Guest Dag Posted September 11, 2008 Posted September 11, 2008 Hi, what needs to be done for the following scenario: A web server in DMZ needs to be setup to use a Terminal Licensing server so more than 3 people can connect at once. It is not apart of the domain and it is a firewall between the web server and the licensing server. I've tried to open up for port 135 and port 5000-5100 in the firewall. I've set up the rpc dynamic ports to be static on both machines( http://support.microsoft.com/kb/154596 ). And rebooted both of them. But it still can't find the licensing server. What have I missed? Rgds Dag
Guest Chuels Posted September 12, 2008 Posted September 12, 2008 RE: TS connect to a License Server from DMZ Hi Dag, you will not only need 135 and port 5000-5100 for the generic RPC port. Additionally you will need: NetBIOS Datagram Service UDP 138 NetBIOS Name Resolution UDP 137 NetBIOS Session Service TCP 139 SMB TCP 445 according to Microsoft. Cheers Carsten "Dag" wrote: > Hi, what needs to be done for the following scenario: > > A web server in DMZ needs to be setup to use a Terminal Licensing server so > more than 3 people can connect at once. It is not apart of the domain and it > is a firewall between the web server and the licensing server. > > I've tried to open up for port 135 and port 5000-5100 in the firewall. > I've set up the rpc dynamic ports to be static on both machines( > http://support.microsoft.com/kb/154596 ). > And rebooted both of them. > > But it still can't find the licensing server. What have I missed? > > > Rgds > > Dag
Guest Dag Posted September 12, 2008 Posted September 12, 2008 RE: TS connect to a License Server from DMZ Great! Thanks alot! "Chuels" wrote: > Hi Dag, > > you will not only need 135 and port 5000-5100 for the generic RPC port. > Additionally you will need: > > NetBIOS Datagram Service > UDP > 138 > > NetBIOS Name Resolution > UDP > 137 > > NetBIOS Session Service > TCP > 139 > > SMB > TCP > 445 > > according to Microsoft. > > Cheers Carsten > > "Dag" wrote: > > > Hi, what needs to be done for the following scenario: > > > > A web server in DMZ needs to be setup to use a Terminal Licensing server so > > more than 3 people can connect at once. It is not apart of the domain and it > > is a firewall between the web server and the licensing server. > > > > I've tried to open up for port 135 and port 5000-5100 in the firewall. > > I've set up the rpc dynamic ports to be static on both machines( > > http://support.microsoft.com/kb/154596 ). > > And rebooted both of them. > > > > But it still can't find the licensing server. What have I missed? > > > > > > Rgds > > > > Dag
Guest Lanwench [MVP - Exchange] Posted September 12, 2008 Posted September 12, 2008 Re: TS connect to a License Server from DMZ Dag <Dag@discussions.microsoft.com> wrote: > Great! Thanks alot! Doing this essentially destroys your DMZ and turns that barrier into a screen door. I wouldn't do it. Rethink your network topology instead - there's got to be a better way to accomplish what you need. > > "Chuels" wrote: > >> Hi Dag, >> >> you will not only need 135 and port 5000-5100 for the generic RPC >> port. Additionally you will need: >> >> NetBIOS Datagram Service >> UDP >> 138 >> >> NetBIOS Name Resolution >> UDP >> 137 >> >> NetBIOS Session Service >> TCP >> 139 >> >> SMB >> TCP >> 445 >> >> according to Microsoft. >> >> Cheers Carsten >> >> "Dag" wrote: >> >>> Hi, what needs to be done for the following scenario: >>> >>> A web server in DMZ needs to be setup to use a Terminal Licensing >>> server so more than 3 people can connect at once. It is not apart >>> of the domain and it is a firewall between the web server and the >>> licensing server. >>> >>> I've tried to open up for port 135 and port 5000-5100 in the >>> firewall. >>> I've set up the rpc dynamic ports to be static on both machines( >>> http://support.microsoft.com/kb/154596 ). >>> And rebooted both of them. >>> >>> But it still can't find the licensing server. What have I missed? >>> >>> >>> Rgds >>> >>> Dag
Guest Chuels Posted September 16, 2008 Posted September 16, 2008 Re: TS connect to a License Server from DMZ Agree to Lanwench - that's why it's not really usefull to have a TS in the DMZ or in a firewalled Zone, that's why we didn't implement it. 135-139 are well known "security sensitive" ports
Recommended Posts