Could not join domain after Windows Server 2003 R2 Firewall is ON

[Janya]

Sponsored Links

Hello,

We are running Windows 2003 Server with Active Directory Database. We have few Windows XP Clients. I don’t know why all XP clients are not able to connect to the Database though I have opened the following ports in my Firewall:

• TCP port 42 (nameserver service)
  
• TCP port 53 (domain service)
  
• TCP port 88 (kerberos service)
  
• TCP port 135 (epmap service)
  
• UDP port 137 (netbios-ns service)
  
• UDP port 138 (netbios-dgm service)
  
• TCP port 139 (netbios-ssn service)
  
• TCP port 389 (ldap service)
  
• TCP port 445 (microsoft-ds service)
  
• TCP port 636 (ldaps service)
  
• TCP port 3268
  
• TCP port 3269

Any idea what is the problem? Is there any other port am I missing which needs to be opened?

Please help.

[HELLIAN]

Yes, you missed some more ports. You will need to open Random service ports such as UDP 42, 53, 88, 389, 445, 3268, 3269. Most probably Windows systems use TCP & UDP 1024 – 65535. Remember that if you have Windows Vista and 2008, the ports will be different. Their default start port is UDP 49152, and the default end port is UDP 65535. You can get more info about these ports in these KBs:

Active Directory Replication over Firewalls Jan 31, 2006. Active Directory relies on remote procedure call (RPC): http://technet.microsoft.com/en-us/l.../bb727063.aspx

How to configure a firewall for domains and trusts: http://support.microsoft.com/?id=179442

[Javalr]

I don’t understand why you are using internal Firewall with the Domain. Just checkout the following Knowledge Base Articles for the complete info and procedure:

How to configure Windows Server 2003 SP1 firewall for a Domain Controller http://support.microsoft.com/kb/555381