Re: Authentication Ports
- From: "Ace Fekay [Microsoft Certified Trainer]" <aceman@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 7 May 2009 18:01:55 -0400
"Mitch" <Mitch@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:23FA4A82-0F3B-4364-A7DE-F1F1BB188263@xxxxxxxxxxxxxxxx
Hi,
I am setting up a point to point T1 in addition to an IPSec tunnel between 2
offices. In order for everything to communicate with the equipment were
using, I will need the port# for exchange email, system traffic and the port
which Active Directory uses to authenticate users. Does anyone know the
answer to this? Thanks.
Mitch
You are better off just opening the VPN wide open between the locations. The VPN will secure the traffic anyway, so no worries.
Otherwise you must open up a slew of ports to the point it swiss-cheeses the firewall. In addition the Default emepheral ports need to be opened. They are the random service ports that Windows uses to communicate, and are required by AD. They are UDP 1024 - 65535 (See KB179442), but for Vista and Windows 2008 it's different. Their default start port is UDP 49152, and the default end port is UDP 65535 (see KB899148).
Have a read on the following:
======================================================================================================
======================================================================================================
Active Directory Firewall ports
Active Directory Replication over FirewallsJan 31, 2006. Active Directory relies on remote procedure call (RPC)
http://technet.microsoft.com/en-us/library/bb727063.aspx
How to configure a firewall for domains and trusts
http://support.microsoft.com/?id=179442
Configuring an Intranet Firewall, Apr 14, 2006. Protocol ports required for the intranet firewall.
Ports required for Active Directory and Kerberos communications
http://technet.microsoft.com/en-us/library/bb125069.aspx
Active Directory and Firewall PortsI found it hard to find a definitive list on the internet for what ports needed opening for Active Directory to replication between Firewalls. ...
http://geekswithblogs.net/TSCustomiser/archive/2007/05/09/112357.aspx
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@xxxxxxxxxxxxxxxxxxxxxxx
For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
"Efficiency is doing things right; effectiveness is doing the right things." - Peter F. Drucker
http://twitter.com/acefekay
.
- References:
- Authentication Ports
- From: Mitch
- Authentication Ports
- Prev by Date: Re: Group Policy does not get inforced
- Next by Date: Re: updating "host-a" entry at Domain Controller site: reducing time
- Previous by thread: Authentication Ports
- Next by thread: Re: Authentication Ports
- Index(es):
Relevant Pages
|
