| Author | Messages | |
davidadner
Posts:0
 | | 08/25/2005 3:31 AM |
| It's been a few weeks, so time for another question on ports. MS's whitepaper
that discusses how to setup AD to communicate through a firewall (the one that
focuses primarily on DC to DC communication) lists the following ports needed to
service "User Login and Authentication" and "Computer Login and
Authentication":
445 TCP/UDP
88 TCP/UDP
389 UDP
53 TCP/UDP
(I would add ICMP for GPO processing.)
Most people who normally respond to "what ports are needed..." include
135.
I just ran a Netmon trace during a logon from an XP machine and do see some
traffic hitting 135. I also see traffic hitting 137 and 139.
I'm not good at reading traces so I don't really know what's happening
besides the basic traffic flow. Does anyone know what 135 (and 139 I
suppose) are being used for? And if they're blocked does it totally break
everything or just limit certain functions? I am not worried about DC to DC
communication. The scenario is member systems separated from DC's with a
firewall and the network folks want to allow the absolute minimum ports.
Thx | | | |
| rkingsla@xxxx.yyy
| | 08/25/2005 3:52 AM |
| David,
If you really, really want to use the
absolute minimum ports through a firewall, use IPSec tunnel mode.
However, your Network Engineers (or whoever manages your Firewalls) may not
like it. Reason? Likely the same reason that I got when I suggested
this at a previous employer:
Well, if you put it in IPSec tunnels,
then we won™t be able to see or sniff it.
My question: Why do you need
to sniff or see it?
No answer¦.
Rick
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of David Adner
Sent: Wednesday, August 24, 2005
10:31 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Ports during
authentication/logons...
It's been
a few weeks, so time for another question on ports. MS's whitepaper that
discusses how to setup AD to communicate through a firewall (the one that
focuses primarily on DC to DC communication) lists the following ports needed
to service "User Login and Authentication" and "Computer Login
and Authentication":
445
TCP/UDP
88
TCP/UDP
389 UDP
53
TCP/UDP
(I would
add ICMP for GPO processing.)
Most
people who normally respond to "what ports are needed..." include
135.
I just
ran a Netmon trace during a logon from an XP machine and do see some traffic
hitting 135. I also see traffic hitting 137 and 139.
I'm not
good at reading traces so I don't really know what's happening besides the
basic traffic flow. Does anyone know what 135 (and 139 I
suppose)
are being used for? And if they're blocked does it totally break everything or
just limit certain functions? I am not worried about DC to DC communication.
The scenario is member systems separated from DC's with a firewall and the
network folks want to allow the absolute minimum ports.
Thx | | | |
| rkingsla@xxxx.yyy
| | 08/25/2005 3:56 AM |
| You™ve likely seen this, but it does
describe ports needed for REPLICATION¦¦ However, Steve does
talk about the benefits of using IPSec through a firewall¦¦
Rick
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of David Adner
Sent: Wednesday, August 24, 2005
10:31 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Ports during
authentication/logons...
It's been
a few weeks, so time for another question on ports. MS's whitepaper that
discusses how to setup AD to communicate through a firewall (the one that
focuses primarily on DC to DC communication) lists the following ports needed
to service "User Login and Authentication" and "Computer Login
and Authentication":
445
TCP/UDP
88
TCP/UDP
389 UDP
53
TCP/UDP
(I would
add ICMP for GPO processing.)
Most
people who normally respond to "what ports are needed..." include
135.
I just
ran a Netmon trace during a logon from an XP machine and do see some traffic
hitting 135. I also see traffic hitting 137 and 139.
I'm not
good at reading traces so I don't really know what's happening besides the
basic traffic flow. Does anyone know what 135 (and 139 I
suppose)
are being used for? And if they're blocked does it totally break everything or
just limit certain functions? I am not worried about DC to DC communication.
The scenario is member systems separated from DC's with a firewall and the
network folks want to allow the absolute minimum ports.
Thx | | | |
| bdesmond
Posts:977
| | 08/25/2005 4:06 AM |
| Yeah I got that answer too. I asked that question you asked too. I got
the well uh¦. Response.
Thanks,
Brian
Desmond
brian@xxxxxxxxxxxxxxxx
c -
312.731.3132
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Rick Kingslan
Sent: Wednesday, August 24, 2005
10:51 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Ports
during authentication/logons...
David,
If you really, really want to use the
absolute minimum ports through a firewall, use IPSec tunnel mode.
However, your Network Engineers (or whoever manages your Firewalls) may not
like it. Reason? Likely the same reason that I got when I suggested
this at a previous employer:
Well, if you put it in IPSec
tunnels, then we won™t be able to see or sniff it.
My question: Why do you need
to sniff or see it?
No answer¦.
Rick
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of David Adner
Sent: Wednesday, August 24, 2005
10:31 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Ports during
authentication/logons...
It's been
a few weeks, so time for another question on ports. MS's whitepaper that
discusses how to setup AD to communicate through a firewall (the one that
focuses primarily on DC to DC communication) lists the following ports needed
to service "User Login and Authentication" and "Computer Login
and Authentication":
445
TCP/UDP
88
TCP/UDP
389 UDP
53
TCP/UDP
(I would
add ICMP for GPO processing.)
Most
people who normally respond to "what ports are needed..." include
135.
I just
ran a Netmon trace during a logon from an XP machine and do see some traffic
hitting 135. I also see traffic hitting 137 and 139.
I'm not
good at reading traces so I don't really know what's happening besides the
basic traffic flow. Does anyone know what 135 (and 139 I
suppose)
are being used for? And if they're blocked does it totally break everything or
just limit certain functions? I am not worried about DC to DC communication.
The scenario is member systems separated from DC's with a firewall and the
network folks want to allow the absolute minimum ports.
Thx | | | |
| davidadner
Posts:0
| | 08/25/2005 4:11 AM |
| I would normally look at the IPSec route, too, but it's not
(as far as I know) supported by MS between domain members and DC's. It's
supposed membermember and DCDC, but not
membersDC's. At least, not if Kerberos is used. Not sure
how they feel about certs. Shared keys just wouldn't be an
option.
Specifically, though, they have their backs up with
135. Do you know what's using it during a logon/GPO
process/??
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Rick
KingslanSent: Wednesday, August 24, 2005 10:51 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Ports during
authentication/logons...
David,
If you really, really
want to use the absolute minimum ports through a firewall, use IPSec tunnel
mode. However, your Network Engineers (or whoever manages your Firewalls)
may not like it. Reason? Likely the same reason that I got when I
suggested this at a previous employer:
Well, if you put it in
IPSec tunnels, then we won™t be able to see or sniff
it.
My question: Why
do you need to sniff or see it?
No
answer¦.
Rick
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of David
AdnerSent: Wednesday, August
24, 2005 10:31 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Ports during
authentication/logons...
It's been a
few weeks, so time for another question on ports. MS's whitepaper that discusses
how to setup AD to communicate through a firewall (the one that focuses
primarily on DC to DC communication) lists the following ports needed to service
"User Login and Authentication" and "Computer Login and
Authentication":
445
TCP/UDP
88
TCP/UDP
389
UDP
53
TCP/UDP
(I would
add ICMP for GPO processing.)
Most people
who normally respond to "what ports are needed..." include
135.
I just ran
a Netmon trace during a logon from an XP machine and do see some traffic hitting
135. I also see traffic hitting 137 and 139.
I'm not
good at reading traces so I don't really know what's happening besides the basic
traffic flow. Does anyone know what 135 (and 139 I
suppose)
are being used for? And if they're blocked does it totally break everything or
just limit certain functions? I am not worried about DC to DC communication. The
scenario is member systems separated from DC's with a firewall and the network
folks want to allow the absolute minimum ports.
Thx | | | |
| TonyTest
Posts:0
| | 08/25/2005 4:40 AM |
| Yes, member server to DC using IPSec is not
supported. Well at least it wasn't in Windows 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q254949
Not sure why port 135 would be required for logon.
Just a thought.... in additional to port 3268, the information held in the
GC is made available via NSPI. Access to NSPI would be via the
RPC end point mapper (port 135). So perhaps Outlook clients on the XP
machines are generating the traffic on port 135?
Tony
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of David
AdnerSent: Thursday, 25 August 2005 4:11 p.m.To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Ports during
authentication/logons...
I would normally look at the IPSec route, too, but it's not
(as far as I know) supported by MS between domain members and DC's. It's
supposed membermember and DCDC, but not
membersDC's. At least, not if Kerberos is used. Not sure
how they feel about certs. Shared keys just wouldn't be an
option.
Specifically, though, they have their backs up with
135. Do you know what's using it during a logon/GPO
process/??
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Rick
KingslanSent: Wednesday, August 24, 2005 10:51 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Ports during
authentication/logons...
David,
If you really, really
want to use the absolute minimum ports through a firewall, use IPSec tunnel
mode. However, your Network Engineers (or whoever manages your Firewalls)
may not like it. Reason? Likely the same reason that I got when I
suggested this at a previous employer:
Well, if you put it in
IPSec tunnels, then we won™t be able to see or sniff
it.
My question: Why
do you need to sniff or see it?
No
answer¦.
Rick
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of David
AdnerSent: Wednesday, August
24, 2005 10:31 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Ports during
authentication/logons...
It's been a
few weeks, so time for another question on ports. MS's whitepaper that discusses
how to setup AD to communicate through a firewall (the one that focuses
primarily on DC to DC communication) lists the following ports needed to service
"User Login and Authentication" and "Computer Login and
Authentication":
445
TCP/UDP
88
TCP/UDP
389
UDP
53
TCP/UDP
(I would
add ICMP for GPO processing.)
Most people
who normally respond to "what ports are needed..." include
135.
I just ran
a Netmon trace during a logon from an XP machine and do see some traffic hitting
135. I also see traffic hitting 137 and 139.
I'm not
good at reading traces so I don't really know what's happening besides the basic
traffic flow. Does anyone know what 135 (and 139 I
suppose)
are being used for? And if they're blocked does it totally break everything or
just limit certain functions? I am not worried about DC to DC communication. The
scenario is member systems separated from DC's with a firewall and the network
folks want to allow the absolute minimum ports.
Thx
This e-mail message has been scanned for Viruses and Content and cleared by
NetIQ MailMarshal at Gen-i Limited | | | |
| TonyTest
Posts:0
| | 08/25/2005 4:50 AM |
| Actually, there's some information on Group Policy and port
usage in this article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017
To successfully apply
Group Policy, a client must be able to contact a domain controller over the
DCOM, ICMP, LDAP, SMB, and RPC protocols. If any one of these protocols are
unavailable or blocked between the client and a relevant domain controller,
policy will not apply or refresh.
So it looks like this is the culprit for Port
135.
Tony
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Tony
MurraySent: Thursday, 25 August 2005 4:39 p.m.To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Ports during
authentication/logons...
Yes, member server to DC using IPSec is not
supported. Well at least it wasn't in Windows 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q254949
Not sure why port 135 would be required for logon.
Just a thought.... in additional to port 3268, the information held in the
GC is made available via NSPI. Access to NSPI would be via the
RPC end point mapper (port 135). So perhaps Outlook clients on the XP
machines are generating the traffic on port 135?
Tony
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of David
AdnerSent: Thursday, 25 August 2005 4:11 p.m.To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Ports during
authentication/logons...
I would normally look at the IPSec route, too, but it's not
(as far as I know) supported by MS between domain members and DC's. It's
supposed membermember and DCDC, but not
membersDC's. At least, not if Kerberos is used. Not sure
how they feel about certs. Shared keys just wouldn't be an
option.
Specifically, though, they have their backs up with
135. Do you know what's using it during a logon/GPO
process/??
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Rick
KingslanSent: Wednesday, August 24, 2005 10:51 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Ports during
authentication/logons...
David,
If you really, really
want to use the absolute minimum ports through a firewall, use IPSec tunnel
mode. However, your Network Engineers (or whoever manages your Firewalls)
may not like it. Reason? Likely the same reason that I got when I
suggested this at a previous employer:
Well, if you put it in
IPSec tunnels, then we won™t be able to see or sniff
it.
My question: Why
do you need to sniff or see it?
No
answer¦.
Rick
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of David
AdnerSent: Wednesday, August
24, 2005 10:31 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Ports during
authentication/logons...
It's been a
few weeks, so time for another question on ports. MS's whitepaper that discusses
how to setup AD to communicate through a firewall (the one that focuses
primarily on DC to DC communication) lists the following ports needed to service
"User Login and Authentication" and "Computer Login and
Authentication":
445
TCP/UDP
88
TCP/UDP
389
UDP
53
TCP/UDP
(I would
add ICMP for GPO processing.)
Most people
who normally respond to "what ports are needed..." include
135.
I just ran
a Netmon trace during a logon from an XP machine and do see some traffic hitting
135. I also see traffic hitting 137 and 139.
I'm not
good at reading traces so I don't really know what's happening besides the basic
traffic flow. Does anyone know what 135 (and 139 I
suppose)
are being used for? And if they're blocked does it totally break everything or
just limit certain functions? I am not worried about DC to DC communication. The
scenario is member systems separated from DC's with a firewall and the network
folks want to allow the absolute minimum ports.
Thx
This e-mail message has been scanned for Viruses and Content and cleared by
NetIQ MailMarshal at Gen-i Limited
This e-mail message has been scanned for Viruses and Content and cleared by
NetIQ MailMarshal at Gen-i Limited | | | |
| davidadner
Posts:0
| | 08/25/2005 5:25 AM |
| I hadn't noticed that section that specifically talks about
GP. Thanks for the pointer.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Tony
MurraySent: Wednesday, August 24, 2005 11:48 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Ports during
authentication/logons...
Actually, there's some information on Group Policy and port
usage in this article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017
To successfully apply
Group Policy, a client must be able to contact a domain controller over the
DCOM, ICMP, LDAP, SMB, and RPC protocols. If any one of these protocols are
unavailable or blocked between the client and a relevant domain controller,
policy will not apply or refresh.
So it looks like this is the culprit for Port
135.
Tony
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Tony
MurraySent: Thursday, 25 August 2005 4:39 p.m.To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Ports during
authentication/logons...
Yes, member server to DC using IPSec is not
supported. Well at least it wasn't in Windows 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q254949
Not sure why port 135 would be required for logon.
Just a thought.... in additional to port 3268, the information held in the
GC is made available via NSPI. Access to NSPI would be via the
RPC end point mapper (port 135). So perhaps Outlook clients on the XP
machines are generating the traffic on port 135?
Tony
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of David
AdnerSent: Thursday, 25 August 2005 4:11 p.m.To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Ports during
authentication/logons...
I would normally look at the IPSec route, too, but it's not
(as far as I know) supported by MS between domain members and DC's. It's
supposed membermember and DCDC, but not
membersDC's. At least, not if Kerberos is used. Not sure
how they feel about certs. Shared keys just wouldn't be an
option.
Specifically, though, they have their backs up with
135. Do you know what's using it during a logon/GPO
process/??
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Rick
KingslanSent: Wednesday, August 24, 2005 10:51 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Ports during
authentication/logons...
David,
If you really, really
want to use the absolute minimum ports through a firewall, use IPSec tunnel
mode. However, your Network Engineers (or whoever manages your Firewalls)
may not like it. Reason? Likely the same reason that I got when I
suggested this at a previous employer:
Well, if you put it in
IPSec tunnels, then we won™t be able to see or sniff
it.
My question: Why
do you need to sniff or see it?
No
answer¦.
Rick
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of David
AdnerSent: Wednesday, August
24, 2005 10:31 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Ports during
authentication/logons...
It's been a
few weeks, so time for another question on ports. MS's whitepaper that discusses
how to setup AD to communicate through a firewall (the one that focuses
primarily on DC to DC communication) lists the following ports needed to service
"User Login and Authentication" and "Computer Login and
Authentication":
445
TCP/UDP
88
TCP/UDP
389
UDP
53
TCP/UDP
(I would
add ICMP for GPO processing.)
Most people
who normally respond to "what ports are needed..." include
135.
I just ran
a Netmon trace during a logon from an XP machine and do see some traffic hitting
135. I also see traffic hitting 137 and 139.
I'm not
good at reading traces so I don't really know what's happening besides the basic
traffic flow. Does anyone know what 135 (and 139 I
suppose)
are being used for? And if they're blocked does it totally break everything or
just limit certain functions? I am not worried about DC to DC communication. The
scenario is member systems separated from DC's with a firewall and the network
folks want to allow the absolute minimum ports.
Thx
This e-mail message has been scanned for Viruses and Content and cleared by
NetIQ MailMarshal at Gen-i Limited
This e-mail message has been scanned for Viruses and Content and cleared by
NetIQ MailMarshal at Gen-i Limited | | | |
| rkingsla@xxxx.yyy
| | 08/25/2005 6:42 AM |
| I would really suspect that this is soon
not going to be true “ and may not be at this point (don™t know “
haven™t asked yet¦).
Think of it this way “ NAP (Network
Access Protection) is going to have one heck of a time working if DC
Member isn™t a supported scenario.
As to the 135 traffic on AuthN “ I™d
happily take a look at the trace. I™ll have a few minutes tomorrow.
Rick
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of David Adner
Sent: Wednesday, August 24, 2005
11:11 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Ports
during authentication/logons...
I would normally look at the IPSec route,
too, but it's not (as far as I know) supported by MS between domain members and
DC's. It's supposed membermember and DCDC, but not
membersDC's. At least, not if Kerberos is used. Not sure
how they feel about certs. Shared keys just wouldn't be an option.
Specifically, though, they have their
backs up with 135. Do you know what's using it during a logon/GPO
process/??
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Rick Kingslan
Sent: Wednesday, August 24, 2005
10:51 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Ports
during authentication/logons...
David,
If you really, really want to use the
absolute minimum ports through a firewall, use IPSec tunnel mode.
However, your Network Engineers (or whoever manages your Firewalls) may not
like it. Reason? Likely the same reason that I got when I suggested
this at a previous employer:
Well, if you put it in IPSec
tunnels, then we won™t be able to see or sniff it.
My question: Why do you need
to sniff or see it?
No answer¦.
Rick
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of David Adner
Sent: Wednesday, August 24, 2005
10:31 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Ports during
authentication/logons...
It's been
a few weeks, so time for another question on ports. MS's whitepaper that
discusses how to setup AD to communicate through a firewall (the one that
focuses primarily on DC to DC communication) lists the following ports needed
to service "User Login and Authentication" and "Computer Login
and Authentication":
445
TCP/UDP
88
TCP/UDP
389 UDP
53
TCP/UDP
(I would
add ICMP for GPO processing.)
Most
people who normally respond to "what ports are needed..." include
135.
I just
ran a Netmon trace during a logon from an XP machine and do see some traffic
hitting 135. I also see traffic hitting 137 and 139.
I'm not good
at reading traces so I don't really know what's happening besides the basic
traffic flow. Does anyone know what 135 (and 139 I
suppose)
are being used for? And if they're blocked does it totally break everything or
just limit certain functions? I am not worried about DC to DC communication.
The scenario is member systems separated from DC's with a firewall and the
network folks want to allow the absolute minimum ports.
Thx | | | |
|
|