I have not, haven't had the time yet.
On Wed, May 13, 2015 at 4:57 PM, Brian Desmond <[email protected]> wrote:
> Have you collected a network trace? If there's a port being blocked, that
> should be pretty apparent there.
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> On Behalf Of Michael Leone
> Sent: Wednesday, May 13, 2015 1:13 PM
> To: [email protected]
> Subject: [NTSysADM] Firewall settings for DCs
>
> I am having a hard time finding a list of what the settings for a
> Win2012 R2 DC should be. Here's my problem - running a "dcdiag /a" is
> reporting problems not finding the network path to a DC in a remote site. I
> know the remote DC is there; I can ping it; etc. So something in the firewall
> is blocking it, but it's unclear to me as to which rule specifically.
>
> The DC shows it's connected to a domain, with the Windows firewall on.
> I imagine that it must be an outbound rule blocking me, but I see all "Active
> Directory (TCP and UDP out)" enabled; all "Core Networking"
> enabled; all "File and Printer Sharing" entries with a green check mark
> (Echo, NB, SMB). Shouldn't that be enough?
>
> I shouldn't need any of the "Network Discovery" rules enabled, should I?
>
> (correct me if I am wrong, but if I can't do a "\\<remote-DC>\C$", then the
> dcdiag diag will also fail?)
>
> What am I missing here? There are no hardware firewalls between me and the
> remote DC, and the remote DC has all firewalls turned off (for testing).
>
>
