Will Terminal Server Licensing fail if Port 139 is closed on Firew

Discussion in 'Server Security' started by Klay, Apr 28, 2009.

  1. Klay

    Klay Guest

    We are expecting to close port 139 on all physical routers/firewalls and have
    been told that Terminal Server Licensing may fail. We serve TS licenses from
    one server to several other servers over a WAN. To avoid this we are
    attempting to implement IPSec between servers. With the servers tunneling
    through IPSec we are hoping to tunnel, port 139 requests past the physical
    routers. The router would normally filter that out, and allow the 2003
    Server to accept request for port 139 (port 139 not blocked on the servers
    yet). Is this a workable solution? Also, if port 139 is blocked on the
    physical server will that create later problems?
    Klay, Apr 28, 2009
    1. Advertisements

  2. In answer to the subject, here is the MS doc specifying ports for TS


    Note Terminal Services Licensing offers its services by using RPC over named
    pipes. This service has the same firewall requirements as those of the "File
    and Printer Sharing" feature.

    If you block RPC then not much will work over the WAN. If you use IPSec for
    all server communication, then the servers will be able to communicate with
    each other, but clients will not communicate with the servers over the WAN.

    Instead at the routers/firewalls you could do something like allow servers
    to communicate with servers, but not allow clients to communicate with
    remote servers except through specified ports e.g for mail, RDP, Citrix,
    http etc.

    Anthony [MVP], May 1, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.