You can also use firewall tracing. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Brian Desmond Sent: Wednesday, May 13, 2015 4:58 PM To: [email protected] Subject: RE: [NTSysADM] Firewall settings for DCs
Have you collected a network trace? If there's a port being blocked, that should be pretty apparent there. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Leone Sent: Wednesday, May 13, 2015 1:13 PM To: [email protected] Subject: [NTSysADM] Firewall settings for DCs I am having a hard time finding a list of what the settings for a Win2012 R2 DC should be. Here's my problem - running a "dcdiag /a" is reporting problems not finding the network path to a DC in a remote site. I know the remote DC is there; I can ping it; etc. So something in the firewall is blocking it, but it's unclear to me as to which rule specifically. The DC shows it's connected to a domain, with the Windows firewall on. I imagine that it must be an outbound rule blocking me, but I see all "Active Directory (TCP and UDP out)" enabled; all "Core Networking" enabled; all "File and Printer Sharing" entries with a green check mark (Echo, NB, SMB). Shouldn't that be enough? I shouldn't need any of the "Network Discovery" rules enabled, should I? (correct me if I am wrong, but if I can't do a "\\<remote-DC>\C$", then the dcdiag diag will also fail?) What am I missing here? There are no hardware firewalls between me and the remote DC, and the remote DC has all firewalls turned off (for testing).
