DFS issues

Hello,

I am having some DFS issues and have narrowed it down to a windows firewall issue.  When the firewall is on I cannot connect to the share and FRS does not work between two different shares.  When the firewall is off, I can connect to the share and FRS works.

My question is, what needs to be added to windows firewall in order for DFS and FRS to work properly.

I have added the following:
TCP - 137, 139, 389, 135, 445
UDP - 137, 138, 389, 445
File and Printer Sharing

But still no success.  What else needs to be done?

Thanks in advance.
BRI-ConsultingAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RobinHumanCommented:
Take a look at the following article re: dfsrdiag (this would suggest that you need to allow this .exe through the firewall as well)
http://www.experts-exchange.com/Security/IDS/Q_22746536.html
0
BRI-ConsultingAuthor Commented:
I allowed the dfsrdiag.exe and still no luck.

I also did:
dfsrdiag StaticRPC /port:nnnnn /Member:Branch01.sales.contoso.com

and the operation failed.  Any other suggestions?
0
RobinHumanCommented:
when you ran dfsrdiag, did you set it to a particular static port and open that port on the firewall?
the command should look something like this: dfsrdiag staticRPC /port:{port number} /Member:{your server's fqdn - ie. server1.joebloggs.com}
see this article:
http://rockstarguys.com/blogs/colin/archive/2008/01/25/locking-down-dfs-for-windows-firewall.aspx
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

BRI-ConsultingAuthor Commented:
I get this:

C:\WINDOWS\ServicePackFiles\i386>dfsrdiag StaticRPC /port:135 /Member:<computer>

[ERROR] Failed to connect to WMI services on computer: <computer>

Operation Failed
0
RobinHumanCommented:
You need to start the Windows Management Instrumentation services on the server;
 
0
BRI-ConsultingAuthor Commented:
That service is started.
0
BRI-ConsultingAuthor Commented:
DFS shows both targets as 'online'.  However, files and folders still won't sync.
0
BRI-ConsultingAuthor Commented:
I followed this article:  http://technet.microsoft.com/en-us/library/bb727063.aspx

Specifically:

Next, navigate to this registry key:

HKEY_LOCAL_MACHINE
SYSTEM\
CurrentControlSet\
Services\
NTFRS\
Parameters\

Add a new DWORD value called RPC TCP/IP Port Assignment (include the spaces). Set the value's data to the port number that you want to use (remember to change the displayed base to decimal before you enter the data).

Do this on all your Active Directory servers. You must restart them for the change to take effect.

I restarted FRS on both and opened the port on the firewall.  This seemed to have done the trick.  Still testing.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.