RE: Limit W2K Queries.

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Terry Liu [MSFT] (v-teliu_at_online.microsoft.com)
Date: 03/08/04

• Next message: jedec: "network card disabled (iIntermittent)"
• Previous message: Rob Elder, MVP-Networking: "Re: Help on working with Win2K PDC & Stand-alone Server"
• In reply to: Skarlund: "Limit W2K Queries."
• Next in thread: anonymous_at_discussions.microsoft.com: "RE: Limit W2K Queries."
• Reply: anonymous_at_discussions.microsoft.com: "RE: Limit W2K Queries."
• Messages sorted by: [ date ] [ thread ]

---

Date: Mon, 08 Mar 2004 10:20:44 GMT

Hi,

I am sorry to say that we are unable to do this. If the firewall appliance
is a firewall between two internal subnets, I suggest you open the
necessary ports listed in this Knowledge Base article:

179442 How to Configure a Firewall for Domains and Trusts
http://support.microsoft.com/?id=179442

If the firewall appliance is between the internal network and the external,
we need to disable the 389 port too. Instead, create a VPN connection
between these DCs. Or external clients can use port 389 to keep on
attacking the server.

For your reference: 277650 How to Determine the Site in Which a Domain
Controller Is Located -- http://support.microsoft.com/?id=277650

Best regards,

Terry Liu
MCSE 2K MCSA MCDBA CCNA
Microsoft Online Support Engineer

Get Secure! - <www.microsoft.com/security>
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
60Content-Class: urn:content-classes:message
60From: "Skarlund" <joskr@ncmnordic.se>
60Sender: "Skarlund" <joskr@ncmnordic.se>
60Subject: Limit W2K Queries.
60Date: Sun, 7 Mar 2004 23:16:07 -0800
60Lines: 43
60Message-ID: <5e3e01c404dd$39a402f0$a601280a@phx.gbl>
60MIME-Version: 1.0
60Content-Type: text/plain;
60 charset="iso-8859-1"
60Content-Transfer-Encoding: 7bit
60X-Newsreader: Microsoft CDO for Windows 2000
60X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
60Thread-Index: AcQE3TmkVAQTP1xdSSSnx84QERECJQ==
60Newsgroups: microsoft.public.win2000.networking
60Path: cpmsftngxa06.phx.gbl
60Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.networking:57497
60NNTP-Posting-Host: tk2msftngxa14.phx.gbl 10.40.1.166
60X-Tomcat-NG: microsoft.public.win2000.networking
60
60Hi,
60
60we would like to have help with the following problem.
60
60senario:
60
60One stand alone Windows 2000 server (an e-Gap Remote
60Access Appliance) that shall communicate with two
60specified AD servers (Windows 2003) with Global
60Directory. They are part of site 1 as is the subnet of
60the Windows 2000 server.
60
60Information flow:
60
60Win2k server sends DNS and LDAP queries to the AD servers
60to authenticate user credentials.It also sends LDAP
60queries to check for user rights (check if user is in a
60specific group).
60
60A firewall is located between the Win2k server and the AD
60servers. It only allows traffic on DNS UDP port 53 and
60LDAP UDP/TCP port 389.
60
60Problem:
60
60Sometimes the Win2k server tries to send LDAP queries to
60other AD servers in the same target domain. This is
60stopped by the firewall and causes time out situations in
60the e-Gap firewall Appliance application. We also see
60that the Win2k server tries to send Kerberos packets to
60the AD server just before it starts sending queries to
60the other AD servers. The Kerberos packets are stopped by
60the firewall.
60
60Question:
60
60How do we limit the Win2k server to only send it's
60queries to the two AD servers at site 1, and not any
60others.
60
60Best Regards
60
60
60

---

• Next message: jedec: "network card disabled (iIntermittent)"
• Previous message: Rob Elder, MVP-Networking: "Re: Help on working with Win2K PDC & Stand-alone Server"
• In reply to: Skarlund: "Limit W2K Queries."
• Next in thread: anonymous_at_discussions.microsoft.com: "RE: Limit W2K Queries."
• Reply: anonymous_at_discussions.microsoft.com: "RE: Limit W2K Queries."
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: How to Maintain an IIS Server? ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ... (microsoft.public.inetserver.iis.security) Re: CEICW fails at firewall config ... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ... (microsoft.public.windows.server.sbs) Re: How to Maintain an IIS Server? ... >> server running on a Windows 2000 server. ... > before a firewall and antivirus have been installed]. ... > program or executable using that port. ... (microsoft.public.inetserver.iis.security) Re: Activesync / Airsync - Alternative Ports ... Setup a reverse HTTP proxy. ... Another idea is to use the PPTP capabilities of a Windows Server to allow ... Satellite - Cisco Firewall - Exchange Server ... So on the server side you would configure the port 80 to redirect to ... (microsoft.public.pocketpc.activesync) Re: Activesync / Airsync - Alternative Ports ... "Chris De Herrera" wrote: ... Another idea is to use the PPTP capabilities of a Windows Server to allow ... Satellite - Cisco Firewall - Exchange Server ... So on the server side you would configure the port 80 to redirect to 8888 ... (microsoft.public.pocketpc.activesync)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Win2000  > microsoft.public.win2000.networking  > 2004-03