Re: Blocking ports

From: x y (
Date: 07/02/02

From: "x y" <>
Date: Tue, 2 Jul 2002 13:09:15 -0400

I think it's really essential to have logging capabilities whenever you do
port blocking, for troubleshooting issues like this. Windows 2000 IPsec does
not have logging, so I would debate the value of choosing it over some third
party solution.

If you have logging capabilities, checking the log is always the first thing
I would think to do whenever you have a question like this. If you don't
have logging capabilities, install Windows 2000 Network Monitor [under
control panel,add/remove programs, windows components] or ethereal or
windump onto both machines to see what exactly is being sent and received or
not received.

I gave up on doing port filtering betweeen clients and the domain
controllers as it seems that several connections are opened on random ports,
sometimes originating from the domain controller.

"Asanga" <> wrote in message
> I run W2K with AD and I have a member server logging into
> the domain. In the member server I have blocked all
> unnecessary ports accoung to this article -
> url=/TechNet/prodtechnol/windows2000serv/reskit/tcpip/part4
> /tcpappc.asp
> I have opened the domain and kerberos authentication ports
> but still when I log into the domain, it takes very long
> time for me to log into it. It takes about 5 minutes for
> the log in process but it works. Has anyone experience
> this before? and if so what specific ports can I leave
> open?
> Thanks