Re: ports for NT challenge authentication

From: Desmond Lam [msft] (
Date: 10/08/03

Date: Wed, 8 Oct 2003 11:38:01 +0800

Port 80/443 is reqired to be open at the firewall for http/https access.
Unless you are using Kerberos authentication, NTLM do not need additional
ports to be open at the firewall between the web client and the web server.

If there is a firewall exist between web server and the domain controller,
you may need to open the following ports for NTLM authentication to work:

      Client Port(s) Server Port Service
      1024-65535/TCP 135/TCP RPC *
      137/UDP 137/UDP NetBIOS Name
      138/UDP 138/UDP NetBIOS Netlogon and Browsing
      1024-65535/TCP 139/TCP NetBIOS Session
      1024-65535/TCP 42/TCP WINS Replication

Hope it helps,

"James" <> wrote in message
> I set up a couple pages using the NT challenge
> authentication (with user names and passwords of the
> domain). It's working fine until the system admin. people
> moved the web server behind a firewall. Now whenever I
> tried o access these pages from outside, it showed 401.2
> error. Guess I need to ask the admin. guys to open some
> port on the firewall. Roughly remember the port 443 needs
> to be opened. Tried that, but still same error. Can't find
> much information regarding the ports from MS website.
> Could anyone kindly give me some hints? Thanks in advance.