2K3 firewall blocks domain access from client

[alazarevich]

Server is 2K3 SP2, all updates installed.
Client is XP Pro, SP2, all updates installed.

2K3 server is DC, I was trying to add a new client (within the same
subnet, DNS setup correctly) but the client just couldn't contact the
server. I couldn't ping the server, couldn't network browse to it,
nothing.

As soon as I turned off the 2K3 firewall, the client could contact the
DC just fine. Does anyone know what the specific exception is to allow
windows clients to access a DC, so I can turn the 2K3 firewall back
on?

Thanks in advance,

Alex

 

[Jorge de Almeida Pinto [MVP - DS]]

you need to open some ports for authentication to succeed...

you can also use the security configuration wizard to check and configure
the DC for you firewall wise. You could use one DC as a model for others

you can also configure the ports manually...
what you need for authentication is:

User Login and Authentication
A user network logon across a firewall uses the following:
.. Microsoft-DS traffic (445/tcp, 445/udp)
.. Kerberos authentication protocol (88/tcp, 88/udp)
.. Lightweight Directory Access Protocol (LDAP) ping (389/udp)
.. Domain Name System (DNS) (53/tcp, 53/udp)


taken from "Active Directory in Networks Segmented by Firewalls"

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx