Ports need to be opend for AD Replication

[Chai]

Hi there,

I found out the problems is cause by the firewall block
the traffic between the 2 DC when trying to perform AD
replication.

The problems now is what is the minimum ports I need to
open in order for AD replication?

I try open 389, 88, 3268, 464, 135 (its 135 necessary?).
When I try to perform replication - error message "Not
enought port opened for endpoint mapping".

If I open all ports then no problems - but no secure.

Any ideas?

Thanks

 

[Tim Hines, MCSA, MCSE]

Take a look at http://www.microsoft.com/technet/ittasks/tasks/adrepfir.asp

--
--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[John]

You can force FRS to use a spacific port

http://support.microsoft.com/default.aspx?scid=kb;en-us;319553

 

[Chai]

Hi John,

Thanks, but I can't find the vlaue in the register!

Any ideas?

Thanks

 

[Chai]

Hi Tim,

I perform the steps similar like microsoft say but it seem
like don't work - I don't know why but when I use netstat
to check the connection - I only see the DC try to make a
135 connection to another DC but only SYN_SENT only.

I also cannot ping my server - even I open all the port?

I hear that many ISP block the ICMP and port 135 cause by
the virus - it is true??

Thanks

 

[Jimmy Andersson]

AD Replication over Firewalls by Steve Riley,
Consultant at Microsoft Telecommunications Practice.
http://www.microsoft.com/SERVICEPROVIDERS/columns/config_ipsec_p63623.asp

Q224196 - Restricting AD Replication Traffice to a Specific Port.
http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q224196

Regards,
/Jimmy