RODC Ports

The below link details the firewall ports required between RODC and RWDC.

http://technet.microsoft.com/en-us/l...23(WS.10).aspx
The following table lists the ports that you must open on the firewall to
allow communication from a writeable domain controller in a corporate
network to a read-only domain controller (RODC) in a perimeter network.
Port Type of traffic
TCP 135 RPC, EPM
TCP Static 53248 FRsRpc
TCP 389 LDAP

Don't you think other ports like 88, 53, 123, 3268, 445, 464 are also
required to be opened.

Also why is FRS Port required to be opened, when sysvol replication is also
unidirection.

Hello Paul,

As the RWDC will not ask the RODC for GC, DNS or Kerberos for example, there
is no need to open them that way, but as you can see in the following table
the RODC must have more ports open in the firewall to contact the RWDC.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> The below link details the firewall ports required between RODC and
> RWDC.
>
> http://technet.microsoft.com/en-us/l...23(WS.10).aspx
> The following table lists the ports that you must open on the firewall
> to
> allow communication from a writeable domain controller in a corporate
> network to a read-only domain controller (RODC) in a perimeter
> network.
> Port Type of traffic
> TCP 135 RPC, EPM
> TCP Static 53248 FRsRpc
> TCP 389 LDAP
> Don't you think other ports like 88, 53, 123, 3268, 445, 464 are also
> required to be opened.
>
> Also why is FRS Port required to be opened, when sysvol replication is
> also unidirection.
>

Hi Meinolf,
> As the RWDC will not ask the RODC for GC, DNS or Kerberos for example,
> there is no need to open them that way, but as you can see in the
> following table the RODC must have more ports open in the firewall to
> contact the RWDC.

Hum....
Perhaps, except during dcpromo
:)
--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911dd59d8cc7841920bce78@msnews.microsoft.com...
> Hello Paul,
>
> As the RWDC will not ask the RODC for GC, DNS or Kerberos for example,
> there is no need to open them that way, but as you can see in the
> following table the RODC must have more ports open in the firewall to
> contact the RWDC.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> The below link details the firewall ports required between RODC and
>> RWDC.
>>
>> http://technet.microsoft.com/en-us/l...23(WS.10).aspx
>> The following table lists the ports that you must open on the firewall
>> to
>> allow communication from a writeable domain controller in a corporate
>> network to a read-only domain controller (RODC) in a perimeter
>> network.
>> Port Type of traffic
>> TCP 135 RPC, EPM
>> TCP Static 53248 FRsRpc
>> TCP 389 LDAP
>> Don't you think other ports like 88, 53, 123, 3268, 445, 464 are also
>> required to be opened.
>>
>> Also why is FRS Port required to be opened, when sysvol replication is
>> also unidirection.
>>
>
>