Re: Problem After Defining Static RPC Port
- From: "Paul Bergson [MVP-DS]" <pbbergs@xxxxxxxxxxxxxxx>
- Date: Thu, 19 Mar 2009 07:20:48 -0500
Check out an article I have on dc's and firewalls. I would specifically define any ports to verify full connectivity. Don't just assume something is going to stay on the same port, you are just asking for wierd things to happen.
http://www.pbbergs.com/windows/articles.htm
Select Firewall Ports Needed for Replication
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Baboon" <Baboon@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:68F0736F-3185-45FB-A866-BD203C596D8A@xxxxxxxxxxxxxxxx
We have had 4 DCs behind a firewall in a particular subnet for a few years.
RPC communcation from clients always seems to go to
port 1025 even though a static port isn't set in the servers' Registry. For
that reason, port 1025 is open in the firewall to the
DCs, along with port 135 and the other usual AD ports. We recently added
new DCs to a different subnet (same site) behind another
firewall using the same rules. For whatever reason, clients are tring to
use port 1026 on the new DCs for RPC communication and
being denied at the firewall. (The DCs on both subnets have no trouble
replicating because pretty much every port is open between
their 2 subnets.)
To hopefully get around this problem, I created the TCP/IP Port Registry
dword value of 1025 in \NTDS\Parameters per several KB
articles. Once I made that change, I began to see client connections to
that port. (I did this on only one DC as a test.) The
problem is that after a reboot to enable the change, I get a warning entry
in the Directory Services log:
*************************************************
Event ID 1310
Active Directory could not use the following RPC protocol sequence.
RPC protocol sequence:
ncacn_ip_tcp...........
............Error value:
1740 The endpoint is a duplicate.
*************************************************
I checked to confirm that the server wasn't listening on port 1025
beforehand so I'm not sure what the error means. I rebooted a
second time, but the error showed up again after the reboot. When I run
"repadmin /replsummary", I see no errors for that DC.
When I run "rpcdump /s /i", the results look exactly the same as when I run
it on a different DC. Does anyone have any ideas why
it get this error?
I wish I could say that's my only question, but it got me wondering why the
DCs in one subnet are having the endpoint mapper
direct clients to port 1025, but on the other subnet it directs clients to
port 1026. (All are running Windows 2003 with SP2.)
Also, I'm surprised that the endpoint mapper directs them to the same port
each time, since I thought those ports were dynamic.
.
- Follow-Ups:
- Re: Problem After Defining Static RPC Port
- From: Baboon
- Re: Problem After Defining Static RPC Port
- References:
- Problem After Defining Static RPC Port
- From: Baboon
- Problem After Defining Static RPC Port
- Prev by Date: Re: Infrastructure FSMO role owner attibute not correct in root domain
- Next by Date: Re: How to Switch domains without having admin rights?
- Previous by thread: Re: Problem After Defining Static RPC Port
- Next by thread: Re: Problem After Defining Static RPC Port
- Index(es):
Relevant Pages
|
