RE: Limit W2K Queries.
anonymous_at_discussions.microsoft.com
Date: 03/08/04
- Next message: Bob I: "Re: IPX legacy application"
- Previous message: daniel kaplan: "98 & 2000 network"
- In reply to: Terry Liu [MSFT]: "RE: Limit W2K Queries."
- Next in thread: Terry Liu [MSFT]: "RE: Limit W2K Queries."
- Reply: Terry Liu [MSFT]: "RE: Limit W2K Queries."
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 8 Mar 2004 06:50:46 -0800
Hi,
I'm not sure if the question is understood right. Please
read the question again and replay.
Best Regards //Jörgen
>-----Original Message-----
>Hi,
>
>I am sorry to say that we are unable to do this. If the
firewall appliance
>is a firewall between two internal subnets, I suggest
you open the
>necessary ports listed in this Knowledge Base article:
>
>179442 How to Configure a Firewall for Domains and Trusts
>http://support.microsoft.com/?id=179442
>
>If the firewall appliance is between the internal
network and the external,
>we need to disable the 389 port too. Instead, create a
VPN connection
>between these DCs. Or external clients can use port 389
to keep on
>attacking the server.
>
>For your reference: 277650 How to Determine the Site in
Which a Domain
>Controller Is Located -- http://support.microsoft.com/?
id=277650
>
>Best regards,
>
>Terry Liu
>MCSE 2K MCSA MCDBA CCNA
>Microsoft Online Support Engineer
>
>Get Secure! - <www.microsoft.com/security>
>=====================================================
>When responding to posts, please "Reply to Group" via
your newsreader so
>that others may learn and benefit from your issue.
>=====================================================
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>--------------------
>60Content-Class: urn:content-classes:message
>60From: "Skarlund" <joskr@ncmnordic.se>
>60Sender: "Skarlund" <joskr@ncmnordic.se>
>60Subject: Limit W2K Queries.
>60Date: Sun, 7 Mar 2004 23:16:07 -0800
>60Lines: 43
>60Message-ID: <5e3e01c404dd$39a402f0$a601280a@phx.gbl>
>60MIME-Version: 1.0
>60Content-Type: text/plain;
>60 charset="iso-8859-1"
>60Content-Transfer-Encoding: 7bit
>60X-Newsreader: Microsoft CDO for Windows 2000
>60X-MimeOLE: Produced By Microsoft MimeOLE
V5.50.4910.0300
>60Thread-Index: AcQE3TmkVAQTP1xdSSSnx84QERECJQ==
>60Newsgroups: microsoft.public.win2000.networking
>60Path: cpmsftngxa06.phx.gbl
>60Xref: cpmsftngxa06.phx.gbl
microsoft.public.win2000.networking:57497
>60NNTP-Posting-Host: tk2msftngxa14.phx.gbl 10.40.1.166
>60X-Tomcat-NG: microsoft.public.win2000.networking
>60
>60Hi,
>60
>60we would like to have help with the following problem.
>60
>60senario:
>60
>60One stand alone Windows 2000 server (an e-Gap Remote
>60Access Appliance) that shall communicate with two
>60specified AD servers (Windows 2003) with Global
>60Directory. They are part of site 1 as is the subnet of
>60the Windows 2000 server.
>60
>60Information flow:
>60
>60Win2k server sends DNS and LDAP queries to the AD
servers
>60to authenticate user credentials.It also sends LDAP
>60queries to check for user rights (check if user is in
a
>60specific group).
>60
>60A firewall is located between the Win2k server and the
AD
>60servers. It only allows traffic on DNS UDP port 53 and
>60LDAP UDP/TCP port 389.
>60
>60Problem:
>60
>60Sometimes the Win2k server tries to send LDAP queries
to
>60other AD servers in the same target domain. This is
>60stopped by the firewall and causes time out situations
in
>60the e-Gap firewall Appliance application. We also see
>60that the Win2k server tries to send Kerberos packets
to
>60the AD server just before it starts sending queries to
>60the other AD servers. The Kerberos packets are stopped
by
>60the firewall.
>60
>60Question:
>60
>60How do we limit the Win2k server to only send it's
>60queries to the two AD servers at site 1, and not any
>60others.
>60
>60Best Regards
>60
>60
>60
>
>.
>
- Next message: Bob I: "Re: IPX legacy application"
- Previous message: daniel kaplan: "98 & 2000 network"
- In reply to: Terry Liu [MSFT]: "RE: Limit W2K Queries."
- Next in thread: Terry Liu [MSFT]: "RE: Limit W2K Queries."
- Reply: Terry Liu [MSFT]: "RE: Limit W2K Queries."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
