Results 1 to 4 of 4

Thread: One way trust - Firewall (port 389) issue

  1. #1
    Join Date
    Sep 2010

    One way trust - Firewall (port 389) issue


    Long time reader, first post :)


    Windows server 2008, which serves as DC, DNS server - This server is placed in the perimeter network (DMZ)

    Windows Server 2003 which serves as DC, DNS server - This server is placed in the internal network (LAN).

    So I have successfully created a one way trust between the domain controllers. DMZ trust LAN. I want my internal users to access resources in the perimeter. I can add users internal users to domain local groups in the DMZ domain, no problem.

    Example of problem: I add the group (with my internal user) to local administrators on a server member of the DMZ domain. This should allow me to remotely logon the server with the internal user on the given DMZ server. This gives me an error (failed to login..).
    I check the Firewall logs and the DMZ member server tries to contact my internal DC on port 389 - and gets denied. I guess this is wrong? Should it not go trough my external DC and gain access that way around?

    Firewall configuration:

    Source "DMZ DC" Destination "LAN DC"
    open for:
    tcp/udp 389
    tcp/udp 88
    tcp 1025
    tcp 135
    tcp 3268
    tcp 445

    Thanks for any help, ive been stuck here for a while now :(


  2. #2
    Join Date
    May 2008

    Re: One way trust - Firewall (port 389) issue

    Well here I want you to just follow this link and then see whether it helps you in this case or not. Actually the thing here is that A one-way, outgoing, external trust will allow resources in your domain (the domain that you are logged on to at the time that you run the New Trust Wizard) to be accessed by users in a different Active Directory domain (outside your forest) or in a Windows NT 4.0 domain.

  3. #3
    Join Date
    Dec 2007

    Re: One way trust - Firewall (port 389) issue

    Do you use the default Windows Firewall, if yes, then you will need to configure it to open a port for inbound traffic. So try to open Windows Firewall in your pc and then configure the inbound traffic rule. To do that right click Inbound Rules and then select New Rule. After that choose Port 4. Go to Specific Ports and enter your port number (389) and then click on Next to end the wizard. Simply restart your computer and now check if the port is accessible or not.

  4. #4
    Join Date
    Apr 2008

    Re: One way trust - Firewall (port 389) issue

    Did you try to verify your DC itself to see if it is listening to the port (netstat). It could be a worth try. The issue is certainly related to the traffic being blocked as it seems. Try to use the netstat command from the command prompt in order to easily understand if the port is open and listening requests from the network or not, check the below example:

    c:\> netstat -ano | find ":389"

Similar Threads

  1. Is it possible to get windows firewall open port?
    By Pratim in forum Windows Security
    Replies: 10
    Last Post: 24-01-2012, 09:43 AM
  2. how to add the port at windows 7 firewall??HELP
    By jcfans in forum Networking & Security
    Replies: 1
    Last Post: 23-04-2011, 03:03 PM
  3. How to work multi WAN port VPN firewall
    By Radames in forum Networking & Security
    Replies: 5
    Last Post: 17-03-2010, 11:55 PM
  4. How to allow TCP port 3389 on Windows Firewall
    By DotNetUser in forum Networking & Security
    Replies: 2
    Last Post: 31-07-2009, 06:05 PM
  5. Windows XP Firewall XP close port
    By WarRen! in forum Windows Security
    Replies: 2
    Last Post: 09-02-2009, 08:04 PM

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Page generated in 1,708,933,022.55699 seconds with 17 queries