Re: Ports for DP beyond firewall

It sounds like we agree on the randomly/dynamically generated port -- I
agree with you, make that DP a secondary site...
"Sander" <Sander@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ED04F35B-83E3-4DA7-994A-5FADCF97571B@xxxxxxxxxxxxxxxx
Hi Steve,

The RPC port (TCP 135) is opened both ways to the SMS server and DP. After
monitoring the firewall for denies we (the firewall guys and myself) could
only conclude that this must be a dynamic RPC port. I found at KB article
(154596) about fixing dynamic RPC ports. I have no idea it this has any
impact on my currrent SMS servers or from the traffice from/to these
machines. I could try to make this DP a secondary site server to overcome
this problem...

"Steve Thompson" wrote:

Hi Sander,

Interesting... I could not find 1135 documented, anywhere... it may be
one
of those randomly generated port numbers. As a trial, you may want to
open
that port outbound. Let us know?

Steve

"Sander" <Sander@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C870A56E-7BB5-4471-AEE8-291616D4286B@xxxxxxxxxxxxxxxx
Steve,

I have openend port 80 and 135 in both ways and 137, 138, 139,445 from
the
SMS server to the DP. After trying to distribute a package to the DP
the
error message remains.
After checking the firewall it denies traffic from the SMS server to
the
DP
on port TCP 1135...

Sander.

"Steve Thompson" wrote:

"Sander" <Sander@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:52E5BF2B-3AB7-4DF3-BCD4-77A0041A48A6@xxxxxxxxxxxxxxxx

Thanks for your reply, but I have openend port 80 between the
primary
site
server and the DP and still have this errormessage.
Any other suggestions?

I agree with Kim on checking the firewall logs for blocked access,
dropped
packets, etc.

In revisiting your reply and the original article I posted

http://support.microsoft.com/kb/826852/en-us

I wonder if you need the RPC (TCP 135), and perhaps the UDP ports open
(reference the "Microsoft Windows NT UDP" topic). Again, this would be
from
your DP to/from your SMS site server.

I found one more link that may be helpful:
http://support.microsoft.com/kb/832017/en-us








.

Relevant Pages

  • Re: Ports for DP beyond firewall
    ... The RPC port is opened both ways to the SMS server and DP. ... monitoring the firewall for denies we could ...
    (microsoft.public.sms.setup)
  • Re: Ports for DP beyond firewall
    ... of those randomly generated port numbers. ... After checking the firewall it denies traffic from the SMS server to the ... on port TCP 1135... ... your DP to/from your SMS site server. ...
    (microsoft.public.sms.setup)
  • Re: Simulate SMS2K3 access across hardware firewall
    ... Refer to this KB to define the port opened on the SMS server: ... > Is anyone aware of a way to simulate a hardware firewall in a VPC ... > will include a hardware firewall, with port blocking. ...
    (microsoft.public.sms.admin)
  • The best rule for SMS
    ... clients and they have to connect to a external SMS server. ... execute a SMS client I have seen on the log viewer that the SMS server ... tries to connect to the clients by 135 tcp port and quite later the ... I want to know which is the best rule to set on my FW-1 because client ...
    (comp.security.firewalls)
  • Re: excessive TCP dulplicate acks revisted
    ... The tcp duplicate ACK attack is back. ... there was a thread on duplicate TCP acks in -CURRENT. ... TCP STREAM TEST from localhost port 0 AF_INET to greenhouse- george.18clay.com port 0 AF_INET ... Socket Socket Message Elapsed ...
    (freebsd-current)
Loading