Use of UDP Port 389

[Guest]

I currently have a network of Windows 2000 servers connected via a VPN.

Recently I noticed that our firewall was blocking UDP Port 389 traffic to an
IP network that we do not have any domain controllers in. The traffic is
orginating from each 2000 server. It appears as if the AD may be trying to
replicate to an ip address that doesn't even exist.

I am assuing the UDP traffic being blocked is a AD ping to find the
172.192.1.190 address.

How can we first verify that AD is trying to replicate to 172.192.1.190 and
then stop it?

Any help will be appreciated.

Thanks

 

[Joe Richards [MVP]]

The UDP ping is used during the DC location process. Check DNS for any
references to a DC with that IP address.

 

[Guest]

Joe,

There is no entry in DNS for 172.192.190.1. That is what is so strange about
this.

How can I get the traffic to stop, since there is no DC with that address?
The other question is what caused this to happen in the first place. We do
not even use that subnet for anything other than dial-up access?

Thanks in advance

 

[Joe Richards [MVP]]

I would say do a network trace of the machines doing the requests and see if
there is anything around it that makes sense. You can also try to figure out
which processes are using that port on those machines.