?
Solved

Windows firewall sp2

Posted on 2007-03-29
7
Medium Priority
?
347 Views
Last Modified: 2010-04-10
Morning,

I seem to be having a small problem with windows firewall on a server 2003 enteprise edition.
I've installed SP2 and all relevent updates. the server is setup as one domain controller with dns.
All is working AOK on that side - the problem started when i tried to join a computer's to the domain, i was getting access denied errors etc, (these were fresh installs) I found that disabling the firewall sorted this problem.
Now that i have 5 users connected to the domain they all have problems logging on to it.  It just hangs there for ages and ages.  If i disable windows firewall they connect immediately.
Do i need to open any ports for Active D and DNS - never had to do this before from memory - strange.


Thanks for any help.


0
Comment
Question by:John
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 14

Accepted Solution

by:
Burns2007 earned 750 total points
ID: 18821935
Personally I would disable windows firewall on the server.

Windows firewall is not a valid solution fo ryour internal connection.

Do you have this server directly connected to the internet and using ICS? If so, you can enable the firewall on that connection but not the internal one.

If you a router etc instead connected to the network, I wouldn't have the windows firewall turned on at all on your server.
0
 

Author Comment

by:John
ID: 18821975
Hi Burns2007

The server and clients use are using a Netgear DG834 ADSL router with built in NAT etc for internet access.  I'm not using ICS so i don't know what you mean about using the firewall on that connection. do you think not having the firewall on will be sufficient. I'd prefer to have it on but don't understand why this is giving me problems.


Thanx.
0
 
LVL 11

Expert Comment

by:Zenith63
ID: 18828412
Your NAT router will be acting as a firewall to the outside world, effectively sealing you off from it, so having a firewall on the server is probably going to cause you more hassle (for reasons like the problem you've described) then the small amount of extra security you gain.  The Windows firewall is only really giving you two extra bits of security - it will prevent access to the server from clients already on your network (not important in most small businesses IMHO) and will prevent the spread of network viruses to the server if one happens to get onto a LAN PC (again not that important considering how rare viruses are these days and how good most AntiVirus programs are if they're up-to-date).
So I agree with Burns2007, dump the firewall, you don't need it and it will cause more problems then it solves.
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:John
ID: 18831384
OK, see what your saying.  Have you guys run servers before without any firewall protection.

0
 

Author Comment

by:John
ID: 18832222
I still don't like teh idea of running this Server without a personal firewall turned on,  especially as it's running as a file server and DNS server.  My NAT firewall router will only provide a perimator wall for traffic on the Net - if a laptop user for instance is infected with a virus, this could easily spead across the LAN, and effect any weak system that's vunerable. i.e MSblaster worm etc or any new born.

There are tonnes of ports, so opening a few for Server 2003 to function correctly shouldn't be a problem.  Do you guys know the right ports for this.

Cheers
0
 
LVL 11

Assisted Solution

by:Zenith63
Zenith63 earned 750 total points
ID: 18836113
Sorry, I don't know the ports in question.  To answer your other question; I have never put a firewall on a server, ever.  I also can't remember the last time I came across a server with a firewall on it.  It's just not the way it tends to be done for the very reason you've come across.

Decent AntiVirus (including server email scanning) updated at least daily and regular Windows updates is enough in a vast majority of cases.
0
 

Author Comment

by:John
ID: 18836816
Ok i will close this question and take your advice. I'm looking into getting a better hardware firewall anyway which should protect the server.

I will share the points out - think that's fair enough.

cheers

W.J
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question