WS2003 SP1 Firewall Rules for a DC (svchost.exe not working)

From: Derek (dseaman_at_nospam.nospam)
Date: 04/04/05

  • Next message: anoni: "unknow server shutdown" 
    Date: Mon, 4 Apr 2005 07:49:40 -0700

    I have the following Firewall rules in place on my test DCs. Everything is
    working ok, EXCEPT that the svchost.exe exception does not seem to be
    working. I have it in the group policy rules list, but when I open the
    Firewall applet it is not listed. And when I turn on the firewall SQL
    Kerberos authentication fails because port 1025 is not open. After some
    research, I found the process svchost.exe is what listens on port 1025. In
    the group policy I also have enabled 'remote administration exception' which
    specifically says it adds svchost.exe and lssas.exe to the exception list.
    But that does not seem to be the case.

    Any ideas?

    --------

    123:UDP:*:Enabled:(123 UDP) NTP
    135:TCP:*:Enabled:(135 TCP) RPC endpoint Mapper/DCOM
    161:UDP:*:Enabled:(161 UDP) SNMP
    162:UDP:*:Enabled:(162 UDP) SNMP Traps
    389:TCP:*:Enabled:(389 TCP) LDAP
    389:UDP:*:Enabled:(389 UDP) LDAP Discovery
    464:TCP:*:Enabled:(464 TCP) Kerberos Password Change
    464:UDP:*:Enabled:(464 UDP) Kerberos Password Change
    445:TCP:*:Enabled:(445 TCP) SMB
    3268:TCP:*:Enabled:(3268 TCP) Global Catalog
    3269:TCP:*:Enabled:(3269 TCP) Global Catalog over SSL
    53:TCP:*:Enabled:(53 TCP) DNS
    53:UDP:*:Enabled:(53 UDP) DNS
    53438:TCP:*:Enabled:(53438 TCP) AD Replication
    636:TCP:*:Enabled:(636 TCP) LDAP over SSL
    88:TCP:*:Enabled:(88 TCP) Kerberos
    88:UDP:*:Enabled:(88 UDP) Kerberos
    2381:TCP:*:Enabled:(2381 TCP) HP Management
    2701:TCP:*:Enabled:(2701 TCP) SMS General Contact

    C:\WINDOWS\system32\lsass.exe:*:Enabled:C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe:*:Enabled:C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ntfrs.exe:*:Enabled:C:\WINDOWS\system32\ntfrs.exe
    C:\WINDOWS\system32\scshost.exe:*:Enabled:C:\WINDOWS\system32\scshost.exe
    C:\WINDOWS\system32\sysdown.exe:*:Enabled:C:\WINDOWS\system32\sysdown.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe:*:Enabled:C:\WINDOWS\system32\CCM\CcmExec.exe
    (SMS Client)

  • Next message: anoni: "unknow server shutdown"

    Relevant Pages

    • NFS problem with recent 2.6 kernels (also serial console weirdness)
      ... 100000 2 tcp 111 portmapper ... 100000 2 udp 111 portmapper ... mounted filesystem with ordered data mode. ... Mounted root (ext3 filesystem) readonly. ...
      (Linux-Kernel)
    • Solaris 9 <---> linux (2.6.8) NFS file locking problem?
      ... to the same file placed on nfs filesystem. ... 100000 4 tcp 111 portmapper ... 100000 4 udp 111 portmapper ... 100021 1 udp 4045 nlockmgr ...
      (SunManagers)
    • Urgent help with Secure NFS.
      ... have that option - I'm just attempting to tunnel all NFS traffic to the ... 100000 4 tcp 111 rpcbind ... 100000 4 udp 111 rpcbind ... 100021 1 tcp 49153 nlockmgr ...
      (SSH)
    • Re: nfs error
      ... kernel: nfs: server ... So if your system uses ypbind be sure that is working properly before ... 100000 2 tcp 111 portmapper ... 100000 2 udp 111 portmapper ...
      (comp.sys.sun.admin)
    • Re: Incoherent E-mails
      ... The Novell crap was originally run on IPX ... The term in the early-mid nineties was "packet storm". ... The original advantage of UDP was ... > 60 bytes for TCP. ...
      (alt.computer.security)