet, so you know tehre are no traces of other subcomponents that are active that may still be causing the block. If after uninstalling it, and you find replication now works, well there you have it. At that point, you&#39;ll need to contact your antivirus vendor to ask them the best way to configure it to allow AD communications and replication.</p> <p>If it&#39;s not your antivirus or security app, and disabling the Windows firewall doesn&#39;t do the trick, then it&#39;s obvious it&#39;s an outside factor - your firewalls.</p> <p>Also to point out, when testing for port blocks, tools such as telnet is not a good tool to test AD/DC to DC connectivity, nor is any sort of standard port scan, such as using nmap, or a simple ping, resolving with nslookup (although resolving required records is a pre-requisite), or other tools. The only reliable test is using Microsoft&#39;s PortQry, which tests specific AD ports and the ephemeral ports, and the required responses from the services on the required AD ports it specifically scans for.</p> <h2><br /><br />Let&#39;s find out if the ports are being blocked</h2> <p>Now you&#39;re thinking that your network infrastructure engineers know what they&#39;re doing and opened up the necessary ports, so you&#39;re thinking, this can&#39;t be the reason? or is it? Well, let&#39;s find out. We can use PortQry to test it. And no, you don&#39;t want to use ping, nslookup, nmap or any other port scanner, because they&#39;re not designed to query the necessary AD ports to see if they are responding or not. </p> <p><strong><em>So let&#39;s run PortQry</em></strong>. If you get a &quot;FILTERED&quot; or &quot;NOT LISTENING&quot; in the results, well, that simply says the port is blocked. Download it and run it from each DC to other DCs in question, or from the bridgeheads in each site to the other bridgehead in the other site.</p> <p><br />Knock Knock Is That Port Open?<br />By Mark Morowczynski [MSFT] 18 Apr 2011 3:22 PM<br />Quick tutorial about PortQry GUI version.<br /><a href="http://blogs.technet.com/b/markmoro/archive/2011/04/18/knock-knock-is-that-port-open.aspx">http://blogs.technet.com/b/markmoro/archive/2011/04/18/knock-knock-is-that-port-open.aspx</a> </p> <p>PortQryUI - User Interface for the PortQry Command Line Port Scanner (GUI version)<br /><a href="http://www.microsoft.com/download/en/details.aspx?id=24009">http://www.microsoft.com/download/en/details.aspx?id=24009</a> </p> <p>Download details: PortQry Command Line Port Scanner Version 2.0&nbsp;&nbsp; <br /><a href="http://www.microsoft.com/downloads/en/details.aspx?familyid=89811747-c74b-4638-a2d5-ac828bdc6983&amp;displaylang=en">http://www.microsoft.com/downloads/en/details.aspx?familyid=89811747-c74b-4638-a2d5-ac828bdc6983&amp;displaylang=en</a> </p> <p>How to use Portqry to troubleshoot Active Directory connectivity issues<br /><a href="http://support.microsoft.com/kb/816103">http://support.microsoft.com/kb/816103</a> </p> <p>Understanding portqry and the command&#39;s output: New features and functionality in PortQry version 2.0 <br /><a href="http://support.microsoft.com/kb/832919">http://support.microsoft.com/kb/832919</a> </p> <p>Description of the Portqry.exe command-line utility<br /><a href="http://support.microsoft.com/kb/310099">http://support.microsoft.com/kb/310099</a> </p> <p>Portqry Remarks <br /><a href="http://technet.microsoft.com/en-us/library/cc759580(WS.10).aspx">http://technet.microsoft.com/en-us/library/cc759580(WS.10).aspx</a> </p> <p>&quot;At times you may see errors such as The RPC server is unavailable or There are no more endpoints available from the endpoint mapper ...&quot;<br /><a href="http://blogs.technet.com/b/askds/archive/2009/01/22/using-portqry-for-troubleshooting.aspx">http://blogs.technet.com/b/askds/archive/2009/01/22/using-portqry-for-troubleshooting.aspx</a> </p> <p>&nbsp;</p> <h2><br />Numerous ports must be opened.</h2> <p>That&#39;s the simplest I can put it. However, the list of ports required is long, to the dismay of network infrastructure engineering teams that must bequest ports to allow AD to communicate, replicate, etc, these ports must be opened. There really isn&#39;t much that can be done otherwise.</p> <h3>Here&#39;s the list:</h3> <p>&nbsp;</p> <p> <table width="536" cellpadding="0" cellspacing="0" border="0" style="width:403pt;border-collapse:collapse;"> <colgroup><col width="161" style="width:121pt;mso-width-source:userset;mso-width-alt:5888;"></col><col width="194" style="width:146pt;mso-width-source:userset;mso-width-alt:7094;"></col><col width="181" style="width:136pt;mso-width-source:userset;mso-width-alt:6619;"></col></colgroup> <tbody> <tr style="height:16.5pt;"> <td width="161" height="22" class="xl68" style="background-color:transparent;width:121pt;height:16.5pt;border:windowtext 1pt solid;"><strong><span style="font-size:small;"><span style="font-family:Calibri;">Protocol and Port<span style="mso-spacerun:yes;">&nbsp;&nbsp;</span></span></span></strong></td> <td width="194" class="xl69" style="border-bottom:windowtext 1pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext 1pt solid;border-right:windowtext 1pt solid;"><strong><span style="font-size:small;"><span style="font-family:Calibri;">AD and AD DS Usage<span style="mso-spacerun:yes;">&nbsp;&nbsp;</span></span></span></strong></td> <td width="181" class="xl72" style="border-bottom:windowtext 1pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext 1pt solid;border-right:windowtext 1pt solid;"><strong><span style="font-size:small;"><span style="font-family:Calibri;">Type of traffic<span style="mso-spacerun:yes;">&nbsp;&nbsp;</span></span></span></strong></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl90" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:#f0f0f0;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP 25</span></td> <td width="194" class="xl92" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:#f0f0f0;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">Replication</span></td> <td width="181" class="xl73" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:#f0f0f0;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">SMTP</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:45pt;"> <td height="60" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:45pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP 42</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">If using WINS in a domain trust scenario offering NetBIOS resolution</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">WINS</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="mso-spacerun:yes;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP 135</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">Replication</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">RPC, EPM</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP 137</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">NetBIOS Name resolution</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">NetBIOS Name resolution</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:30pt;"> <td height="40" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:30pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP 139</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">User and Computer Authentication, Replication</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">DFSN, NetBIOS Session Service, NetLogon</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:60pt;"> <td height="80" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:60pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP and UDP 389</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">Directory, Replication, User and Computer Authentication, Group Policy, Trusts</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">LDAP</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="mso-spacerun:yes;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:60pt;"> <td height="80" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:60pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP 636</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">Directory, Replication, User and Computer Authentication, Group Policy, Trusts</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">LDAP SSL</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="mso-spacerun:yes;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:60pt;"> <td height="80" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:60pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP 3268</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">Directory, Replication, User and Computer Authentication, Group Policy, Trusts</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">LDAP GC</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="mso-spacerun:yes;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:60pt;"> <td height="80" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:60pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP 3269</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">Directory, Replication, User and Computer Authentication, Group Policy, Trusts</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">LDAP GC SSL</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="mso-spacerun:yes;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:45pt;"> <td height="60" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:45pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP and UDP 88</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">User and Computer Authentication, Forest Level Trusts</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">Kerberos</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="mso-spacerun:yes;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:45pt;"> <td height="60" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:45pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP and UDP 53</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">User and Computer Authentication, Name Resolution, Trusts</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">DNS</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="mso-spacerun:yes;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:49.5pt;mso-height-source:userset;"> <td height="66" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:49.5pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP and UDP 445</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">Replication, User and Computer Authentication, Group Policy, Trusts</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">SMB, CIFS, SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP 9389</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">AD DS Web Services</span></td> <td width="181" class="xl75" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">SOAP</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP 5722</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">File Replication</span></td> <td width="181" class="xl75" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">RPC, DFSR (SYSVOL)</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:45pt;"> <td height="60" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:45pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP and UDP 464</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">Replication, User and Computer Authentication, Trusts</span></td> <td width="181" class="xl75" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">Kerberos change/set password</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="mso-spacerun:yes;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">UDP 123</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">Windows Time, Trusts</span></td> <td width="181" class="xl75" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">Windows Time</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="mso-spacerun:yes;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:30pt;"> <td height="40" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:30pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-size:small;"><span style="font-family:Calibri;">UDP 137<span style="mso-spacerun:yes;">&nbsp;</span></span></span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">User and Computer Authentication</span></td> <td width="181" class="xl75" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">NetLogon, NetBIOS Name Resolution</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="mso-spacerun:yes;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:30pt;"> <td height="40" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:30pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">UDP 138</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">DFS, Group Policy, NetBIOS Netlogon, Browsing</span></td> <td width="181" class="xl75" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">DFSN, NetLogon, NetBIOS Datagram Service</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="mso-spacerun:yes;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:75.75pt;mso-height-source:userset;"> <td height="101" class="xl91" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:75.75pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">UDP 67 and UDP 2535</span></td> <td width="194" class="xl93" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">DHCP (Note: DHCP is not a core AD DS service but these ports may be necessary for other functions besides DHCP, such as WDS)</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">DHCP, MADCAP, PXE</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl67" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="194" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:15.75pt;"> <td height="21" class="xl81" style="border-bottom:#f0f0f0;border-left:windowtext 1pt solid;background-color:transparent;height:15.75pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><strong><em><span style="font-family:Calibri;font-size:small;">Ephemeral Ports:</span></em></strong></td> <td width="194" class="xl82" style="border-bottom:#f0f0f0;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl83" style="border-bottom:#f0f0f0;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:154.5pt;mso-height-source:userset;"> <td colspan="3" width="536" height="206" class="xl85" style="border-bottom:windowtext 1pt solid;border-left:windowtext 1pt solid;background-color:transparent;width:403pt;height:154.5pt;border-top:windowtext 1pt solid;border-right:black 1pt solid;"><strong><em><span style="font-family:Calibri;font-size:small;">And most of all, the Ephemeral ports, or also known as the &quot;service response ports,&quot; that are required for communications. These ports are dynamically created for session responses for each client that establishes a session, (no matter what the &#39;client&#39; may be), and not only to Windows, but to Linux and Unix as well. See below in the references section to find out more on what &#39;ephemeral&#39; means.are used only for that session. Once the session has dissolved, the ports are put back into the pool for reuse. This applies not only to Windows, but to Linux and Unix as well. See below in the references section to find out more on what &#39;ephemeral&#39; means.</span></em></strong></td> </tr> <tr style="height:30pt;"> <td width="161" height="40" class="xl94" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;width:121pt;height:30pt;border-top:#f0f0f0;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP &amp; UDP 1025-5000</span></td> <td width="194" class="xl88" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:#f0f0f0;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">Window 2003/XP and older</span></td> <td width="181" class="xl84" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:#f0f0f0;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">Ephemeral Dynamic Service Response Ports</span></td> </tr> <tr style="height:15pt;"> <td width="161" height="20" class="xl94" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;width:121pt;height:15pt;border-top:#f0f0f0;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="194" class="xl88" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:#f0f0f0;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl84" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:#f0f0f0;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:30pt;"> <td width="161" height="40" class="xl95" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;width:121pt;height:30pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP &amp; UDP 49152-65535</span></td> <td width="194" class="xl89" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">Windows 2008/Vista and newer</span></td> <td width="181" class="xl76" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">Ephemeral Dynamic Service Response Ports</span></td> </tr> <tr style="height:15pt;"> <td width="161" height="20" class="xl95" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;width:121pt;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="194" class="xl89" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:49.5pt;mso-height-source:userset;"> <td width="161" height="66" class="xl95" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;width:121pt;height:49.5pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP Dynamic Ephemeral</span></td> <td width="194" class="xl89" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">Replication, User and Computer Authentication, Group Policy, Trusts</span></td> <td width="181" class="xl76" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS</span></td> </tr> <tr style="height:15pt;"> <td width="161" height="20" class="xl95" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;width:121pt;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="194" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:32.25pt;mso-height-source:userset;"> <td width="161" height="43" class="xl95" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;width:121pt;height:32.25pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">UDP Dynamic Ephermeral</span></td> <td width="194" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">Group Policy</span></td> <td width="181" class="xl75" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">DCOM, RPC, EPM</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl67" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="194" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td width="181" class="xl74" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:39pt;mso-height-source:userset;"> <td colspan="3" width="536" height="52" class="xl78" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;width:403pt;height:39pt;border-top:windowtext 0.5pt solid;border-right:black 1pt solid;"><strong><em><span style="font-family:Calibri;font-size:small;">If the scenario is a Mixed-Mode NT4 &amp; Active Directory scenario with NT4 BDCs, then the following must be opened:</span></em></strong></td> </tr> <tr style="height:45.75pt;"> <td height="61" class="xl65" style="border-bottom:windowtext 1pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:45.75pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP &amp; UDP 1024 - 65535</span></td> <td width="194" class="xl71" style="border-bottom:windowtext 1pt solid;border-left:windowtext;background-color:transparent;width:146pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">NT4 BDC to Windows 2000 or newer Domain controller PDC-E communications</span></td> <td width="181" class="xl77" style="border-bottom:windowtext 1pt solid;border-left:windowtext;background-color:transparent;width:136pt;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">RPC, LSA RPC, LDAP, LDAP SSL, LDAP GC, LDAP GC SSL, DNS, Kerberos, SMB</span></td> </tr> </tbody> </table> </p> <p>&nbsp;</p> <p>&nbsp;</p> <p>See, wasn&#39;t that simple?</p> <p>&nbsp;</p> <h3>The Short list without port explanations:</h3> <h2> <table width="192" cellpadding="0" cellspacing="0" border="0" style="width:144pt;border-collapse:collapse;"> <colgroup><col width="101" style="width:76pt;mso-width-source:userset;mso-width-alt:3693;"></col><col width="91" style="width:68pt;mso-width-source:userset;mso-width-alt:3328;"></col></colgroup> <tbody> <tr style="height:16.5pt;"> <td width="101" height="22" class="xl74" style="background-color:transparent;width:76pt;height:16.5pt;border:windowtext 1pt solid;"><strong><span style="font-family:Calibri;font-size:small;">Protocol</span></strong></td> <td width="91" class="xl75" style="border-bottom:windowtext 1pt solid;border-left:windowtext;background-color:transparent;width:68pt;border-top:windowtext 1pt solid;border-right:windowtext 1pt solid;"><strong><span style="font-family:Calibri;font-size:small;">Port</span></strong></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl68" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">TCP</td> <td class="xl69" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">25</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">TCP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">42</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">TCP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">135</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">TCP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">137</span></td> </tr> <tr style="height:15.75pt;"> <td height="21" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15.75pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">TCP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">139</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">TCP and UDP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">389</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">TCP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">636</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">TCP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">3268</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">TCP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">3269</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">TCP and UDP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">88</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">TCP and UDP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">53</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">TCP and UDP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">445</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">TCP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">9389</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">TCP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">5722</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">TCP and UDP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">464</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">UDP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">123</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">UDP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">137</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">UDP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">138</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">UDP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">67</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">UDP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">2535</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl70" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">TCP &amp; UDP</td> <td class="xl65" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">1025-5000</span></td> </tr> <tr style="height:15.75pt;"> <td height="21" class="xl71" style="border-bottom:windowtext 1pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15.75pt;border-top:windowtext;border-right:windowtext 0.5pt solid;">TCP &amp; UDP</td> <td class="xl64" style="border-bottom:windowtext 1pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">49152-65535</span></td> </tr> <tr style="height:15.75pt;"> <td height="21" class="xl66" style="border-bottom:#f0f0f0;border-left:windowtext 1pt solid;background-color:transparent;height:15.75pt;border-top:#f0f0f0;border-right:#f0f0f0;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> <td class="xl67" style="border-bottom:#f0f0f0;border-left:#f0f0f0;background-color:transparent;border-top:#f0f0f0;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">&nbsp;</span></td> </tr> <tr style="height:66.75pt;mso-height-source:userset;"> <td colspan="2" width="192" height="89" class="xl76" style="border-bottom:windowtext 1pt solid;border-left:windowtext 1pt solid;background-color:transparent;width:144pt;height:66.75pt;border-top:windowtext 1pt solid;border-right:black 1pt solid;"><strong>If the scenario is a Mixed-Mode NT4 &amp; Active Directory scenario with NT4 BDCs, then the following must be opened:</strong></td> </tr> <tr style="height:15.75pt;"> <td height="21" class="xl72" style="border-bottom:windowtext 1pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15.75pt;border-top:windowtext;border-right:#f0f0f0;">TCP &amp; UDP</td> <td class="xl73" style="border-bottom:windowtext 1pt solid;border-left:#f0f0f0;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">1024-65535</span></td> </tr> </tbody> </table> </h2> <p>&nbsp;</p> <h2><br />Restricting Firewall ports</h2> <p>And yes, you can choose to restrict the port ranges to specific ports, and if choosing this option, you must specifically specify the correct ports for the correct service.</p> <p>It depends on what ports and services you want to restrict?</p> <p>1. Method 1<br />This is to used to set the specific AD replication port. By default it uses dynamic port to replicate data from DC in one site to another. <br />This is applicable for restriction AD replication to a specific port range. Procedure:<br />&nbsp;Modify registry to select a static port.<br />&nbsp;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters<br />&nbsp;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters</p> <p>Restricting Active Directory replication traffic and client RPC traffic to a specific port<br />&nbsp;<a href="http://support.microsoft.com/kb/224196">http://support.microsoft.com/kb/224196</a> </p> <p>2. Method 2<br />This is for configuring the port range(s) in the&nbsp;Windows Firewall. <br />&nbsp;Netsh - use the following examples to set a starting port range, and number of ports after it to use<br />&nbsp;netsh int ipv4 set dynamicport tcp start=10000 num=1000<br />&nbsp;netsh int ipv4 set dynamicport udp start=10000 num=1000</p> <p>The default dynamic port range for TCP/IP has changed in Windows Vista and in Windows Server 2008<br />&nbsp;<a href="http://support.microsoft.com/kb/929851">http://support.microsoft.com/kb/929851</a> </p> <p>3. Modify the registry <br />This is for WIndows services communications. It also affects AD communications.<br />&nbsp;HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc</p> <p>How to configure RPC dynamic port allocation to work with firewalls <br />&nbsp;<a href="http://support.microsoft.com/kb/154596/en-us">http://support.microsoft.com/kb/154596/en-us</a> </p> <h2></h2> <h2></h2> <h2><br />Here are some related links to restricting AD replication ports.</h2> <p>Reference thread:<br /><a href="http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/76e8654a-fbba-49af-b6d6-e8d9d127bf03/">http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/76e8654a-fbba-49af-b6d6-e8d9d127bf03/</a> </p> <p>RODC Firewall Port Requirements<br /><a href="http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx">http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx</a> </p> <p>Active Directory Replication over Firewalls <br /><a href="http://technet.microsoft.com/en-us/library/bb727063.aspx">http://technet.microsoft.com/en-us/library/bb727063.aspx</a> </p> <p>&nbsp;</p> <h2><br /><br />RODC - &quot;Read only Domain Controllers&quot; have their own port requirements:</h2> <p> <table width="233" cellpadding="0" cellspacing="0" border="0" style="width:175pt;border-collapse:collapse;"> <colgroup><col width="107" style="width:80pt;mso-width-source:userset;mso-width-alt:3913;"></col><col width="126" style="width:95pt;mso-width-source:userset;mso-width-alt:4608;"></col></colgroup> <tbody> <tr style="height:16.5pt;"> <td width="107" height="22" class="xl65" style="background-color:transparent;width:80pt;height:16.5pt;border:windowtext 1pt solid;"><strong><span style="font-family:Calibri;font-size:small;">Port</span></strong></td> <td width="126" class="xl66" style="border-bottom:windowtext 1pt solid;border-left:#f0f0f0;background-color:transparent;width:95pt;border-top:windowtext 1pt solid;border-right:windowtext 1pt solid;"><strong><span style="font-family:Calibri;font-size:small;">Type of Traffic</span></strong></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl71" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:#f0f0f0;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">UDP 53 DNS</span></td> <td class="xl72" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:#f0f0f0;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">DNS</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl67" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-family:Calibri;font-size:small;">TCP 53 DNS</span></td> <td class="xl68" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">DNS</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl67" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-size:small;"><span style="font-family:Calibri;">TCP 135<span style="mso-spacerun:yes;">&nbsp;</span></span></span></td> <td class="xl68" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">RPC, EPM</span></td> </tr> <tr style="height:15pt;"> <td height="20" class="xl67" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-size:small;"><span style="font-family:Calibri;">TCP Static 53248<span style="mso-spacerun:yes;">&nbsp;</span></span></span></td> <td class="xl68" style="border-bottom:windowtext 0.5pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">FRsRpc</span></td> </tr> <tr style="height:15.75pt;"> <td height="21" class="xl69" style="border-bottom:windowtext 1pt solid;border-left:windowtext 1pt solid;background-color:transparent;height:15.75pt;border-top:windowtext;border-right:windowtext 0.5pt solid;"><span style="font-size:small;"><span style="font-family:Calibri;">TCP 389<span style="mso-spacerun:yes;">&nbsp;</span></span></span></td> <td class="xl70" style="border-bottom:windowtext 1pt solid;border-left:windowtext;background-color:transparent;border-top:windowtext;border-right:windowtext 1pt solid;"><span style="font-family:Calibri;font-size:small;">LDAP</span></td> </tr> </tbody> </table> <br />Designing RODCs in the Perimeter Network<br /><a href="http://technet.microsoft.com/en-us/library/dd728028(WS.10).aspx">http://technet.microsoft.com/en-us/library/dd728028(WS.10).aspx</a> </p> <p>Restricting Active Directory replication traffic and client RPC traffic to a specific port<br /><a href="http://support.microsoft.com/kb/224196">http://support.microsoft.com/kb/224196</a> </p> <p>Good discussion on RODC and firewall ports required:<br /><a href="http://forums.techarena.in/active-directory/1303925.htm">http://forums.techarena.in/active-directory/1303925.htm</a> </p> <p>Further info on how RODC authentication works will help understand the ports:<br />Understanding &ldquo;Read Only Domain Controller&rdquo; authentication <br /><a href="http://blogs.technet.com/b/askds/archive/2008/01/18/understanding-read-only-domain-controller-authentication.aspx">http://blogs.technet.com/b/askds/archive/2008/01/18/understanding-read-only-domain-controller-authentication.aspx</a> </p> <p>&nbsp;</p> <h2><br />References</h2> <p>How to configure a firewall for domains and trusts<br /><a href="http://support.microsoft.com/kb/179442">http://support.microsoft.com/kb/179442</a> </p> <p>Active Directory and Active Directory Domain Services Port Requirements, Updated: June 18, 2009 (includes updated new ephemeral ports for Windows Vista/2008 and newer). This also discusses RODC port requirements. You must also make sure the ephemeral ports are opened. They are:<br />&nbsp;&nbsp; TCP &amp; UDP 1025-5000<br />&nbsp;&nbsp; TCP &amp; UDP 49152-65535<br /><a href="http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx">http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx</a> </p> <p>Windows 2008, 2008 R2, Vista and Windows 7 Ephermeral Port range has changed from the ports used by Windows 2003 Windows XP, and Windows 2000. Default ephemeral (Random service dynamic response ports) are UDP 1024 - 65535 (See KB179442 below), but for Vista and Windows 2008 it&#39;s different. Their default start port range is UDP 49152 to UDP 65535 (see KB929851 below).</p> <p>Quoted from KB929851 (link posted below): &quot;To comply with Internet Assigned Numbers Authority (IANA) recommendations, Microsoft has increased the dynamic client port range for outgoing connections in Windows Vista and in Windows Server 2008. The new default start port is 49152, and the default end port is 65535. This is a change from the configuration of earlier versions of Microsoft Windows that used a default port range of 1025 through 5000.&quot; </p> <p>Windows Vista, Windows 7, Windows 2008 and Windows 2008 R2 Service Response Ports (ephemeral ports) have changed.<br /><a href="http://support.microsoft.com/?kbid=929851">http://support.microsoft.com/?kbid=929851</a> </p> <p>Active Directory and Firewall Ports - I found it hard to find a definitive list on the internet for what ports needed opening for Active Directory to replication between Firewalls. ... <br /><a href="http://geekswithblogs.net/TSCustomiser/archive/2007/05/09/112357.aspx">http://geekswithblogs.net/TSCustomiser/archive/2007/05/09/112357.aspx</a> </p> <p>Active Directory Replication over Firewalls, Jan 31, 2006. (includes older pre-Windows Vista/2008 ephemeral ports) <br /><a href="http://technet.microsoft.com/en-us/library/bb727063.aspx">http://technet.microsoft.com/en-us/library/bb727063.aspx</a> </p> <p>How Domains and Forests Work<br />Also shows a list of ports needed.<br /><a href="http://technet.microsoft.com/en-us/library/cc783351(v=ws.10).aspx">http://technet.microsoft.com/en-us/library/cc783351(v=ws.10).aspx</a> </p> <p>Paul Bergson&#39;s Blog on AD Replication and Firewall Ports<br /><a href="http://www.pbbergs.com/windows/articles/FirewallReplication.html">http://www.pbbergs.com/windows/articles/FirewallReplication.html</a> </p> <p>&nbsp;</p> <h2><br />Exchange DS Access ports</h2> <p>Configuring an Intranet Firewall for Exchange 2003, April 14, 2006. <br />Protocol ports required for the intranet firewall and ports required for Active Directory and Kerberos communications <br /><a href="http://technet.microsoft.com/en-us/library/bb125069.aspx">http://technet.microsoft.com/en-us/library/bb125069.aspx</a> </p> <p>&nbsp;</p> <h2>Additonal Reading</h2> <p>Restricting Active Directory replication traffic and client RPC ...Restricting Active Directory replication traffic and client RPC traffic to a ... unique port, and you restart the Netlogon service on the domain controller. ...<br /><a href="http://support.microsoft.com/kb/224196">http://support.microsoft.com/kb/224196</a> </p> <p>How to restrict FRS replication traffic to a specific static port - How to restrict FRS replication traffic to a specific static port ... Windows 2000-based domain controllers and servers use FRS to replicate system policy ...<br /><a href="http://support.microsoft.com/kb/319553">http://support.microsoft.com/kb/319553</a> </p> <p>Some firewalls may reject network traffic that originates from Windows Server 2003 Service Pack 1-based or Windows Vista-based computers<br />This KB indicates Checkpoint firewalls having an issue with AD communications.<br /><a href="http://support.microsoft.com/?kbid=899148">http://support.microsoft.com/?kbid=899148</a> </p> <p>&nbsp;</p> <p>&nbsp;</p> <h2>Checkpoint Firewall and AD, DNS and RPC Communications and Replication traffic</h2> <p>Checkpoint firewalls have a known issue if you are running version R55 or older. You will need to make a registry entry to allows traffic to flow between the 2 sites via the vpn. The preferred solution is to upgrade the Checkpoint firewall.</p> <h3>More info:</h3> <p>Some firewalls may reject network traffic that originates from Windows Server 2003 Service Pack 1-based or Windows Vista-based computers<br />(This link relates to and helps resolve the Checkpoint issue)<br /><a href="http://support.microsoft.com/?kbid=899148">http://support.microsoft.com/?kbid=899148</a></p> <p>Note from one poster on the internet with a Checkpoint firewall:<br />For Windows 2003 R2 and non-R2 remote domain controller we added the Server2003NegotiateDisable entry in <br />HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc</p> <p>&nbsp;</p> <p>&nbsp;</p> <h3>I know you&#39;ve enjoyed reading this. Well, whether you did or not, at least you now know what to do to make it work.</h3> <p>Comments, suggestions and corrections are welcomed!</p> <h3>Ace Fekay</h3>