To your clients or is there just a firewall between your DC's and the clients on your trusted networks?
Have you checked to see if it's the computer browser that's initiating the calls?
Al
Yeah I know about going client à DC. I'm trying to figure out why the *DC * is establishing connections to the client.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, September 21, 2006 6:05 AM
To: [email protected]
Subject: RE: [ActiveDir] DC Establishing Session to client on TCP139
netbios-ns 137/tcp NETBIOS Name Service
netbios-ns 137/udp NETBIOS Name Service
netbios-dgm 138/tcp NETBIOS Datagram Service
netbios-dgm 138/udp NETBIOS Datagram Service
netbios-ssn 139/tcp NETBIOS Session Service
netbios-ssn 139/udp NETBIOS Session ServiceIt's been a while, but you may find that all 3 are needed.
If memory serves - 137 is used to resolve names; 138 to send/receive data; 139 to establish and maintain the session.
neil
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Paul Williams
Sent: 21 September 2006 09:30
To: [email protected]
Subject: Re: [ActiveDir] DC Establishing Session to client on TCP139It's probably SMB (CIFS). The NT5.x client service attempts to establish SMB sessions using both 445 and 137/8/9 (whichever one). The first to reply is what is used. If 445, it's SMB over TCP/IP. If the NetBT 3, then it's SMB over NetBIOS over TCP/IP (NetBT).
Note. It doesn't use all three of the NetBT3, I just don't remember what's what.
--Paul
----- Original Message -----
From: Brian Desmond
Sent: Thursday, September 21, 2006 2:53 AM
Subject: [ActiveDir] DC Establishing Session to client on TCP139
I'm seeing a lot of hits in firewall logs for DCs trying to establish sessions to clients on TCP139 (NBT Session Service). Does anyone know why this is happening or if it's necessary?
Thanks,
Brian Desmond
c - 312.731.3132
PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
