Dynamic Port Allocation Using OPMN

Similar Messages

• Does APPS have dynamic port allocation going on somewhere

  Hi Gurus,
  We have a situation where 5 Test instances of Ebiz all reside on the same server. The production Instance has its own dedicated server.
  We seem to get intermittent, but frequent problems with some of the test environments taking the ports which are defined for other environments in the xml file.
  This issue Never occurs in production
  All environments services are restarted every night - most of the time there is no problem. But sometimes, web, forms, apps listner or concurrent managers wont start - an they give errors due to locked ports.
  When I run a netstat -anp | grep <port> - the output shows that one of the other environments is listening on the port in question.
  I have made absolutley sure that in the xml files and httpd.conf etc - each environment has its distinct port set (which it does)
  I have searched for ages on google and metalink to try to find information about dynamic ports but cant find any
  Can anyone help?
  Thanks

  Hey Oli, no help here I'm afraid just wanted to say I am experiencing a similar problem although mine is a situation where I have e-Biz and OAS installed. The seem to co-exist peacefully most of the time but our app also restarts every night and some mornings the app is not available. Recently it was fixed by shutting down the OAS server and restarting.
  So no resolution yet but I feel your pain. I was just starting to look into how I would use netstat to help my troubleshoot and also look at net.ipv4.ip_local_port_range set in /etc/sysctl.conf.

• Configuring RPC dynamic port allocation

  I'm getting RPC errors to a Windows 2003 server:
  0x800706ba
  Win32
  The RPC server is unavailable
  I've verified the RPC, TCP/IP Netbios Helper, Windows management Instrument services are started on the 2003 box. From the same 2003 box I am able to run wmimgmt.msc and view it's wmi properties. However, I get the RPC error above when I run the WBEMTEST
  from a client on another domain. I also get the same error when I run wmimgmt.msc using the same remote client to access the 2003 box. I came across the microsoft KB:  https://support.microsoft.com/en-us/kb/154596
  Would I just configure that port range on the 2003 box's registry? At this point I'm leaning that maybe it's a firewall issue but not sure.

  Hello,
  first check with the article
  https://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx?f=255&MSPPError=-2147217396 that all AD required ports are open.
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Sql server 2012 express - tcp/ip connection to named instance using dynamic port not working

  I have a named instance on a SQL 2012 Express server that won't connect via TCP/IP when wanting to connect off of the dynamic port.  I can connect via shared memory locally on the server.   I can connect to the namespace when specifying the
  dynamic port listed in the configuration manager.  
  This is the only named instance on the server and it is not the default.
  TCP/IP is enabled
  Allow Remote connections is enabled
  the server browser service is running
  I can connect via the dynamic port number
  I am testing the connection locally on the server, so I don't believe a firewall is the issue.  I get the same results if I test it from a remote computer.
  When using the sqlcmd (sqlcmd -S tcp:SQLSRVR\NAMEINST -E) I get the message that "the requested protocol isn't supported [xfffffffff]".   The command (sqlcmd -S tcp:SQLSRVR\NAMEINST,59992 -E) works.
  Through SSMS, I get the message "the connection was actively refused".
  On other boxes, I can connect with the named instance without having to specify the port. 
  I have looked through the sql logs and nothing much shows up.  The log does show that is listening on the port # for ipv4 and ipv6.   There is also a line in there talking about the SPN not being registered and not to worry about it if
  you are not using Kerberos.  I logged in through shared memory and it said I was using NTLM.
  Any help would be appreciated.
  thanks.

  Hi clw,
  I’m writing to follow up with you on this post. According to your description, I do a test, if you configure the database engine to listen on a specific TCP port (59992), and
  the port is opened in the firewall. If you want to connect to the SQL Server instance, you 'd better to
  use the port number.
  In my opinion, by default, the default instance of the Database Engine uses port 1433, usually, if you have configured the server to listen on a non-default port number, when an instance of SQL Server uses dynamic port allocation, the connection string that
  is built at the SQL Server client does not specify the destination TCP/IP port unless the user or the programmer explicitly specifies the port. Therefore, the SQL Server client library queries the server on UDP port 1434 to collect the information about the
  destination instance of SQL Server.
  If UDP port 1434 is disabled, the SQL Server client cannot dynamically determine the port of the named instance of SQL Server. Therefore, the SQL Server client may be unable to connect to the named instance of SQL Server. In this situation, the SQL Server
  client must specify the dynamically allocated port where the named instance of SQL Server is listening.
  For more information about configuring an instance of SQL Server to listen on a specific TCP port or dynamic port, you can review the following article.
  https://support.transfrm.com/entries/503111-How-to-configure-an-instance-of-SQL-Server-to-listen-on-a-specific-TCP-port-or-dynamic-port
  Thanks,
  Sofiya Li
  Sofiya Li
  TechNet Community Support

• Can you configure a static port to use with certsrv.msc?

  I am trying to use certsrv.msc to connect from my workstation to the CA for administration purposes.  Workstation is Win7, CA is 2008 R2 Enterprise running Enterprise Subordinate on a dedicated box.
  I configured a static DCOM port for certsvc by following this article, including bouncing the service and also rebooting the CA box:
  http://social.technet.microsoft.com/wiki/contents/articles/1559.how-to-configure-a-static-dcom-port-for-ad-cs.aspx
  The static port was opened in the firewall from my workstation to the CA.  We also found that TCP 445 was required, so that has been opened as well, port 135 & other ports normally needed for autoenrollment should be open.  Sniffing the firewall
  showed that a random high numbered port that is not the static dcom port is being attempted - this is the only port showing dropped packets & no traffic on the static port.
  I am wondering if there is a way to configure a static port for this high-level random port to use with certsrv.msc as I was able to do with the certsvc dcom port?  I am trying to avoid having tens of thousands of network ports wide open going to my
  CA...  Thanks in advance!

  Hi Steve,
  I am sorry that I wasn’t able to find references about restricting certificate services only use one port in the random port range.
  However, we can configure RPC dynamic ports allocation to restrict port range. In the meantime, we should keep at least 100 ports open to keep necessary system services running.
  More information for you:
  How to configure RPC dynamic port allocation to work with firewalls
  http://support.microsoft.com/kb/154596/en-us
  Service overview and network port requirements for Windows
  http://support.microsoft.com/kb/832017/en-au
  Firewall Rules for Active Directory Certificate Services
  http://blogs.technet.com/b/pki/archive/2010/06/25/firewall-roles-for-active-directory-certificate-services.aspx
  Best Regards,
  Amy Wang

• ERROR  OGG-01201  Error reported by MGR : No available dynamic port entries

  Dear All,
  I have configured Golden Gate for MySQL on Linux machine.
  All my extracts and replicats were running fine but suddenly the initial load extract have started trowing this error:
  *2013-02-25 14:30:08 ERROR OGG-01201 Error reported by MGR : No available dynamic port entries.*
  *2013-02-25 14:30:08 ERROR OGG-01668 PROCESS ABENDING.*
  This is the same configuration that was working fine for many days:
  GGSCI>ADD EXTRACT exp1, SOURCEISTABLE
  GGSCI>INFO EXTRACT *, TASKS
  GGSCI>edit params exp1
  EXTRACT exp1
  SOURCEDB db@localhost:3306, USERID "******", PASSWORD "******"
  RMTHOST 10.168.20.31, MGRPORT 7809
  RMTTASK REPLICAT, GROUP imp1
  TABLE netfors.edr;
  --on 31
  GGSCI>ADD REPLICAT imp1, SPECIALRUN
  GGSCI>edit params imp1
  replicat imp1
  USERID user, PASSWORD password
  SOURCEDEFS /u01/app/oracle/oradata/GG/dirdef/edr.def
  DISCARDFILE /u01/app/oracle/oradata/GG/dirrpt/imp1.dsc, PURGE
  HANDLECOLLISIONS
  MAP "db.edr", TARGET db.SDR_TBLICPRAWEDR, COLMAP (usedefaults,
  ICPRE_RAWEDRID=seqno,
  ICPRE_SENDER=sender,
  ICPRE_RECEIVER=receiver,
  ICPRE_ICCARRIERID=incoming,
  ICPRE_OGCARRIERID=outgoing,
  ICPRE_QUEUE=queue,
  NE_ELEMENTID=18,
  ICPRE_CREATETIME=createtime,
  ICPRE_TIMEOFDAYBEGIN=timeofdaybegin,
  ICPRE_TIMEOFDAYEND=timeofdayend,
  ICPRE_UPDATETIME=updatetime,
  ICPRE_STATE=state,
  ICPRE_MODE=mode,
  ICPRE_BATCHID=batchid,
  ICPRE_REFERENCE=reference,
  ICPRE_MSG_REFERENCE=msg_reference,
  ICPRE_SEGMENT=segment,
  ICPRE_CSMSID=csmsid,
  ICPRE_GMSC=gmsc,
  ICPRE_IMSI=imsi,
  ICPRE_SMPP_MESSAGE_ID=smpp_message_id,
  ICPRE_RETRIES=retries,
  ICPRE_ELOCATION=elocation,
  ICPRE_ECODE1=ecode1,
  ICPRE_ECODE2=ecode2,
  ICPRE_FLAGS=flags);
  Kindly help to resolve this issue.
  Thanks, Imran

  Thanks for your reply and time Kamal.
  When i run :
  GGSCI (smsc.etisalcom.net) 1> send mgr getportinfo detail
  returns
  Sending GETPORTINFO, request to MANAGER ...
  No Dynamic Ports In Use or Configured
  But I have tried with
  DYNAMICPORTLIST 7809,7810,7811 7812-7850
  But error message was the same.
  Current settings for the mgr
  GGSCI>edit params mgr
  PORT 7813
  Regards, Imran

• Using BC4J Session Bean in OC4J 10.1.3 with dynamic ports

  Hi Folks!
  I've benn having trouble connecting my BC4J Session Bean to an Oracle 10gAS R3 server instance tha uses dynamic ports.
  After migrating a BC4J/Struts/JSP application from 9iAS to 10gAS R3, I'm trying to connect from a client application to my instace in the server. The problem is that the instance uses dynamic ports, and whenever I deploy my application to the server, I've got to update the port number in the bc4j.xcfg file in the client application, wich has became impossible to maintain.
  When I connect to an EJB in the same server, I use the instance name instead of the port number. However, when I do the same with BC4J, I get the following exception:
  javax.naming.NamingException [Root exception is java.lang.NumberFormatException: For input string: "OC4J_dvt20"]
       at oracle.jbo.client.remote.ejb.ias.AmHomeImpl.remoteLookup(AmHomeImpl.java:131)
       at oracle.jbo.client.remote.ejb.ias.AmHomeImpl.getRemoteApplicationModuleHome(AmHomeImpl.java:42)
       at oracle.jbo.client.remote.ejb.AbstractApplicationModuleHomeImpl.lookupUsingPlatformContext(AbstractApplicationModuleHomeImpl.java:82)
       at oracle.jbo.client.ejb.ApplicationModuleHomeImpl.<init>(ApplicationModuleHomeImpl.java:52)
       at oracle.jbo.client.remote.ejb.AbstractApplicationModuleHomeImpl.<init>(AbstractApplicationModuleHomeImpl.java:35)
       at oracle.jbo.client.remote.ejb.ias.AmHomeImpl.<init>(AmHomeImpl.java:35)
       at oracle.jbo.client.remote.ejb.ias.InitialContextImpl.createJboHome(InitialContextImpl.java:28)
       at oracle.jbo.common.JboInitialContext.lookup(JboInitialContext.java:77)
       at javax.naming.InitialContext.lookup(InitialContext.java:347)
       at oracle.jbo.common.ampool.DefaultConnectionStrategy.createApplicationModule(DefaultConnectionStrategy.java:136)
       at oracle.jbo.common.ampool.DefaultConnectionStrategy.createApplicationModule(DefaultConnectionStrategy.java:80)
       at oracle.jbo.common.ampool.ApplicationPoolImpl.instantiateResource(ApplicationPoolImpl.java:2468)
       at oracle.jbo.pool.ResourcePool.createResource(ResourcePool.java:536)
       at oracle.jbo.common.ampool.ApplicationPoolImpl.prepareApplicationModule(ApplicationPoolImpl.java:2094)
       at oracle.jbo.common.ampool.ApplicationPoolImpl.doCheckout(ApplicationPoolImpl.java:1961)
       at oracle.jbo.common.ampool.ApplicationPoolImpl.useApplicationModule(ApplicationPoolImpl.java:2793)
       at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:453)
       at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:424)
       at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:419)
       at oracle.jbo.client.Configuration.getApplicationModule(Configuration.java:1546)
       at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1504)
       at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1476)
       at pkg.TesteEjbMCT.findTLS(TesteEjbMCT.java:98)
       at pkg.TesteEjbMCT.main(TesteEjbMCT.java:51)
  My question is: is there a way to configure my bc4j.xcfg, or another way to connect, in order to skip the use of the port number? Or a way to get the port number from the server before I connect?
  Thanks in advance!!!

  I've just found the solution from Steve Muench weblog, always useful by the way!
  You can find the solution at this link http://radio.weblogs.com/0118231/stories/2004/05/07/handcodingDynamicDiscoveryOfEjbdeployedAppmodule.html
  In summary, we need to use the class com.evermind.server.rmi.RMIInitialContextFactory, which supports dynamic lookup, and implement the lookup ourselves.
  The code I've written to lookup the service is listed below:
  public static ApplicationModule getAppModuleManutencao() {
  try {
  Context ctx = getContext();
  ManutencaoFacadeHome home = (ManutencaoFacadeHome) ctx.lookup(EJB_MANUTENCAO_BEAN_NAME);
  ApplicationModule am = ApplicationModuleProxy.create(home, null);
  return am;
  } catch (NamingException nex) {     
  nex.printStackTrace();
  return null;
  private static InitialContext getContext() {   
  try {     
  Hashtable env = new Hashtable();
  env.put(Context.INITIAL_CONTEXT_FACTORY, "com.evermind.server.rmi.RMIInitialContextFactory");
  env.put(Context.SECURITY_PRINCIPAL, "admin");
  env.put(Context.SECURITY_CREDENTIALS, "welcome");
  env.put(Context.PROVIDER_URL, "opmn:ormi://dsv008:OC4J_dvt20/mct");
  env.put(Context.SECURITY_AUTHENTICATION, "simple");
  return new InitialContext(env);
  }catch (NamingException e) {     
  e.printStackTrace();
  return null;
  I hope this helps someone!!!
  Cheers!

• Dynamic port use

  My application uses RMI by having a server-proxy-service system to enable the classes on the user's side to access functions on the server side that access the oracle database.
  I have recently been asked for a specification of the ports that our application uses.
  I have run a "netstat" on my server and saw that the user's computers connect to the server on a dynamic range of ports, while the only interaction the users have with the server is via RMI.
  Is RMI responsible for the connection of dynamic ports to the server?
  If so, is there anyway to set it use only certain ports?

  If so, is there anyway to set it use only certain ports?Yes. You can specify the port when constructing a Registry with LocateRegistry.createRegistry, and when exporting a remote object via the constructors of UnicastRemoteObject or UnicastRemoteObject.exportObject(). If you don't specify the port here, or specify zero, a system-allocated port will be used.

• Dynamic (ephemeral) Port Allocation Global or per-IP?

  Due to an unfortunate application design, I am encountering an issue where I am exhausting ephemeral ports, even after increasing the range.  We have noticed the ephemeral port range seems to be allocated globally, regardless of sourceIP.
  This post http://charlesgate86.wordpress.com/2011/09/23/cas-connection-scalibility-between-exchange-2007-2010/ seems to indicate that support was added in Windows
  Server 2008 for per-IP source port selection.   However, it also indicates that applications must be modifiied to leverage such support, but alas does not give any details on the modifications required.
  The relevant section: 
  Where we see a scale limitation is between CAS and mailbox.  Prior to Windows Server 2008, each outbound connection would
  only use a single source port regardless of the destination IP or whether the source port was available for use; in other words, once the source port was used, it could not be used for any other outbound connection on the server.  Thus we were limited
  to the maximum number of TCP/IP connections, which for Exchange Server 2007 is 60,000 (MaxUserPort TCP setting). 
  We addressed this in Windows Server 2008 by allowing the source port to be used once on a per IP address basis.  So now as long as we have additional IP addresses on CAS,
  we can scale 60,000 outbound connections per source IP address.  However, the corresponding
  applications had to take advantage of this new feature.  In the case of Outlook Anywhere, the RPC Proxy service on Windows Server 2008 was updated to do so.  DSProxy, on the other hand, was not – so the mailbox
  server is limited to 60,000 outbound connections to global catalog servers."
  Where can I find information on the application changes required to take advantage of per-IP source port selection?
  Thank you 

  Hi,
  Due to this issue is more related to coding, to get better help, please post your question on the MSDN forum.
  Here is the address,
  https://social.msdn.microsoft.com/Forums/en-US/home
  Best Regards.
  Steven Lee
  TechNet Community Support

• Doing FTP using a Dynamic Port

  Hi,
  I am having an odx with a Receive Shape, expression and Send shape.
  The send shape is connected to a dynamic port:
  There is a message var called ShowPartMessage.
  There is no transformation. This message needs to be received and sent via FTP.
  In the expression shape i have something like:
  SendPortName(Microsoft.XLANGs.BaseTypes.TransportType) = "FTP";
  SendPortName(Microsoft.XLANGs.BaseTypes.Address)= @"FTP://99.99.x.xxx/fold1/ftp/%MessageID%.xml";
  ShowPartMessage(FTP.UserName)= "user";
  ShowPartMessage(FTP.Password)= "pass";
  I get an error message for the last 2 lines saying "message construction must be done
  in a construct block".
  Do i need a construct block just to assign the username and password?
  i based my soln  on the following link here:
  http://msdn.microsoft.com/en-us/library/aa560663.aspx
  Please assist
  regards,

  The difference between static and dynamic ports is only the Message Assignment shape, which is mandatory in a dynamic port to specify the FTP port details.
  Your message assignment shape should have the code like below:
  Msg_DynamicSend(FTP.CommandLogFileName) = "D:\\BiztalkLogs\\FTPLog\\DynamicFTPLog.txt";
  Msg_DynamicSend(FTP.UserName) = "FTPUSER";
  Msg_DynamicSend(FTP.Password) = "Pass1234";
  Msg_DynamicSend(FTP.SpoolingFolder) = "/IN/";
  Msg_DynamicSend(FTP.RepresentationType) = "ASCII";
  DynSendPort(Microsoft.XLANGs.BaseTypes.Address)= "ftp://inhydeshrilata";
  DynSendPort(Microsoft.XLANGs.BaseTypes.TransportType) = "FTP";
  Msg_DynamicSend is the message name set for send port and DynSendPort
  is the port name for dynamic send port.
  If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.
  Regards,
  Rachit

• INST-08010: Error in validating the port range for auto port allocation

  Hello guys, I am using the installer to install OBIEE 11.1.7.0 on my machine. When I get to step 6, I receive the error messages below:
  INST-08010: Error in validating the port range for auto port allocation. At least 2 ports should be free within the range 7000-7500 for the Adminserver and Adminserver SSL.
  Ensure that a minimum of 2 ports are free within the range 7000-7500 for auto port allocation to work correctly for the Adminserver and Adminserver SSL.
  INST-08010: Error in validating the port range for auto port allocation. At least 3 ports should be free within the range 9500-9699 for the Weblogic Components for BI (WLS Managed Server, Managed Server SSL and NodeManager).
  Ensure that a minimum of 3 ports are free within the range 9500-9699 for auto port allocation to work correctly for the Weblogic Components for BI (WLS Managed Server, Managed Server SSL and NodeManager).
  INST-08012: Error in validating the port range for auto port allocation. At least 3 consecutive ports should be free within the range 9500-9699 for the OPMN, in addition to 3 free ports required for Weblogic Components for BI (WLS Managed Server, Managed Server SSL and NodeManager).
  Ensure that a minimum of 3 consecutive ports are free within the range 9500-9699 for auto port allocation to work correctly for the OPMN, in addition to 3 free ports required for Weblogic Components for BI (WLS Managed Server, Managed Server SSL and NodeManager).
  My Operating System  below:
  Linux Red Hat 5.9 X86 64bit
  My uname -a are below:
  Linux redhat59 2.6.18-348.el5 #1 SMP Wed Nov 28 21:22:00 EST 2012 x86_64 x86_64 x86_64 GNU/Linux
  My /etc/hosts file are  below:
  # Do not remove the following line, or various programs
  # that require network functionality will fail.
  127.0.0.1   localhost.localdomain localhost
  10.10.80.19 redhat59
  My /etc/sysconfig/network are below:
  NETWORKING=yes
  NETWORKING_IPV6=no
  HOSTNAME=redhat59
  GATEWAY=10.174.27.228
  My /etc/sysconfig/iptables are below:
  # Generated by iptables-save v1.3.5 on Tue Dec  3 17:01:17 2013
  *filter
  :INPUT ACCEPT [425:33860]
  :FORWARD ACCEPT [0:0]
  :OUTPUT ACCEPT [307:40164]
  COMMIT
  # Completed on Tue Dec  3 17:01:17 2013
  My ifconfig are below:
  eth0      Link encap:Ethernet  HWaddr 52:54:00:55:9B:C9
            inet addr:10.174.27.233  Bcast:10.174.27.255  Mask:255.255.255.0
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:200216 errors:0 dropped:0 overruns:0 frame:0
            TX packets:95849 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:1000
            RX bytes:110668992 (105.5 MiB)  TX bytes:209784134 (200.0 MiB)
  lo        Link encap:Local Loopback
            inet addr:127.0.0.1  Mask:255.0.0.0
            UP LOOPBACK RUNNING  MTU:16436  Metric:1
            RX packets:109200 errors:0 dropped:0 overruns:0 frame:0
            TX packets:109200 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:0
            RX bytes:257845896 (245.9 MiB)  TX bytes:257845896 (245.9 MiB)
  my /etc/sysconfig/network-scripts/ifcfg-eth0 are below:
  # Virtio Network Device
  DEVICE=eth0
  BOOTPROTO=static
  BROADCAST=10.174.27.255
  HWADDR=52:54:00:55:9B:C9
  IPADDR=10.174.27.233
  NETMASK=255.255.255.0
  NETWORK=10.174.27.0
  ONBOOT=yes
  Have any suggestion please?
  Many Thanks
  D

  In setDomainEnv.sh set debugFlag=false or you can just remove it.
  NodeManager is a charm after that. it can take any number of ports.
  Cheers !!

• 802.1x dynamic vlan assignment using ACS 4.2

  Hi
  we have 10 switches 2960 configured with 802.1x authentication against ACS server 4.2.
  we have 2 vlans configured on the switches for administrator and endusers. the end user vlan id is 10 and the administartor vlan is is 100.
  we need to apply the following scenario, if the enduser PC - that is connected to vlan 10 - has an issue and the administrator will login to the PC with the administrator account to fix that issue, the switch should dynamically reconfigure the port with the administrator vlan ( 100 ) .
  is the above scenario doable using dot1x with the ACS server?
  waiting your replies
  Mohamed

  Hi,
  I have the following scenario
  2 bulidings with multiple floor
  Each floor should be in different VLAN.
  The network should be authenticated with 802.1x and each switch port should be assigned with dynamic VLAN from ACS.
  Each
  user should be able to connect and roam around between any building.
  when ever a user is connecting his laptop to any floor, he should be
  made part of that respective vlan. It is not requred to have the same
  IP rage to be allocated, but the dynamic VLAN should be based on the
  switch port location.
  Can
  I configure ACS in such a way that, the ACS will allocate dynamic VLAN
  for every 802.1x authentication  based on the Network Device Group.
  Please refer the attached diagram
  Hi,
  Check out the below link for your requirement for dynamic vlan assignement using ACS
  http://www.ciscosystems.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml
  Hope to Help !!
  Ganesh.H
  Remember to rate the helpful post

• 802.1x Dynamic Vlan assignment using ACS

  Hi,
  I have the following scenario
  2 bulidings with multiple floor
  Each floor should be in different VLAN.
  The network should be authenticated with 802.1x and each switch port should be assigned with dynamic VLAN from ACS.
  Each user should be able to connect and roam around between any building. when ever a user is connecting his laptop to any floor, he should be made part of that respective vlan. It is not requred to have the same IP rage to be allocated, but the dynamic VLAN should be based on the switch port location.
  Can I configure ACS in such a way that, the ACS will allocate dynamic VLAN for every 802.1x authentication  based on the Network Device Group. Please refer the attached diagram

  Hi,
  I have the following scenario
  2 bulidings with multiple floor
  Each floor should be in different VLAN.
  The network should be authenticated with 802.1x and each switch port should be assigned with dynamic VLAN from ACS.
  Each
  user should be able to connect and roam around between any building.
  when ever a user is connecting his laptop to any floor, he should be
  made part of that respective vlan. It is not requred to have the same
  IP rage to be allocated, but the dynamic VLAN should be based on the
  switch port location.
  Can
  I configure ACS in such a way that, the ACS will allocate dynamic VLAN
  for every 802.1x authentication  based on the Network Device Group.
  Please refer the attached diagram
  Hi,
  Check out the below link for your requirement for dynamic vlan assignement using ACS
  http://www.ciscosystems.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml
  Hope to Help !!
  Ganesh.H
  Remember to rate the helpful post

• Dynamic port assignments

  hi all. if my question can be answered by reading TMG documentation, feel free to direct me there (i tried searching for the admin documentation but couldn't find it).
  can someone tell me what the purpose of dynamic port assignment is from endpoint -> TMG? Once the traffic leaves the TMG -> Internet, the actual service port is being used but that doesn't help me for internal queries.
  many thanks,
  -P

  Hi,
  Please check the articles below.
  ISA/TMG Server
  Application protocol
  Protocol
  Ports
  Configuration Storage (domain)
  TCP
  2171            (note 1)
  Configuration Storage (replication)
  TCP
  2173   (note 1)
  Configuration Storage (workgroup)
  TCP
  2172   (note 1)
  Firewall Client   Application
  TCP/UDP
  1025-65535 (note 2)
  Firewall Client Control Channel
  TCP/UDP
  1745   (note 3)
  Firewall Control Channel
  TCP
  3847 (note   1)
  RPC
  TCP
  135 (note 6)
  Randomly allocated high TCP ports (note   6)
  TCP
  random port number between 1024 - 65535
  random port number between 10000 - 65535 (note 7)
  Web Management
  TCP
  2175 (note 1, 4)
  Web Proxy Client
  TCP
  8080 (note 5)
  Collapse this imageExpand this image
  Notes
  This port is not used with ISA 2000.
  FWC application transport and protocols are negotiated within the FWC control channel.
  ISA 2000 FWC control uses UDP. ISA 2004 and 2006 use TCP.
  OEM uses Firewall Web Management to provide non-MMC management of ISA Server.
  This port is also used for intra-array traffic.
  This port is used only by the ISA management MMC during remote server and service status monitoring.
  This is the range in TMG. Please note that TMG extends the default dynamic port ranges in Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista.
  https://support.microsoft.com/kb/832017?wa=wsignin1.0#method14
  Reference:
  TCP connection established using Firewall client may close unexpectedly
  Regards,
  Joyce
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• DS Repository with SQL Server Dynamic Ports

  I have just installed Data Services 4 on our production SQL server cluster.
  While our DEV SQL server runs on the standard port (1433), our prod servers use dynamic ports.  I don't administer the servers and cannot change this.
  Initially I was getting "java.net.connectexception: Connection Refused: Connect " errors.
  After a lot of difficulty I managed to get DS to install by giving it the currently allocated dynamic port number.  I had to enter a port, otherwise the 'next' button was grey out. 
  Everything worked, but I am concerned that once the SQL servers restarts, it will get a new port and DS will fail. 
  Is there a config file which stored the connection strings for the repository ?  I'l like to see if its saved the port of not.  Microsoft claim if no port is listed, it will get the Dynamic port automatically.
  Funily enough, when I run the repository manager to set up new repositories, it makes no mention of ports.  It the port only needed for the Initial software install ?
  Thanks,
  Leigh.

  LeighK wrote:
  > Funily enough, when I run the repository manager to set up new repositories, it makes no mention of ports.  It the port only needed for the Initial software install ?
  Port number will be asked when you try to add a repository to the management console.
  Regards,
  Shine