?
Solved

Opening Ports in Server 2008 R2 without having Windows Firewall activated.

Posted on 2011-02-24
8
Medium Priority
?
1,394 Views
Last Modified: 2012-05-11
Hello,

I am in desperate need of help on this. We use a product called Mediasite that requires FTP PASV ports 1025-65535 open.

Now I have made numerous Incoming and outgoing rules in the Windows Fire wall as well as our SONICwall PRO 2040... to allow this... but the Server seems to only have a set amoutn of ports open.
Please see attached.

Regardless if the Windows firewall is switch off and the access rules in Soinwall are disbaled.. I only see these ports..
Switch Firewall back on , Only These ports... Switch enable on the Sonicwall. access rules .. Only these Ports.



All I want is the server to allow me to open more ports... what do I have to do...
untitled.bmp
0
Comment
Question by:mgtaylor3
8 Comments
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34976801
Does running the Security Configuration Wizard help you?


http://technet.microsoft.com/en-us/library/cc771492%28WS.10%29.aspx
0
 

Expert Comment

by:Coryvmcs1
ID: 34976828
0
 
LVL 33

Accepted Solution

by:
digitap earned 1000 total points
ID: 34976999
so, is FTP configured and you just need to change the ephemeral port range on the server?

Microsoft Windows

As of Windows Vista and Windows Server 2008, Windows now uses a large range (49152-65535) by default, according to Microsoft Knowledgebase Article 929851. That same article also shows how you can change the range if desired, but the default range is now sufficient for most servers.

For older Windows operating systems (Windows XP and older), Windows uses the traditional BSD range of 1024 through 4999 for its ephemeral port range.  Unfortunately it appears that you can only set the upper bound of the ephemeral port range.  Here is information excerpted from Microsoft Knowledgebase Article 196271:

    * Start Registry Editor (Regedt32.exe).
    * Locate the following key in the registry:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    * On the Edit menu, click Add Value, and then add the following registry value:

      Value Name: MaxUserPort Data Type: REG_DWORD Value: 65534 <for example>

      Valid Range: 5000-65534 (decimal) Default: 0x1388 (5000 decimal)

      Description: This parameter controls the maximum port number used when an application requests any available user port from the system. Normally, ephemeral (that is, short-lived) ports are allocated between the values of 1024 and 5000 inclusive.
    * Quit Registry Editor.

Note: There is another relevant KB article (812873) which claims to allow you to set an exclusion range, which could mean that you could exclude ports 1024-9999 (for example) to have the ephemeral port range be 10000-65534. However, we have not been able to get this to work (as of October 2004).

ref: http://www.ncftp.com/ncftpd/doc/misc/ephemeral_ports.html
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 7

Assisted Solution

by:Ned Ramsay
Ned Ramsay earned 1000 total points
ID: 34979654
Hi,
The NETSTAT command that you have run, does not show all ports that are available for connection.
It only shows ports that are ACTIVELY LOOKING for connections (listening) or currently in use.

Passive FTP works on port 21 initially (which you can see is listening on your screenshot), it then self assigns a port between it and the remote client (which will be from within that range). If the windows firewall is off then all ports are enabled anyway, meaning that the issue is with the way your FTP server/Client is configured.

Here is a quick link explaining how the two types work http://slacksite.com/other/ftp.html
0
 

Author Comment

by:mgtaylor3
ID: 34993121
Hi Guys, Thanks for the quick response, I;ll go through all and whatever fixes this damned issues I'll award the points..

0
 

Author Comment

by:mgtaylor3
ID: 34993172
Corymccs1: Hi  , No I've been through your process as that was the first port of call, excuse the pun... but to no avail..

I'm going through Digitap's reply at the moment as that seemed to be the nearest and probable answer to my issue, but the proof is in the pudding... will get back to you on that.
0
 

Author Comment

by:mgtaylor3
ID: 35011187
Hello all, Ok no joy on any of the solutions put forward as yet.

Feel happier having gone through these so far but unfrotunatly still no resolution.

I am now stripping the Sonicwall Pro of all Access rules to the Mediasite Web/FTp server and re-applying., basically just to re-eliminate this...

Will keep you posted. A share of points may be the answer.
0
 
LVL 7

Expert Comment

by:Ned Ramsay
ID: 35068190
Did you get it working mqtaylor3?
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
By default Outlook 2016 displays only one time zone in the Calendar. The following article explains how to display two time zones in one calendar view.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question