2003 Server in subnet A can't join W2k domain with DCs in subnet B

T

Timothy Kidd

I have a Windows 2000 AD domain with 2 DCs and about 50
member servers, which are all on the same IP subnet. This
domain has been up and running for several months. The
DCs provide DNS and WINS services throughout the domain.

I am now trying to add another member server to the
domain. This new server is a Windows 2003 server, and is
located in a different IP subnet than the DCs for the W2k
domain. When I try to add the new server to the domain, I
recieve a message saying "there are no more endpoints
available from the endpoint mapper." My research
indicates that this could be due to a problem
communicating with the RPC server.

There is a firewall between these two IP subnets.
However, I have had the firewall configured to open all
RPC, kerberos, DNS, WINS, LDAP, SMB, and Netbios ports. I
have verified that these ports are in fact open in the
firewall, by opening a socket connection (telnetting)
from the new server to the DCs across each of these
listed ports.

Also, I am confident that that name resolution is
working, simply because I am able to ping the DCs by name
from the new server.

I'm at a total loss as to why I can't add this machine to
the domain. I have an aching feeling that I've seen how
to do this while studying for my MCSE, but I can't for
the life of me figure out what I'm missing...

Any ideas?

Thanks!!!
 
T

Timothy Kidd

Never mind, we figured it out.

When I had the ports opened in the firewall, I requesed
that port 135 be opened for RPC communications, but did
not realize that the RPC server responded back to the
requestor, specifying a random high port to use in
continuing that stream of communcations.

Obviously, we don't want to open all possible high ports
in our firewall to allow this.

So, the solution we have found is to modify the registry
on the DCs, to lock the RPC communcations down to a
specific port. You will need to add a new key to the
registry. The key to add is:

HKLM\System\CurrentControlSet\Services\NTDS\Parameters
Key Value: TCP/IP Port
Data: this will indicate the port to use in RPC
communications.

Then, all we needed to do was open that 1 particular port
in our firewall, and everything started working normally.

Hope this helps someone else!!!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

w95 workgroup subnet - w2k domain subnet; shares? 4
w2k DCs not showing in browse list? 2
Cannot join domain 1
Subnet issue....I'm baffled 4
Which TCP/IP settings critical to join domain? 9
Problem Adding XP/W2K client to W2K domain 3
Client Can't Join Domain 5
Some workstations can not join domain 0

Top