Per KB article (below) these ports must be opened for F/E B/E OWA to work (not included in the list is HTTP but that one's easy). My question is, assuming multiple Domain Controllers and a single GC - which servers need 88, 389, 445, 3268 available? All domain controllers or just the GC? From my understanding, 88, 389, 445 must be opened to all DCs. 3268 only to the GC. Then again, I'm not too bright. Thanks. Eric http://support.microsoft.com/support/kb/articles/Q280/1/32.ASP -------------------------------------------------------------------------- Enable Windows 2000 Server-based computers to log on to the domain through the firewall by opening the following ports for inbound traffic: 53 (User Datagram Protocol [UDP]) - Domain Name System (DNS). 88 (Transmission Control Protocol [TCP], UDP) - Kerberos authentication. 135 (TCP) - EndPointMapper. 389 (TCP, UDP) - Lightweight Directory Access Protocol (LDAP). 445 (TCP) - Server message block (SMB) for Netlogon, LDAP conversion and distributed file system (Dfs) discovery. 3268 (TCP) - LDAP to global catalog servers. One port for the Active Directory logon and directory replication interface (universally unique identifiers [UUIDs] 12345678-1234-abcd-ef00-01234567cffb and e3514235-4b06-11d1-ab04-00c04fc2dcd2), which is typically assigned port 1025 or 1026 during startup. This value is not set in the DSProxy or System attendant (MAD) source code, so you need to map the port in the registry and then open the port on the firewall. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
