Hi Eric,
Thanks for the reply! I am adding one point here.
First, the article 154596 is used to configure the dynamic port for the
client. As the DC may act as both the RPC server and RPC client, you need
to configure the port range on all the computers. If you do not configure
it on one of the computer, this computer will use an available port when it
works as client.
Have a nice day!
Sincerely,
Damon Xu
MCSE2000, MCDBA2000
Microsoft Online Partner Support
Get Secure! -
www.microsoft.com/security
====================================================
When responding to posts, please Reply to Group via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided AS IS with no warranties, and confers no rights.
--------------------
| Content-Class: urn:content-classes:message
| From: "Eric Smith" <
[email protected]>
| Sender: "Eric Smith" <
[email protected]>
| References: <
[email protected]>
<
[email protected]>
| Subject: RE: Trusts and RPC
| Date: Wed, 6 Aug 2003 10:33:52 -0700
| Lines: 61
| Message-ID: <
[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcNcQOcYRBZqu8TmQAKpMILhJtuyNQ==
| Newsgroups: microsoft.public.win2000.networking
| Path: cpmsftngxa06.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.networking:31371
| NNTP-Posting-Host: TK2MSFTNGXA08 10.40.1.160
| X-Tomcat-NG: microsoft.public.win2000.networking
|
| Ok when limiting the port range through a firewall, using
| the following article as a reference:
|
http://support.microsoft.com/default.aspx?scid=kb;EN-
| US;154596
|
| If I have 5 trusts, 4 of which have ephemeral port ranges
| open, and one that doesn't, will all 5 trust relationships
| use the port range I specify in the
| HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet\Ports
| Value? Along those same lines, will both ends of the
| communication require the same port mapping? Or does the
| server dictate the dynamic port which RPC will use? The
| reason I ask is to avoid having to co-ordinate changes
| across a large organization.
|
| I guess what I'm really getting at is will the
| HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet\Ports
| value dictate the port range for all RPC communication for
| a machine? I noticed in q179442 it states "Note that
| there may be hosts functioning with both client and server
| roles on both sides of the firewall. Because of this,
| ports rules may need to be mirrored" Does this mean all
| clients and servers will need to have the necessary value
| set in
| HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet\Ports
| in order for communication to be restricted to a specified
| port range?
|
| Thanks again!
| Eric Smith
|
| >-----Original Message-----
| >Hi Eric,
| >
| >Thank you for posting!
| >
| >It seems you are going to configure firewalls for Domain
| trusts, right?
| >
| >RPC is required in all the situations. Windows 2000 DNS
| servers use
| >ephemeral client-side ports when they query other DNS
| servers.
| >
| >I recommend you read the article below:
| >
| >179442 How to Configure a Firewall for Domains and Trusts
| >
http://support.microsoft.com/?id=179442
| >
| >Hope this helps. Thank you!
| >
| >Regards,
| >Bennie Chen
| >Product Support Services
| >Microsoft Corporation
| >
| >This posting is provided "AS IS" with no warranties, and
| confers no rights.
| >
| >.
| >
|
