Go Premium for a chance to win a PS4. Enter to Win


rpc port 49158

Posted on 2010-09-07
Medium Priority
Last Modified: 2013-12-04
I am trying to do a small test for restricting rpc to use static port. Using the Registry I did static port assignment for NTDS to be 49155 in the domain controller. I have two virtual machines, the dc is running windows 2008 r2 with ip, and a member server running windows 2003 ip using the dc windows firewall i created new rpc rule to use port 49155. from the firewall log bellow I have two questions:
1- why win2003 is trying to connect to with port 49158? And what is the affect of that?
2- for NTDS static port assignment , do I have to do it for all the company dc’s?
firewall log
ALLOW UDP 1026 53 0 -- RECEIVE
ALLOW TCP 1058 135 0 - 0 0 0 - - - RECEIVE
DROP TCP 1059 49158 48 S 1388427278 0 64240 - - - RECEIVE
DROP TCP 1059 49158 48 S 1388427278 0 64240 - - - RECEIVE
ALLOW UDP 138 138 0 -- RECEIVE
ALLOW UDP 1060 88 0 -- RECEIVE
ALLOW TCP 1061 88 0 - 0 0 0 - - - RECEIVE
ALLOW UDP 1062 88 0 -- RECEIVE
DROP TCP 1059 49158 48 S 1388427278  - - RECEIVE
DROP UDP 137 137 78 -- RECEIVE
DROP UDP 137 137 78 -- RECEIVE
DROP UDP 137 137 78 -- RECEIVE
ALLOW ICMP - - 0 - - - - 8 0 - RECEIVE
DROP UDP 137 137 78 -- RECEIVE
DROP UDP 137 137 78 -- RECEIVE
DROP UDP 137 137 78 -- RECEIVE
DROP UDP 137 137 78 -- RECEIVE
DROP UDP 137 137 78 -- RECEIVE
DROP UDP 137 137 78 -- RECEIVE
ALLOW TCP 1064 49155 0 - 0 0 0 - - - RECEIVE
Question by:alex-2010
1 Comment
LVL 43

Accepted Solution

Adam Brown earned 2000 total points
ID: 33666695
The RPC ports that you're messing with are actually client ports. When a DC makes an RPC request to another DC for replication, it will initiate the request on one of the ports in the range so the RPC server is able to more easily route traffic back to the requesting client. That port is chosen randomly from a range of several thousand. Pinching down the RPC ports on the server will limit the ports that it uses to make requests. So in your situation, the Win2k3 server is opening an RPC request on port 49158 which is being blocked by your firewall. In order to limit ports used by RPC, you'll need to actually limit the ports available on all DCs.

Also, I wouldn't recommend using a single port for RPC client requests, as you may rapidly run out of available ports and in turn decrease throughput and increase latency for replication.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question