Link to home
Start Free TrialLog in
Avatar of Codeonesysadmin
Codeonesysadmin

asked on

W2K3 firewall blocking domain trust need help with ports

I've read all the postings here for help and all of the microsoft KBs and other forums.  My situation is I have a 2000 Domain and a new 2003 domain.  Different forests each running it's own DNS.  Both Domains are on the same network.  I have setup the dns forward lookup zones on each and verified each is working according to other posts here.  What I have a problem with is when I disable the windows firewall on the 2003 server everything works fine, no problems and fast, when I turn the firewall on, the trust disconnects and I get RPC server unavailable errors.  I have setup exceptions in the firewall according to MS recommendations and other suggestions from here.  None work.  Has anyone found the "magic" ports to open?  I would prefer to leave the firewall on.
Avatar of sstone55423
sstone55423
Flag of United States of America image
In many environments the WIndows 2003 firewall is disabled.  This is usually because they have a good quality firewall in place at the perimter.
If you choose to keep it enabled, yes you need to allow thorugh the ports for Active Directory authentication.
 TCP ports: 135,139,445

UDP ports: 135,137,138,445
You should not need RPC, port 88, but keep it in mind in case there are issues.
Avatar of ChiefIT
ChiefIT
Flag of United States of America image
Just wanted to make sure you saw these articles:

http://support.microsoft.com/kb/555381
one thing this doesn't mention is ICMP: (for Ping and tracert)
http://nic.phys.ethz.ch/readme/164

I always liked this article for key microsoft ports:
http://www.microsoft.com/smallbusiness/support/articles/ref_net_ports_ms_prod.mspx
Avatar of Codeonesysadmin
Codeonesysadmin

ASKER

Thanks guys for the support.  ChiefIT, I had used all 3 of those documents already in my previous attempts.  Particularly the first 2.  I have done precisely what they explain and to no avail.  SStone, all those ports are already open in my configuration.  We are being forced for now to leave the firewall off.  It's not a huge risk as we are behind a WatchGuard firewall and things seem pretty secure.  I was just hoping that someone may have run into this issue with the 2k3 firewall and domain trusts.  I'll leave the question for a few more days while I do other research and await any further responces.  Thanks again for the help!
ASKER CERTIFIED SOLUTION
Avatar of ChiefIT
ChiefIT
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Codeonesysadmin
Codeonesysadmin

ASKER

Thanks for the help.  In the end, we turned off the firewall.  I tried setting the RPC random port to a specific, but that too didn't work for us.  As everything works great with the firewall off and we do have a secure network with hardware, I guess the risk just isn't there.  Anyway, Thanks for the great info!
Avatar of Codeonesysadmin
Codeonesysadmin

ASKER

Thanks for the specifics and documents to support the question!