Active Directory Login Slow TCP/135

M

Mike L.

I have several users dialing in to a metropolitan area
network using Windows 2000 Professional. The routers
between me and them have an ACL blocking TCP/135 due to
propagation of the latest worms, etc.

ISSUE: Logins to Active Directory are taking upwards of
20-minutes to complete. Login scripts eventually fire,
but the latency is incredible. I have a fundamental
understanding of RPC, but have no idea how to work around
the issue. I do have a packet capture of a logon session
and it repeatedly tries to contact the DC on tcp/135 for
about 15 minutes before using other avenues. Are there
any registry settings or other configuration paramaters
that can help alleviate this problem?

TIA,

-ML
 
S

Steve Duff [MVP]

There are registry settings you can use to lock down the
RPC ports used for certain services such as AD
replication and avoid RPC port negotiation, and there
is a way to restrict the range of upper RPC ports themselves.

However AD requires RPC mapping on port 135 and this
base port itself is not changeable so far as I am aware.

You need to interconnect through a VPN tunnel I should think.
a hardware VPN being the only sensible choice these
days anyway, given the modest costs.

Steve Duff, MCSE
Ergodic Systems, Inc.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD Login Issues TCP/135 1
Bypassing port 139 for a WAN active directory login 1
Domain login over GRE-IPSEC VPN slow - Kerberos Implicated 0
Slow active directory authentication across campus backbone 14
Slow logon to Active Directory, through VPN tunnel 2
Active Directory Replication Problem... 0
DNS Service not getting zones from Active Directory 1
Loading your personal settings takes forever IPSec MTU PPPoE Active Directory Kerberos 0

Top