Domain Controller - Firewall Ports

Hi folks,

Would anyone give me some reference/ideas on firewall ports for DCs/PCs
between offices please? I configured [DC <-any-> any DC] between offices,
[PC<-block->remote offices] and well configured the ADSS (Mapped DC &
Subnets to related site). However I found that PC usually go to found other
DCs. I really have no idea on that and I cannot simulate the case V.V

Thank you very much in advance.

Cheers, Soregg

Take a look at these articles for DC to DC communication through a firewall:

http://support.microsoft.com/kb/555381
http://support.microsoft.com/?kbid=179442
http://support.microsoft.com/?kbid=154596

Also, make sure you have proper AD site and subnet configuration. Client
will look for a local DCs inside the same site based on your subnet
configuration inside AD sites and services.

--
Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA
Houston, TX
http://blogcastrepository.com/blogs/santhosh/
http://www.sivarajan.com/publications.html


"Soregg" <se@soregg.com> wrote in message
news:685B88A2-473B-4A46-B864-A24B2A35BD14@microsoft.com...
> Hi folks,
>
> Would anyone give me some reference/ideas on firewall ports for DCs/PCs
> between offices please? I configured [DC <-any-> any DC] between offices,
> [PC<-block->remote offices] and well configured the ADSS (Mapped DC &
> Subnets to related site). However I found that PC usually go to found
> other DCs. I really have no idea on that and I cannot simulate the case
> V.V
>
> Thank you very much in advance.
>
> Cheers, Soregg

"Soregg" <se@soregg.com> wrote in message
news:685B88A2-473B-4A46-B864-A24B2A35BD14@microsoft.com...
> Hi folks,
>
> Would anyone give me some reference/ideas on firewall ports for DCs/PCs
> between offices please? I configured [DC <-any-> any DC] between offices,
> [PC<-block->remote offices] and well configured the ADSS (Mapped DC &
> Subnets to related site). However I found that PC usually go to found
> other DCs. I really have no idea on that and I cannot simulate the case
> V.V
>
> Thank you very much in advance.
>
> Cheers, Soregg


I agree with Santosh that it's a Sites configuration, or more than likely, a
lack of configuring Sites. Sites control client logon traffic to DCs and GCs
within their Sites, as well as replication traffic between DCs.

Based on what you posted, this is not a firewall issue from your
description. As long as any-any is open, you have no problems. If Cisco,
make sure DNS protocol fixup 1280 is set, or if any other firewall, make
sure EDNS0 option is allowed. Consult your docs.

Configure Site Settings: Active Directory
Jan 21, 2005 ... Configure site settings. Create a site · Rename a site ·
Delete a site · Create a subnet · Associate a subnet with a site ...
http://technet.microsoft.com/en-us/l...55(WS.10).aspx

Managing Sites
Jan 6, 2003 ... Managing sites in Active Directory involves adding new
subnet, site, and site link objects when the network grows, as well as
configuring a ...
http://technet.microsoft.com/en-us/l.../bb727051.aspx

---
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum to benefit from collaboration
among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

Many thanks for info from Santhosh & Ace, I will study it and discuss
afterward in need.
Cheers, Alex

"Soregg" <se@soregg.com> wrote in message
news:685B88A2-473B-4A46-B864-A24B2A35BD14@microsoft.com...
> Hi folks,
>
> Would anyone give me some reference/ideas on firewall ports for DCs/PCs
> between offices please? I configured [DC <-any-> any DC] between offices,
> [PC<-block->remote offices] and well configured the ADSS (Mapped DC &
> Subnets to related site). However I found that PC usually go to found
> other DCs. I really have no idea on that and I cannot simulate the case
> V.V
>
> Thank you very much in advance.
>
> Cheers, Soregg

"Soregg" <se@soregg.com> wrote in message
news:0518E4E9-6E47-4E91-924D-3060490C79BB@microsoft.com...
> Many thanks for info from Santhosh & Ace, I will study it and discuss
> afterward in need.
> Cheers, Alex

You are welcome. Post back if you have any specific questions. That's why
we're here!

Ace

Thanks a lot!
Alex

"Ace Fekay [MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message
news:OOHx0tWGKHA.2376@TK2MSFTNGP03.phx.gbl...
> "Soregg" <se@soregg.com> wrote in message
> news:0518E4E9-6E47-4E91-924D-3060490C79BB@microsoft.com...
>> Many thanks for info from Santhosh & Ace, I will study it and discuss
>> afterward in need.
>> Cheers, Alex
>
> You are welcome. Post back if you have any specific questions. That's why
> we're here!
>
> Ace

Review the KB link below. It will out line the client ports required, by
the o/s type:
http://support.microsoft.com/kb/179442/en-us


--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Soregg" <se@soregg.com> wrote in message
news:685B88A2-473B-4A46-B864-A24B2A35BD14@microsoft.com...
> Hi folks,
>
> Would anyone give me some reference/ideas on firewall ports for DCs/PCs
> between offices please? I configured [DC <-any-> any DC] between offices,
> [PC<-block->remote offices] and well configured the ADSS (Mapped DC &
> Subnets to related site). However I found that PC usually go to found
> other DCs. I really have no idea on that and I cannot simulate the case
> V.V
>
> Thank you very much in advance.
>
> Cheers, Soregg

Soregg expressed precisely :
> Thanks a lot!
> Alex
>

You are welcome!

Ace