I have a Windows 2000 AD domain with 2 DCs and about 50
member servers, which are all on the same IP subnet. This
domain has been up and running for several months. The
DCs provide DNS and WINS services throughout the domain.

I am now trying to add another member server to the
domain. This new server is a Windows 2003 server, and is
located in a different IP subnet than the DCs for the W2k
domain. When I try to add the new server to the domain, I
recieve a message saying "there are no more endpoints
available from the endpoint mapper." My research
indicates that this could be due to a problem
communicating with the RPC server.

There is a firewall between these two IP subnets.
However, I have had the firewall configured to open all
RPC, kerberos, DNS, WINS, LDAP, SMB, and Netbios ports. I
have verified that these ports are in fact open in the
firewall, by opening a socket connection (telnetting)
from the new server to the DCs across each of these
listed ports.

Also, I am confident that that name resolution is
working, simply because I am able to ping the DCs by name
from the new server.

I'm at a total loss as to why I can't add this machine to
the domain. I have an aching feeling that I've seen how
to do this while studying for my MCSE, but I can't for
the life of me figure out what I'm missing...

Any ideas?

Thanks!!!

Never mind, we figured it out.

When I had the ports opened in the firewall, I requesed
that port 135 be opened for RPC communications, but did
not realize that the RPC server responded back to the
requestor, specifying a random high port to use in
continuing that stream of communcations.

Obviously, we don't want to open all possible high ports
in our firewall to allow this.

So, the solution we have found is to modify the registry
on the DCs, to lock the RPC communcations down to a
specific port. You will need to add a new key to the
registry. The key to add is:

HKLM\System\CurrentControlSet\Services\NTDS\Parameters
Key Value: TCP/IP Port
Data: this will indicate the port to use in RPC
communications.

Then, all we needed to do was open that 1 particular port
in our firewall, and everything started working normally.

Hope this helps someone else!!!

>-----Original Message-----
>I have a Windows 2000 AD domain with 2 DCs and about 50
>member servers, which are all on the same IP subnet.
This
>domain has been up and running for several months. The
>DCs provide DNS and WINS services throughout the domain.
>
>I am now trying to add another member server to the
>domain. This new server is a Windows 2003 server, and is
>located in a different IP subnet than the DCs for the
W2k
>domain. When I try to add the new server to the domain,
I
>recieve a message saying "there are no more endpoints
>available from the endpoint mapper." My research
>indicates that this could be due to a problem
>communicating with the RPC server.
>
>There is a firewall between these two IP subnets.
>However, I have had the firewall configured to open all
>RPC, kerberos, DNS, WINS, LDAP, SMB, and Netbios ports.
I
>have verified that these ports are in fact open in the
>firewall, by opening a socket connection (telnetting)
>from the new server to the DCs across each of these
>listed ports.
>
>Also, I am confident that that name resolution is
>working, simply because I am able to ping the DCs by
name
>from the new server.
>
>I'm at a total loss as to why I can't add this machine
to
>the domain. I have an aching feeling that I've seen how
>to do this while studying for my MCSE, but I can't for
>the life of me figure out what I'm missing...
>
>Any ideas?
>
>Thanks!!!
>.
>