Re: ports for NT challenge authentication

From: Desmond Lam [msft] (deslam_at_online.microsoft.com)
Date: 10/08/03


Date: Wed, 8 Oct 2003 11:38:01 +0800

Port 80/443 is reqired to be open at the firewall for http/https access.
Unless you are using Kerberos authentication, NTLM do not need additional
ports to be open at the firewall between the web client and the web server.

If there is a firewall exist between web server and the domain controller,
you may need to open the following ports for NTLM authentication to work:

      Client Port(s) Server Port Service
      1024-65535/TCP 135/TCP RPC *
      137/UDP 137/UDP NetBIOS Name
      138/UDP 138/UDP NetBIOS Netlogon and Browsing
      1024-65535/TCP 139/TCP NetBIOS Session
      1024-65535/TCP 42/TCP WINS Replication

Hope it helps,
Desmond

"James" <big2mouth@hotmail.com> wrote in message
news:061401c38d0d$9a46fa60$a101280a@phx.gbl...
> I set up a couple pages using the NT challenge
> authentication (with user names and passwords of the
> domain). It's working fine until the system admin. people
> moved the web server behind a firewall. Now whenever I
> tried o access these pages from outside, it showed 401.2
> error. Guess I need to ask the admin. guys to open some
> port on the firewall. Roughly remember the port 443 needs
> to be opened. Tried that, but still same error. Can't find
> much information regarding the ports from MS website.
> Could anyone kindly give me some hints? Thanks in advance.



Relevant Pages

  • Re: disconnect a hacker
    ... My Web server station is right next ... my attention divided by security concerns... ... see an IP connected to port 80, ... I've been forwarding my firewall logs to my ISP, ...
    (alt.computer.security)
  • Re: Strange WAN Activity
    ... > firewall logs for a possible TCP FIN scan that keeps ... > company's intranet server IP and its port 80 across our ... > My firewall is a Sonicwall Pro 200 and I'm running W2K ... It's difficult to be sure without inspecting the web server for signs of ...
    (microsoft.public.win2000.security)
  • Re: keeping ports open
    ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ...
    (microsoft.public.security)
  • Re: How to Maintain an IIS Server?
    ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ...
    (microsoft.public.inetserver.iis.security)
  • Re: CEICW fails at firewall config
    ... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ...
    (microsoft.public.windows.server.sbs)