asked on
Can't access Novell Server through OneCare firewall
If I turn off the firewall, I can access the NFS system without difficulty using the Novell Client for Vista 1.0. However, with the OneCare firewall on, I get the "The tree or server cannot be found. Choose a different tree or server." error message when I try to connect.
If I open all the TCP/IP ports in the firewall from 1-65535, I can login. I assume I don't need all ports open, but I can not find anywhere a specific list of needed ports (at least not a list that has worked) needed to access Novell servers from a Vista client running the firewall with Windows OneCare. How can I do this?
Thank you,
Colin
If I open all the TCP/IP ports in the firewall from 1-65535, I can login. I assume I don't need all ports open, but I can not find anywhere a specific list of needed ports (at least not a list that has worked) needed to access Novell servers from a Vista client running the firewall with Windows OneCare. How can I do this?
Thank you,
Colin
Software FirewallsNovell NetwareWindows Vista
Last Comment
WebColin
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
It turned out that I needed SLP (427), NCP (524), and ports 49000-49999 for the response to NCP 524. OneCare is fundamentally problematic for this, b/c (at least as far as I can tell through the GUI) the Firewall only lets you control which ports are open or closed, with no other options. I can't limit the 49000 range, for example, to only respond to Port 524. There may be a registry or command line setting for finer control, but I'm not aware of any such options.
The rest of my problem was likely unique to my situation. We had moved our offices at about the same time I was trying to make this work with the first Vista laptop. It turned out that the Directory Agent List on the Service Location tab was wrong, referring to an old private IP# at the old address. Surprisingly, I was still sometimes able to connect fine when the Firewall was completely off. Unfortunately, these occasional successes blinded me to this problem. Once I corrected the Directory Agent address, it was easy to determine the correct ports to open on the firewall.
The rest of my problem was likely unique to my situation. We had moved our offices at about the same time I was trying to make this work with the first Vista laptop. It turned out that the Directory Agent List on the Service Location tab was wrong, referring to an old private IP# at the old address. Surprisingly, I was still sometimes able to connect fine when the Firewall was completely off. Unfortunately, these occasional successes blinded me to this problem. Once I corrected the Directory Agent address, it was easy to determine the correct ports to open on the firewall.
Once you're authenticated, all communication between client and server will be via NCP, except for iPrint and other web services.
Iprint uses TCP/UDP port 631 (IPP protocol). LPR/LPD uses TCP 515.
Of course, if you have an FTP server it uses 20/21 like normal...
For authentication, if you're using NMAS methods, you may have to deal with additional ports/protocols. These include:
NMAS: port 1242
LDAP: TCP/UDP Port 389
sLDAP: TCP/UDP port 636
Here's a pretty-definitive TID on all the protocols/ports used in Novell products, so you can refer to it if you have problems accessing any services post-login:
http://support.novell.com/Platform/Publishing/987/3666976_f.1.html
Note that it doesn't differentiate between UDP and TCP - that's the only knock I have against it.