Re: Windows 2003 Domain Controller (Open Port 593)

I have configured the DC using the following article
http://support.microsoft.com/kb/555381. In addition, In addition, I
have taken a look at the following
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndcom/html/msdn_dcomfirewall.asp.
Looks as though the DC is as tight as it gets for windows.

Thanks for the help and articles.

Roger Abell [MVP] wrote:
Yep, that is a fairly good KB
It is difficult to shield DCs in too much detail
(but there is another KB on it, DCs and firewalls).

Cheers,
--
ra

"netmon" <bkj@xxxxxxxxxxxxxxx> wrote in message
news:1166553033.043467.275540@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
You are correct with the assumption that i had misinterpreted
http://support.microsoft.com/kb/826382.
After reviewing http://support.microsoft.com/kb/832017 it looks like
there is nothing I can do about the port opening as it is needed by
the OS. I should have included in my first post that the svchost.exe
was using the RpcSs services. Thank you for the quick response and
article 832017.

netmon wrote:
I have just set up a new Windows 2003 domain controller and after
setting up the DC I ran a quick nmap scan of the box and have two open
ports which concern me. They are ports 593 and 1026. I did a quick
Google and port 593 (opened by svchost.exe) is related to
http-rpc-epmap and port 1026 (opened by lsass.exe) is related to
lsa-or-nterm. I do not have RPC over http proxy enabled and just to
make sure I have doubled checked this by going to add/remove windows
components/networking services and RPC over HTTP Proxy is not enabled.
My question is how can I remove these or are they necessary services
needed by the OS. I do not have an Exchange environment and IIS is not
installed.


.

Relevant Pages

  • Re: SBS 2003 and Outlook RPC over HTTP issues
    ... Look in IIS at your Exchweb, Exadmin, exchange-oma, and RPC sites' directory ... Why is it called RPC over HTTP if HTTP is not really needed to be ... As pointed out by others, port 80 does NOT need to be open, and yes, it ... I have about 20 of these SBS machines at other locations and have ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 and Outlook RPC over HTTP issues
    ... , but some of my clients do not want users to ... definitely closed now cause when I open it up http: ... the article is incorrect in stating that port 80 is needed. ... that port 443 and port 80 must be open to use RPC over HTTP. ...
    (microsoft.public.windows.server.sbs)
  • Re: Intersite Replication problem
    ... I followed Antony's DNS advise and I seens to be working. ... To perform the replication I've schedule a task on the W3K server to dial ... As for RPC The default value for the RPC Replication Timeout registry ... Remote Procedure Call dynamic port allocation is used by remote ...
    (microsoft.public.windows.server.active_directory)
  • Re: SBS 2003 and Outlook RPC over HTTP issues
    ... definitely closed now cause when I open it up http: ... the article is incorrect in stating that port 80 is needed. ... that port 443 and port 80 must be open to use RPC over HTTP. ... I have about 20 of these SBS machines at other locations and have ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 and Outlook RPC over HTTP issues
    ... Look in IIS at your Exchweb, Exadmin, exchange-oma, and RPC sites' directory ... manually...I just let the CEICW do it for me. ... Why is it called RPC over HTTP if HTTP is not really needed to be ... As pointed out by others, port 80 does NOT need to be open, and yes, it ...
    (microsoft.public.windows.server.sbs)