2009-03-27 The tale of Trying to set up a windows d ... 10 years ago
The tale of Trying to set up a windows domain controller behind a firewall continues: the server at the receiving side runs Windows server 2008 and has a whole new idea of dynamic port numbers for RPC services. Although it is documented as port numbers for 'outgoing connections' in The default dynamic port range for TCP/IP has changed in Windows Vista and in Windows Server 2008, we see them used and negotiated for incoming connections. An explanation is in this technet article: Dynamic Client Ports in Windows Server 2008 and Windows Vista (or: How I learned to stop worrying and love the IANA) although I would call the use of the term 'client ports' confusing because processes are be listening on those ports. From that server:TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING TCP 0.0.0.0:49158 0.0.0.0:0 LISTENING TCP 0.0.0.0:49163 0.0.0.0:0 LISTENING TCP 0.0.0.0:49164 0.0.0.0:0 LISTENINGSo the Microsoft documentation is broken. No thanks for that.
Update: A somewhat better explanation at How to configure a firewall for domains and trusts where indeed the entire range 49152 - 65535 range can be used for RPC and should be configured in the firewall.