In answer to the subject, here is the MS doc specifying ports for TS
Licensing:
http://support.microsoft.com/kb/832017
Note Terminal Services Licensing offers its services by using RPC over named
pipes. This service has the same firewall requirements as those of the "File
and Printer Sharing" feature.
If you block RPC then not much will work over the WAN. If you use IPSec for
all server communication, then the servers will be able to communicate with
each other, but clients will not communicate with the servers over the WAN.
Instead at the routers/firewalls you could do something like allow servers
to communicate with servers, but not allow clients to communicate with
remote servers except through specified ports e.g for mail, RDP, Citrix,
http etc.
Anthony
http://www.airdesk.com
"Klay" <> wrote in message
news:6AB71833-51CC-458D-AD54-...
> We are expecting to close port 139 on all physical routers/firewalls and
> have
> been told that Terminal Server Licensing may fail. We serve TS licenses
> from
> one server to several other servers over a WAN. To avoid this we are
> attempting to implement IPSec between servers. With the servers tunneling
> through IPSec we are hoping to tunnel, port 139 requests past the physical
> routers. The router would normally filter that out, and allow the 2003
> Server to accept request for port 139 (port 139 not blocked on the servers
> yet). Is this a workable solution? Also, if port 139 is blocked on the
> physical server will that create later problems?
Similar Threads
Linear Mode
