• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5124
  • Last Modified:

rpc port 49158

I am trying to do a small test for restricting rpc to use static port. Using the Registry I did static port assignment for NTDS to be 49155 in the domain controller. I have two virtual machines, the dc is running windows 2008 r2 with ip 10.2.2.2, and a member server running windows 2003 ip 10.8.8.8. using the dc windows firewall i created new rpc rule to use port 49155. from the firewall log bellow I have two questions:
1- why win2003 is trying to connect to 10.2.2.2 with port 49158? And what is the affect of that?
2- for NTDS static port assignment , do I have to do it for all the company dc’s?
 Thanx
firewall log
ALLOW UDP 10.8.8.8 10.2.2.2 1026 53 0 -- RECEIVE
ALLOW TCP 10.8.8.8 10.2.2.2 1058 135 0 - 0 0 0 - - - RECEIVE
DROP TCP 10.8.8.8 10.2.2.2 1059 49158 48 S 1388427278 0 64240 - - - RECEIVE
DROP TCP 10.8.8.8 10.2.2.2 1059 49158 48 S 1388427278 0 64240 - - - RECEIVE
ALLOW UDP 10.8.8.8 10.255.255.255 138 138 0 -- RECEIVE
ALLOW UDP 10.8.8.8 10.2.2.2 1060 88 0 -- RECEIVE
ALLOW TCP 10.8.8.8 10.2.2.2 1061 88 0 - 0 0 0 - - - RECEIVE
ALLOW UDP 10.8.8.8 10.2.2.2 1062 88 0 -- RECEIVE
DROP TCP 10.8.8.8 10.2.2.2 1059 49158 48 S 1388427278  - - RECEIVE
DROP UDP 10.8.8.8 10.255.255.255 137 137 78 -- RECEIVE
DROP UDP 10.8.8.8 10.255.255.255 137 137 78 -- RECEIVE
DROP UDP 10.8.8.8 10.255.255.255 137 137 78 -- RECEIVE
ALLOW ICMP 10.8.8.8 10.2.2.2 - - 0 - - - - 8 0 - RECEIVE
DROP UDP 10.8.8.8 10.2.2.2 137 137 78 -- RECEIVE
DROP UDP 10.8.8.8 10.2.2.2 137 137 78 -- RECEIVE
DROP UDP 10.8.8.8 10.2.2.2 137 137 78 -- RECEIVE
DROP UDP 10.8.8.8 10.255.255.255 137 137 78 -- RECEIVE
DROP UDP 10.8.8.8 10.255.255.255 137 137 78 -- RECEIVE
DROP UDP 10.8.8.8 10.255.255.255 137 137 78 -- RECEIVE
ALLOW TCP 10.8.8.8 10.2.2.2 1064 49155 0 - 0 0 0 - - - RECEIVE
0
alex-2010
Asked:
alex-2010
1 Solution
 
Adam BrownSr Solutions ArchitectCommented:
The RPC ports that you're messing with are actually client ports. When a DC makes an RPC request to another DC for replication, it will initiate the request on one of the ports in the range so the RPC server is able to more easily route traffic back to the requesting client. That port is chosen randomly from a range of several thousand. Pinching down the RPC ports on the server will limit the ports that it uses to make requests. So in your situation, the Win2k3 server is opening an RPC request on port 49158 which is being blocked by your firewall. In order to limit ports used by RPC, you'll need to actually limit the ports available on all DCs.

Also, I wouldn't recommend using a single port for RPC client requests, as you may rapidly run out of available ports and in turn decrease throughput and increase latency for replication.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

Tackle projects and never again get stuck behind a technical roadblock.
Join Now