Jump to content

TS connect to a License Server from DMZ

Guest Dag

By Guest Dag
in Windows NT Server

 Share

Recommended Posts

Guest Dag

Guest Dag

Posted
Posted

Hi, what needs to be done for the following scenario:

 

A web server in DMZ needs to be setup to use a Terminal Licensing server so

more than 3 people can connect at once. It is not apart of the domain and it

is a firewall between the web server and the licensing server.

 

I've tried to open up for port 135 and port 5000-5100 in the firewall.

I've set up the rpc dynamic ports to be static on both machines(

http://support.microsoft.com/kb/154596 ).

And rebooted both of them.

 

But it still can't find the licensing server. What have I missed?

 

 

Rgds

 

Dag

  • Replies 4
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Chuels

Guest Chuels

Posted
Posted

RE: TS connect to a License Server from DMZ

 

Hi Dag,

 

you will not only need 135 and port 5000-5100 for the generic RPC port.

Additionally you will need:

 

NetBIOS Datagram Service

UDP

138

 

NetBIOS Name Resolution

UDP

137

 

NetBIOS Session Service

TCP

139

 

SMB

TCP

445

 

according to Microsoft.

 

Cheers Carsten

 

"Dag" wrote:

> Hi, what needs to be done for the following scenario:

>

> A web server in DMZ needs to be setup to use a Terminal Licensing server so

> more than 3 people can connect at once. It is not apart of the domain and it

> is a firewall between the web server and the licensing server.

>

> I've tried to open up for port 135 and port 5000-5100 in the firewall.

> I've set up the rpc dynamic ports to be static on both machines(

> http://support.microsoft.com/kb/154596 ).

> And rebooted both of them.

>

> But it still can't find the licensing server. What have I missed?

>

>

> Rgds

>

> Dag

Guest Dag

Guest Dag

Posted
Posted

RE: TS connect to a License Server from DMZ

 

Great! Thanks alot!

 

"Chuels" wrote:

> Hi Dag,

>

> you will not only need 135 and port 5000-5100 for the generic RPC port.

> Additionally you will need:

>

> NetBIOS Datagram Service

> UDP

> 138

>

> NetBIOS Name Resolution

> UDP

> 137

>

> NetBIOS Session Service

> TCP

> 139

>

> SMB

> TCP

> 445

>

> according to Microsoft.

>

> Cheers Carsten

>

> "Dag" wrote:

>

> > Hi, what needs to be done for the following scenario:

> >

> > A web server in DMZ needs to be setup to use a Terminal Licensing server so

> > more than 3 people can connect at once. It is not apart of the domain and it

> > is a firewall between the web server and the licensing server.

> >

> > I've tried to open up for port 135 and port 5000-5100 in the firewall.

> > I've set up the rpc dynamic ports to be static on both machines(

> > http://support.microsoft.com/kb/154596 ).

> > And rebooted both of them.

> >

> > But it still can't find the licensing server. What have I missed?

> >

> >

> > Rgds

> >

> > Dag

Guest Lanwench [MVP - Exchange]

Guest Lanwench [MVP - Exchange]

Posted
Posted

Re: TS connect to a License Server from DMZ

 

Dag <Dag@discussions.microsoft.com> wrote:

> Great! Thanks alot!

 

Doing this essentially destroys your DMZ and turns that barrier into a

screen door. I wouldn't do it. Rethink your network topology instead -

there's got to be a better way to accomplish what you need.

>

> "Chuels" wrote:

>

>> Hi Dag,

>>

>> you will not only need 135 and port 5000-5100 for the generic RPC

>> port. Additionally you will need:

>>

>> NetBIOS Datagram Service

>> UDP

>> 138

>>

>> NetBIOS Name Resolution

>> UDP

>> 137

>>

>> NetBIOS Session Service

>> TCP

>> 139

>>

>> SMB

>> TCP

>> 445

>>

>> according to Microsoft.

>>

>> Cheers Carsten

>>

>> "Dag" wrote:

>>

>>> Hi, what needs to be done for the following scenario:

>>>

>>> A web server in DMZ needs to be setup to use a Terminal Licensing

>>> server so more than 3 people can connect at once. It is not apart

>>> of the domain and it is a firewall between the web server and the

>>> licensing server.

>>>

>>> I've tried to open up for port 135 and port 5000-5100 in the

>>> firewall.

>>> I've set up the rpc dynamic ports to be static on both machines(

>>> http://support.microsoft.com/kb/154596 ).

>>> And rebooted both of them.

>>>

>>> But it still can't find the licensing server. What have I missed?

>>>

>>>

>>> Rgds

>>>

>>> Dag

Guest Chuels

Guest Chuels

Posted
Posted

Re: TS connect to a License Server from DMZ

 

Agree to Lanwench - that's why it's not really usefull to have a TS in the

DMZ or in a firewalled Zone, that's why we didn't implement it.

 

135-139 are well known "security sensitive" ports

 Share
Go to topic listing
×
×
  • Create New...