Re: RPC and IPSec

This is an rpc error. The machine that the client is trying to attach to
should be the one telling the client which rpc port to use. The client
machine is provided this info on the initial connection off of port 135.
I'm a little confused on your details but have you defined the port
restrictions on ALL your source machines that this client is goint to attach
to and have any firewalls, that may be setup between, have these ports
opened up. Have you made any other mods to machines rpc definitions such as
the one in the description in the link below?


Dynamic allocation of rpc port range
http://support.microsoft.com/kb/154596/en-us

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com

This posting is provided "AS IS" with no warranties, and confers no rights.

"Trond E. Gjelsvik-Bakke" <Trond E.
Gjelsvik-Bakke@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:53174CBF-DED6-45F1-9DDA-0F0AD9F07986@xxxxxxxxxxxxxxxx
Hello.

I have implementet IPSec on my DC's. The IPSec is as described in Windows
Security Resource Kit. I hav used recommended IPSec filters for domain
controllers with DNS.

I have made som adjustments, as I have one Administration LAN that I have
been given full access.

When I put a client on some other LAN, and try to join this client to the
domain I get an error: "There are no more endpoints avaliable to the
endpoint
mapper"
The join then fails !!

I guess that this has something to do with IPSec rule:
Predifined RPC Range - TCP - ANY - 57901-57950 - ANY - ME - ALLOW - YES

This rule is, if I'm not wrong, limiting the ports used by RPC.

If I remove the IPSec or move the client into the Administrative LAN - It
Joins.

Does anyone have some solution on this ??


.

Relevant Pages

  • Re: RPC and IPSec
    ... On which machine did you define the port range? ... Are you sure you don't have a firewall blocking your client from attaching ... I have impemented the IPSec policy in the domain controller GPO. ... Do I need to alter the RPC port range in registry on my DC's to make this ...
    (microsoft.public.windows.server.active_directory)
  • Re: RPC and IPSec
    ... I have impemented the IPSec policy in the domain controller GPO. ... When the client is trying to join the domain, I can see that it is ... connecting to one of the DC on port 135. ... Do I need to alter the RPC port range in registry on my DC's to make this ...
    (microsoft.public.windows.server.active_directory)
  • Re: RPC and IPSec
    ... If in-between your client and DC do not have a firewall, ... defined a range of dynamic static RPC port. ... I have impemented the IPSec policy in the domain controller GPO. ... Do I need to alter the RPC port range in registry on my DC's to make this ...
    (microsoft.public.windows.server.active_directory)
  • RE: Problem with RPC over HTTP connecting from outside
    ... client with your public proxy server. ... Router has allowed 135 port. ... to help troubleshoot an unsuccessful RPC over HTTP connection. ...
    (microsoft.public.exchange.setup)
  • Re: RPC and IPSec
    ... If in-between your client and DC do not have a firewall, ... defined a range of dynamic static RPC port. ... I have impemented the IPSec policy in the domain controller GPO. ... Do I need to alter the RPC port range in registry on my DC's to make this ...
    (microsoft.public.windows.server.active_directory)