AD what tcp/ip port or registry settings?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: MarcusB <marcusb@xxxxxxxxx>
Date: Thu, 02 Jun 2005 11:17:43 +0200

We have our domains controlers behind the firewall. To be able to work we opened a lot of ports. All are in the lists below. We changed also registry to make RPC to one port. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters] "TCP/IP Port"=dword:0000c000

OPENED PORTS ON THE FIREWALL seperating clients and servers. Server and cliends are in the same building but seperated by firewall.

Service    Port/protocol
RPC endpoint mapper    135/tcp, 135/udp
NetBIOS name service    137/tcp, 137/udp
NetBIOS datagram service    138/udp
NetBIOS session service    139/tcp
RPC static port for AD replication    49152/tcp
SMB over IP (Microsoft-DS)    445/tcp, 445/udp
LDAP    389/tcp
LDAP over SSL    636/tcp
Global catalog LDAP    3268/tcp
Global catalog LDAP over SSL    3269/tcp
Kerberos    88/tcp, 88/udp
DNS    53/tcp, 53/udp
WINS resolution (if required)    1512/tcp, 1512/udp
WINS replication (if required)    42/tcp, 42/udp
Network time protocol (NTP)    123/udp

Everything is working, but it take long time to log in. If I will go with laptop directly behind the firewall it takes 2-5 seconds to log in. If we are behind firewall it takes 30 seconds or longer. How to solve problem??


MarcusB
.

Follow-Ups:
- Re: AD what tcp/ip port or registry settings?
  - From: neo [mvp outlook]

Prev by Date: RE: AD - how to check replication status and effect repair?
Next by Date: Re: AD what tcp/ip port or registry settings?
Previous by thread: Active Directory Organizational units scaling
Next by thread: Re: AD what tcp/ip port or registry settings?
Index(es):
- Date
- Thread

Relevant Pages

Re: Long time loging to the domain behind the firewall
... It is not my case to use VPN, the servers are in the same building on the same network but behind firewall. ... I just want to know maybe I need to open some extra ports and change registry etc.. ... Basically I would like if the computer detects a slow connection to try using the VPN and then run all the star-up scripts and such. ... Global catalog LDAP over SSL 3269/tcp ...
(microsoft.public.windows.server.active_directory)
Re: How Important Is NetBIOS
... ZA's "security levels" or whatever they're called blocks ... off these ports on the internet side if set properly. ... router with a firewall that is already doing this. ... > I can trace back to programs, but I was wondering about how useful NetBIOS ...
(comp.security.firewalls)
Re: Root exploit for FreeBSD
... for two ports to my FreeBSD portscluster nodes. ... and it gives the firewall ... US this is also quite common, at least with regards to University ... if your computer is going to connect on our network it must be configured in certain ways and behave "normally" or you won't get a connection. ...
(freebsd-questions)
Re: Root exploit for FreeBSD
... for two ports to my FreeBSD portscluster nodes. ... and it gives the firewall ... US this is also quite common, at least with regards to University ... if your computer is going to connect on our network it must be configured in certain ways and behave "normally" or you won't get a connection. ...
(freebsd-current)
Re: Open ports connection to w2003 server
... RPC endpoint mapper 135/tcp, 135/udp ... NetBIOS name service 137/tcp, 137/udp ... Global catalog LDAP over SSL 3269/tcp ... firewall permits this, there's very little reason even to have a firewall. ...
(microsoft.public.windows.server.networking)