AD ports

Discussion in 'Server Security' started by Miha Pihler, Sep 12, 2004.

  1. Miha Pihler

    Miha Pihler Guest

    Hi,

    TCP ports 1057,1059 and 1061 look to me like randomly generated TCP ports
    (they are above 1024).

    You could run TCPView from SysInternals
    (http://www.sysinternals.com/ntw2k/source/tcpview.shtml -- it is a free
    utility) on your DCs. This will tell you which process is using specific
    TCP/UDP port and you can then try to fixate these ports to specific values
    so that you can let them through the firewall.

    Port Requirements for the Microsoft Windows Server System
    http://support.microsoft.com/default.aspx?scid=kb;en-us;832017&Product=winsvr2003

    Mike
     
    Miha Pihler, Sep 12, 2004
    #1
    1. Advertisements

  2. Miha Pihler

    Guest Guest

    Hi

    I have 2 sites that protected by CheckPoint firewall.

    In each site I have DC.

    I closed all the ports and opened only the necessary ports for AD and
    internet.

    I also changed the RPC dynamic assignment port from Dynamic to Fix ,port
    9999, in
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\
    I had the parameter TCP/IP Port=9999

    All the replication is working good.

    My problem is that in the FW monitor I see that the 2 DC's try to connect in
    ports 1057,1059 and 1061, but those prots r closed.

    How can I find what r those ports?

    Than'x
    Shay
     
    Guest, Sep 12, 2004
    #2
    1. Advertisements

  3. One possibility is using IPSec between the two domain controllers? Then
    you open ports for IPSec and not for AD.

    Other possibilities are to decide that everything is working and keep those
    ports closed, or to open a range of ports.
     
    Karl Levinson [x y] mvp, Sep 12, 2004
    #3
  4. Miha Pihler

    Guest Guest

    Its says that the ntfrs.exe is using those ports. But I change the dynamic
    to fix.

    Shay
     
    Guest, Sep 12, 2004
    #4
  5. Miha Pihler

    Guest Guest

    Hi

    Is there a problem with what I did?
    Shay



     
    Guest, Sep 12, 2004
    #5
  6. Miha Pihler

    Miha Pihler Guest

    Is there a problem with what I did?
    It depends what you did to protect the data between one and the other site?
    Do you use VPN or IPSec or some other means of encryption? This is important
    if traffic between one and the other site travels over untrusted network
    (e.g. Internet).

    Mike
     
    Miha Pihler, Sep 12, 2004
    #6
  7. Miha Pihler

    Miha Pihler Guest

    Hi,

    In your first post you posted that you fixed this port:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\
    I had the parameter TCP/IP Port=9999

    Now you need to fix FRS port which uses different registry keys...

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTFRS\Parameters

    Value name: RPC TCP/IP Port Assignment
    Data type: REG_DWORD
    Value data: Type an available port

    For full article follow this link:

    How to Restrict FRS Replication Traffic to a Specific Static Port
    http://support.microsoft.com/default.aspx?kbid=319553

    Be careful about these things...

    You shoud also read these:

    Restricting Active Directory Replication Traffic to a Specific Port
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;224196

    Configure RPC Dynamic Port Allocation to Work with Firewall
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;154596

    Port Requirements for the Microsoft Windows Server System
    http://support.microsoft.com/default.aspx?scid=kb;en-us;832017&Product=winsvr2003

    And oter related articles mentioned in above KBs.

    Mike
     
    Miha Pihler, Sep 12, 2004
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.