You have two paths here:
- Restrict the RPC ports on the servers. - Get some intelligent security people or send them to training. The number of ports open is irrelevant - port numbers are simply metadata associated with a stream and imply *nothing* about the traffic itself. As long as the traffic is locked down to the two endpoints, who cares what metadata is associated with the stream? These aren't physical holes and opening one is no different than opening many. Traffic is traffic is traffic - either it's allowed or it's not. J From: [email protected] [mailto:[email protected]] On Behalf Of Frederic Le Royer Sent: Tuesday, November 26, 2013 7:13 AM To: [email protected] Subject: [mssms] Dynamic port config Hello, I am currently struggling getting some Windows 2003 std DP's to work and was wondering if anyone could give me some good pointers. We have our primary site running Windows 2008 R2 and there is no actual firewall at the OS level but at the infrastructure. When we did our first DP install on a remote Windows 2003 R2 Std server, I was having some denied on the firewall for a RPC port (2842), I then asked to get the port open and everything was installed successfully, yesterday I was transferring some packages on the DP and noticed the Error = 0x800706BA in the distmgr.log, after investigation with the network guys, the denied was then on port 2450. My question is I can't have all low range port 1025-5000 open on the firewall, the security team will not allow this, so my best option is to specified a port range (1025-1125), how can I have this implemented as a permanent fix? Also I read that went you force a port range you might be experiencing some issue with other application that use RPC ports. If anyone has dealt with this kind of issue please share your step by step approach taken. Thanks
