HPE Community
Windows Server 2003
1820644 Members
2004 Online
109626 Solutions
New Discussion юеВ

Re: Windows Firewall exception : How to assign a port range ?

 
Tetsuya Sodo
New Member

тАО01-31-2007 07:14 PM

тАО01-31-2007 07:14 PM

Windows Firewall exception : How to assign a port range ?

Hi,
I'd like to know how to assign the exception port on Windows Firewall for Windows Server 2003.
You know, we can assign a single port, but I cannot input the "-" letter to assign the port range (ex. 5000-5100).
I want to have AD and MSCS to communicate each other with port 5000-5100.

any help/suggestion would be appreciated.
thanks.

Tetsuya Sodo
0 Kudos
7 REPLIES 7
Georg Tresselt
Honored Contributor

тАО01-31-2007 08:26 PM

тАО01-31-2007 08:26 PM

Re: Windows Firewall exception : How to assign a port range ?

Well, have a look at these

http://support.microsoft.com/kb/555381

http://technet2.microsoft.com/WindowsServer/en/library/d30543b9-8d2c-4b8d-9bed-5f116a5dc6981033.mspx?mfr=true

http://technet2.microsoft.com/WindowsServer/en/library/eee17c9e-e9fe-4277-a995-a19467f0a53a1033.mspx?mfr=true
http://www.tresselt.eu
0 Kudos
Tetsuya Sodo
New Member

тАО01-31-2007 11:11 PM

тАО01-31-2007 11:11 PM

Re: Windows Firewall exception : How to assign a port range ?

Hi Georg,
Thank you for your reply.

These docs tell that for AD/MSCS to work correctly I can limit the range of ports from 49152-65535 to any 2 ports (that is not used).
I've thought that we cannot limit to only 2 ports and have to use and open wide range of ports for AD/MSCS to work.
I will try it. Thank you.

Tetsuya Sodo
0 Kudos
Tom Ridges
Advisor

тАО02-02-2007 01:11 AM

тАО02-02-2007 01:11 AM

Re: Windows Firewall exception : How to assign a port range ?

If your using Windows Firewall, why don't you just enable a program exception? This will allow that program to communicate on what ever ports it requires?

Tom
0 Kudos
Tetsuya Sodo
New Member

тАО02-02-2007 01:32 AM

тАО02-02-2007 01:32 AM

Re: Windows Firewall exception : How to assign a port range ?

Tom, Thank you for your advice.

Windows firewall configuration wizard requires to input executable filename that really exists.
I suspect AD/MSCS are not in the exe file format. Isn't it right?

Tetsuya
0 Kudos
Tom Ridges
Advisor

тАО02-02-2007 01:50 AM

тАО02-02-2007 01:50 AM

Re: Windows Firewall exception : How to assign a port range ?

Thanks right.

If you locate the service within windows services, within the properties it will show you the file it is running, try and add this to the exclusion list, does that work?

T
0 Kudos
Tetsuya Sodo
New Member

тАО02-15-2007 02:16 PM

тАО02-15-2007 02:16 PM

Re: Windows Firewall exception : How to assign a port range ?

Finally, we have done the configuration below.

1. configure RPC dynamic port using registry
http://support.microsoft.com/kb/154596/en-us

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet
"Ports"="5100-5250" (type: REG_MULTI_SZ)
"PortsInternetAvailable"="Y"
"UseInternetPorts"="Y"

2. configure windows firewall opening ports from 5100 to 5250 (set a port one by one using shell)

3. set each node of the cluster to the same configuration as 1. and 2.

MSCS(RPC) seems to require both node to open ports of the same number.


With these environment, the domain controllers and the clusters work fine.
Thank you all.
0 Kudos
Tetsuya Sodo
New Member

тАО02-15-2007 02:18 PM

тАО02-15-2007 02:18 PM

Re: Windows Firewall exception : How to assign a port range ?

We can solve this problem, so I will close this thread. Thank you.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.