Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

domain controllers are trying to communicate with linux hosts on 135, 137, 139 and 445. is this normal? if so, why is it normal?

Posted on 2014-10-07
2
Medium Priority
?
182 Views
Last Modified: 2014-10-10
hello! we have 2 domain controllers in 1 site trying to communicate with some linux hosts that are behind a firewall at another site.
ports 135, 137, 139 and 445
they are getting blocked by a firewall between the 2 networks, but im wondering why the windows domain controllers are trying to communicate with them in the first place
the hosts ARE listed in DNS (we are using active directory integrated DNS)
would that be why?
0
Comment
Question by:jsctechy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 8

Accepted Solution

by:
R_Edwards earned 2000 total points
ID: 40366691
Jsctechy,
     You are very close, Windows has to has specific ports open to work as a domain controller, and because you have Linux Hosts and I figure you are authenticating from the Linux host to AD.
 here is a small explanation of the ports:

TCP 135 Replication RPC, EPM
     
TCP 137 NetBIOS Name resolution NetBIOS Name resolution
     
TCP 139 User and Computer Authentication, Replication DFSN, NetBIOS Session Service, NetLogon

TCP and UDP 445 Replication, User and Computer Authentication, Group Policy, Trusts SMB, CIFS, SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc

/r
-=Richard
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40366800
are there any domain controllers gone but not cleaned up in AD that had IP address(es) now used by one of the linux systems?  just having an A record won't cause that traffic
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question