Avatar of WebColin
 asked on

Can't access Novell Server through OneCare firewall

If I turn off the firewall, I can access the NFS system without difficulty using the Novell Client for Vista 1.0. However, with the OneCare firewall on, I get the "The tree or server cannot be found. Choose a different tree or server." error message when I try to connect.

If I open all the TCP/IP ports in the firewall from 1-65535, I can login. I assume I don't need all ports open, but I can not find anywhere a specific list of needed ports (at least not a list that has worked) needed to access Novell servers from a Vista client running the firewall with Windows OneCare. How can I do this?

Thank you,
Software FirewallsNovell NetwareWindows Vista

Avatar of undefined
Last Comment

8/22/2022 - Mon

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

Oh, and be sure to allow both TCP and UDP for the NCP protocol.  

Once you're authenticated, all communication between client and server will be via NCP, except for iPrint and other web services.

Iprint uses TCP/UDP port 631 (IPP protocol).  LPR/LPD uses TCP 515.  

Of course, if you have an FTP server it uses 20/21 like normal...

For authentication, if you're using NMAS methods, you may have to deal with additional ports/protocols.  These include:

NMAS: port 1242
LDAP: TCP/UDP Port 389
sLDAP: TCP/UDP port 636

Here's a pretty-definitive TID on all the protocols/ports used in Novell products, so you can refer to it if you have problems accessing any services post-login:


Note that it doesn't differentiate between UDP and TCP - that's the only knock I have against it.

It turned out that I needed SLP (427), NCP (524), and ports 49000-49999 for the response to NCP 524. OneCare is fundamentally problematic for this, b/c (at least as far as I can tell through the GUI) the Firewall only lets you control which ports are open or closed, with no other options. I can't limit the 49000 range, for example, to only respond to Port 524. There may be a registry or command line setting for finer control, but I'm not aware of any such options.

The rest of my problem was likely unique to my situation. We had moved our offices at about the same time I was trying to make this work with the first Vista laptop. It turned out that the Directory Agent List on the Service Location tab was wrong, referring to an old private IP# at the old address. Surprisingly, I was still sometimes able to connect fine when the Firewall was completely off. Unfortunately, these occasional successes blinded me to this problem. Once I corrected the Directory Agent address, it was easy to determine the correct ports to open on the firewall.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy