Opening of TCP/IP Port 53 in Firewall
Hi ,
I checked few SharePoint blogs which say for SharePoint 2013 need to open Port 53 in Firewall for "User Profile Synchronization Service(FIM)" to
DNS server.
- What user profile sync is been done between SP server and DNS server. isn't the user profile sync is from AD server ?
pl see the link http://technet.microsoft.com/en-us/library/cc262849.aspx
Thanks
Hari
Hari
thanks guys.
My SP farm is in could and AD & DNS are in different cloud zone, hence firewall is in between.
I am SP guy no much knowledge of firewall, DNS & AD. The cloud infra team has rejected the request to open port 53 to DNS server reason " This rule cannot be allowed
as it will also cause functional issues for the Cloud VMs. Cloud VMs depends on Cloud internal DNS services to function. One method may be to consider if another AD/ DNS can be configured within G-Cloud as a VM. We apologize as we are unable to advise a solution,
and even this needs to be submitted in this Pre-Qualification form for approval. Please note that Cloud VMs must not directly join the remote domain as this will cause the required DNS records to be missing."
So I still this FIM to connect to AD-DS server or DNS server to fetch user information.
Thanks
hari
Hari
Similar Messages
-
Which TCP/UDP ports need to be opened on a firewall for adobe reader and flashplayer?
Which TCP/UDP ports need to be opened on a firewall for adobe reader and flashplaer to operate properly? This would include updating, linking, and any subset of features.
The Acrobat Family uses TCP HTTP/HTTPS for all traffic. The following processes and ports may be active on a Windows client machine:
AdobeARM.exe - automatic updates - port 443
AcroRd32.exe - brand messages - port 443
AcroRd32.exe - links in documents - anything specified in the URL
Acrobat.exe - brand messages - port 443
Acrobat.exe - links in documents - anything specified in the URL
AdobeCollabSync.exe - Tracker review data - port 443
The same ports are used by the program components on OS X.
There are no inbound listening ports for any elements of the Acrobat Family. Automatic updates are not pushed and there are no server processes within the software. -
Which TCP/IP ports do I have to open in order to get communication
I have an enterprise portal. based on EHP1 and I want to patch it. So I need to connect it to Solution manager.
However systems are in different networks.
I wander which TCP/IP ports do I have to open in order to get communication between the two systems.
I am trying to fid documentation for this case but every documentation asumes systems are in same networkIt's fascinating that that document hasn't been replaced/updated in five years. Regardless, I've noticed an inconsistency in how they list the needed ports.
For example, they mention that port 5nn13 is needed for (I think) the Netweaver Start Service, and mention that the nn should be replaced with the instance number (00-99). That's one hundred ports (50013, 50113, 50213, ... 59913). Yet, in the "Range" column, they significantly mis-describe that as 50013-59913, which adds another 9801 completely unnecessary holes to put into a firewall. (e.g. 50026, 51058, 53077, etc etc)
They do that for most of the ranges they use that nn shorthand with... 5nn00, 5nn01, 5nn14, 5nn16, etc.
In short, following the description they give in the "Range" column will have one opening thousands upon thousands of unnecessary holes in the firewall. -
What TCP or UDP ports do I need to open on my router firewall to allow server to server administration running maverics and server app 3.0?
Also you may want to open tcp port 625 so that you can update the server's OD master.
More info can be found here: http://support.apple.com/kb/ts1629 Well known TCP/UDP ports used by Apple Products.
HTH
- Leland -
RDS and Gateway issues: Cannot get remoteapps to run without opening port 3389 on firewall
I am testing the setup of a small RDweb server to host QuickBooks for some remote sales users (4 users). For the most part, I have everything installed on one virtual server (using 2012r2 "Quick Start" session host deployment with the additional
Licensing and Gateway server roles added to the same server).
Everything works excellent with one exception. External clients cannot launch published apps without having port 3389 open on the firewall, even with the gateway role installed and the 'Deployment Properties' set to use the gateway. They can properly connect
to the RDweb site and view the published apps. The only way it works is open the firewall port (at which time I can disable the gateway or leave it configured and it works either way). Internally, everything works accordingly. I have followed the steps outlined
on many sites and have combed though the forum here to no avail.
Error received (summarized but is a well documented error):
remote desktop can't connect to the remote computer: 1- Your user account is not listed (it actually is) or 2- You might have specified the remote computer in NetBios format . . etc.
This is an existing SBS 2011 environment with additional virtual servers setup to host QuickBooks as outlined below:
Current setup:
Used Quick Start to install Remote Desktop Services in hosted sessions mode
Installed the additional roles for Licensing and Gateway server on same server
Configured wild card public certificates on all four services (Connection Broker(2), Web Access and Gateway)
Configured internal DNS to properly lookup our external FQDN of this server (ex. quickbooks.contoso.com points to quickbooks.contoso.local
One thing I noticed (just now) when I launch a published app and the firewall has port 3389 closed, a dialog box pops up directly after launching the app that warns about running a RemoteApp program and mentions the Remote Computer and the Gateway Server
as both the same (which it is); however, I would have assumed one would have listed the internal server's name while, instead, both are listed as the external FQDN. Either way, internal DNS should still allow it to properly route . . no? I don't know . . I'm
sure I am just missing something in a routing configurations somewhere. The gateway service is not properly looking up the RDweb service and then seeming not routing the encapsulated RDP session through HTTPS. . .. is my guess . .
I was reading about the "set published name" commandlet; however, I am not experiencing a certificate name mismatch; however, the certificate name does show up as *.contoso.com versus the actual name. I may just be grasping as straws now . . :)Ok, while I was in the server and looking over the BPA scans: "The Remote Desktop Gateway (RD Gateway) server Secure Sockets Layer (SSL) certificate may not have a valid certificate subject name." This may be due to it showing up as *.companyname.com
versus quickbooks.companyname.com. Anyhow. .. on to the list of actions above:
Changed RD RAP from "Select Active Directory" group to "Allow any network resource" and tested with port 3389 closed on firewall:
Worked. Initially it did not as I had used a custom shortcut created from earlier; however, after logging into the RDweb site again, the application loaded fine now (after the RD RAP change)
No error message appeared; however, I did notice that for a split second, the word Error did appear in the browser's tab title, but only very shortly. The app launch does take a bit longer too now (about 10-15 seconds, up from about 4 seconds with the port
open). This, I could care less about so long as we are properly forwarding the traffic through the gateway.
As for log entries, I had spend quite a bit of time in there and only had minor issues with loading user profile setting taking too long and policy settings preventing the redirection of USB devices. Looking again, no issues still. Just a bunch of informational
entries where I would connect before (and disconnect) but only with the port on the firewall open; otherwise, there was not an entry corrolating to when I would receive an error before. Now though, I am connecting after the RD RAP change and logs are showing
connections even with the port closed. These are in "operational", the "admin" log only shows the update to the RD RAP configuration.
Yes, the LAN's DNS server does relay the lookup information for my public FQDN as the local LAN address. No need for a local host record.
I have now added a new rule in our firewall to allow and forward UDP port 3391 traffic to the internal server hosting remote services
Thank you very much for your assistance on this matter. The RD RAP rule was default built during the creation of this services. Why is the resource not cross-referencing AD security groups? I could have sworn I created a group for that . . . -
TCP/UDP Ports and site used by FEP to download updates - needed to allow on perimeter firewall
Can some one point me with information like what TCP/UDP ports are utilized by FEP and what DNS / site Name it uses to download FEP Updates. This is needed to tighten perimeter FireWall policies
Thank youIt should be the same as the documentation for all Software Updates:
https://technet.microsoft.com/en-us/library/bcf8ed65-3bea-4bec-8bc5-22d9e54f5a6d#BKMK_ConfigureFirewalls
Make sure to expand the "restrict access to specific domains" section to see the update related URLs. -
Opening a port in the firewall
I want to be able to use pulptunes, but I need to be able to open a port in my firewall (15000), how do I go about this?
erikagwen,
Leopard has a new "Application Firewall." What this means for you is that it will automatically configure itself to allow your application to communicate, opening ports as needed, provided you authorize it to do so. When you first launch the application, the firewall will detect the "sockets" that it creates, and ask if you wish to allow it to accept outside requests.
It is also likely that you are behind a router, which will be running its own firewall. For this, you'll need to first determine the ports involved, then check and follow your router's documentation for forwarding those ports to your computer.
Scott -
What TCP/UDP ports need to be open for VPN Client version 4.8?
What TCP/UDP ports need to be open for Cisco VPN Client version 4.8 to work?
Thanks,Normally, you need the following ports and protocol :
UDP 500
UDP 4500
ESP
In case, you are using IPSec over TCP you have to open, TCP port 10000 or any other port you want to use for IPSec connections (Its configurable).
-Kanishka -
How to free tcp/ip port in Mac OS X v10.6 Snow Leopard
weeks ago i installed graboid on my imac and it's having trouble downloading files. this is what appears whenever i open graboid:
+SABnzbd.py 0.4.6 failed to start.+
+The Graboid Download Manager needs a free tcp/ip port for its internal web service.+
+Port 11234 on localhost was tried , but it is not available.+
+Please ensure that your firewall grants access to GraboidDLManager.exe and port 11234 and 119 aren't blocked.+
+Some other software may be using the port or the download manager is already running.+
+Please verify that another instance of the download manager is not already running. To do this, press CTRLShiftEsc or open your task manager. Make sure the Processes tab is selected and look for "GraboidDLManager.exe" in the list. If it is there, click on it and then press the "End Process" button. After that, please restart Graboid.+
+Open a Terminal window and type the line (example):+
+/Applications/SABnzbd.app/Contents/Resources/SABnzbd.py --server localhost:11235+
+Open a Terminal window and type the line (example):+
+/Applications/SABnzbd.app/Contents/Resources/SABnzbd.py --server localhost:11235+
"/>
how do i free a port in snow leopard? i already allowed incoming connections from graboid in my security preferences but still it wouldn't work. help please. thanksDo you use a router to connect to the internet? If so the port needs to be mapped to your local machine.
-
IE HTTP close (reset) - port reuse causing firewall issues
Having an issue with some systems reusing the same TCP port number between sessions, causing the firewall to drop the connection.
Internet Explorer is creating the HTTP socket connection to port 80. An ephemeral port (assigned by Windows) is bound to the local side of the connection. The first connection goes through just fine. The socket is
closed/reset. However, the very next connection (hundreds of milliseconds later), is using the same ephemeral port, causing the firewall to discard the connection.
I have tried setting TcpTimedWaitDelay in the registry but that did not help. Since the socket is being reset, it never goes into the TIME_WAIT state.
Any suggestions? This does not happen consistently - on the order of 10s of times per day.
Thanks!Problem is still occurring. Customer has built a new client system with MS-only software (no virus protection, etc.). Upgraded this system to IE9. Problem is still occurring. Tried disabling NativeXMLHTTP option but no difference.
Here is the ASP VBScript code that causes the error to appear:
function SubmitPost(data,ErrHow)
var d = new Date();
return SendData('POST','TDMaster.asp?InstID=' + document.getElementById("tdInstance").value + '&UID=' + d.getTime(),data,ErrHow,0);
//Returns valid version of MSXML
function GetMSXML()
var progIDs = ['Msxml2.XMLHTTP.6.0','Microsoft.XMLHTTP'];
for (var i = 0; i < progIDs.length; i++) {
try {
var http = new ActiveXObject(progIDs[i]);
return http;
catch (ex) {
return null;
// Function that actually sends the data and returns the response
// Format 0 = XML
// Format 1 = Binary
var http;
var timedOut;
function SendData(method,url,data,ErrHow,Format)
http = GetMSXML() ;
var ResultXML;
var e;
http.open(method, url, false);
http.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
http.setRequestHeader("Content-Length", data.length);
try {
http.send(data);
if(Format == 0) {
return http.responseText;
} else {
return http.responseBody;
} catch(e) {
return CreateError(e.number, e, ErrHow); -
Port Forwarding Cisco firewall
Hi,
In Cisco Firewall 2900 seires
trying to use port forwarding
but not communication please help me.
Reg
Manoj.: Saved
: Written by enable_15 at 23:01:39.772 UTC Thu Jan 30 2014
name 10.10.70.X.40 FinalPdf
name 201.256.x.x Youfinalip
interface Ethernet0/0
nameif YOUB
security-level 0
ip address 201.256.x.x.254.82 255.255.255.248
interface Ethernet0/2
nameif inside
security-level 100
ip address 10.10.70.X.1 255.255.255.0
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
ftp mode passive
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service ftp tcp
port-object eq ftp
port-object eq ftp-data
port-object eq 14147
object-group service any tcp-udp
port-object range 1 65535
object-group service DM_INLINE_TCP_1 tcp
group-object ftp
port-object eq ftp-data
access-list EXEMPT extended permit ip 10.10.70.X.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list EXEMPT extended permit ip 10.10.70.X.0 255.255.255.0 10.70.0.0 255.255.0.0
access-list EXEMPT extended permit ip 10.10.70.X.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list inside_access_in extended deny object-group TCPUDP any any eq domain
access-list inside_access_in extended permit ip any any
access-list YOUB_mpc extended permit ip any any
access-list YOUB_access_in extended permit object-group TCPUDP any interface YOUB inactive
access-list YOUB_access_in extended permit tcp any host Youfinalip object-group ftp
pager lines 24
logging enable
logging emblem
logging asdm-buffer-size 512
logging buffered debugging
logging trap debugging
logging history debugging
logging asdm debugging
logging device-id hostname
logging debug-trace
logging ftp-bufferwrap
logging ftp-server 10.10.70.X.251 firwall/ firwall firwall
logging class auth trap emergencies asdm emergencies
mtu YOUB 1500
mtu SIFY 1500
mtu inside 1500
mtu WAN 1500
mtu management 1500
ip verify reverse-path interface YOUB
ip verify reverse-path interface inside
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
asdm location Testpdf 255.255.255.255 inside
asdm history enable
arp timeout 14400
global (YOUB) 1 interface
global (SIFY) 1 interface
nat (inside) 0 access-list EXEMPT
nat (inside) 1 10.10.70.X.0 255.255.255.0 dns
static (inside,YOUB) tcp Youfinalip ftp Testpdf ftp netmask 255.255.255.255
access-group YOUB_access_in in interface YOUB
access-group inside_access_in in interface inside
route YOUB 0.0.0.0 0.0.0.0 201.256.x.x.254.81 1 track 1
route inside 0.0.0.0 0.0.0.0 10.10.70.X.1 10
route WAN 10.60.0.0 255.255.255.0 10.70.100.38 1
route WAN 192.168.8.0 255.255.255.0 10.70.100.38 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 100
type echo protocol ipIcmpEcho 4.2.2.2 interface YOUB
num-packets 3
frequency 10
sla monitor schedule 100 life forever start-time now
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
track 1 rtr 100 reachability
telnet timeout 5
ssh scopy enable
ssh 10.10.70.X.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username cisco password 3USUcOPFUiMCO4Jk encrypted
class-map YOUB-class
match access-list YOUB_mpc
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
description ftp
class inspection_default
inspect dns preset_dns_map
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect ftp
class class-default
ips inline fail-open
policy-map YOUB-policy
class YOUB-class
ips inline fail-open sensor vs0
service-policy global_policy global
service-policy YOUB-policy interface YOUB
smtp-server 10.10.70.X.18
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:aace81256bc60bc50469f80cb0c4641a
: end -
Does anyone know which ports on the firewall/router do I need to open for NAT (Network Address Translation) so that I can access the database from outside the firewall by SQLnet.
default tcp/1521
but u can change it -
TCP/UDP ports between Cisco PI 2.0 and WLC5508
Hello,
I will install Cisco PI 2.0 behind a firewall for security reason. The WLC5508 is before a firewall. Can anybody let me know which TCP/UDP ports need to be open specifically between the Cisco PI and WLC? I don't see that from the below link.
Cisco Prime Infrastructure 2.0 Quick Start Guide
http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-0/quickstart/guide/cpi_qsg.html#wp46865
Thanks,
RobertFirewall Between the WCS and Controller or WCS and the WCS User Interface
When a PI server and a PI user interface are on different sides of a firewall, they cannot communicate unless these ports on the firewall are open to two-way traffic:
80 (for initial http)
69 (tftp)
162 (trap port)
443 (https)
Open these ports in order to configure your firewall to allow communications between a PI server and a PI user interface.
Regards
Dont forget to rate helpful posts -
Checking TCP/UDP ports!
What's up everybody,
Does anyobody know how to check if a port is open? (tcp/udp)
thanks!
matio,Welcome to the forums.
Common Mac OS X tools used here include Network Utility, lsof, and telnet and ping, and dns-sd and ping for Bonjour and mDNS, depending on details are sought.
(With the Windows entries from your footer, various of these tools and equivalents are what can be obtained by loading Cygwin or by loading Microsoft's SUA/SFU tools, and with some add-ons. PowerShell might or does have analogs here, but the old MS-DOS shell was pretty limited in what diagnostics were available without additions. There was telnet and ping, but some other bits were missing.)
Add-on tools include nmap. (nmap is a fairly gonzo-useful tool for this sort of thing.)
telnet works nicely for brute-force port tests on the LAN.
And FWIW, if those public web site tools do work and if you're on your own LAN, then definitely also consider checking the settings of and consider upgrading the LAN security. Those tools and those web sites should be blocked by default by the firewall or the gateway device found on most any LAN; whether that's a low-end NAT device, a server-grade firewall, or otherwise. -
Does anyone know the TCP/UDP Port numbers that have to be opened up when using NAT, this is what I have:
CTC PC >>>>>>>>>>> ROUTER >>>>>>>>>>>ONS15454
The CTC PC and the ONS are on different IP Networks so I'm the router to translate from one to the other with NAT, configured the ONS15454 to use Socks.
I used to have a document that explained this but I've lost it.
THanks
ChrisHi Chris.
I see you already have provisioned the node for SOCKS Proxy. If you want to be able to still have IP connectivity (for ping or telnet) to the ENE's, then enable the SOCKS Proxy Only option. The SOCKS Proxy needs to be provisioned on the LAN connected 15454 at the very least. You can also go to the CTC drop down menu: Edit -> Preferences -> Firewall and change the port from being variable to static default. That will further restrict the ports that are used by CTC. This should resolve any intermittent connectivity issues in CTC if it is being caused by a firewall.
www.cisco.com/en/US/docs/optical/15000r9_1/15454/sonet/reference/guide/454a91_nwconnectivity.html#wp42216
"If you launch CTC against a node through a Network Address Translation (NAT) or Port Address Translation (PAT) router and that node does not have proxy enabled, your CTC session starts and initially appears to be fine. However, CTC never receives alarm updates and disconnects and reconnects every two minutes. If the proxy is accidentally disabled, it is still possible to enable the proxy during a reconnect cycle and recover your ability to manage the node, even through a NAT/PAT firewall."
Lastly, to answer your question directly below is a link to the list:
www.cisco.com/en/US/docs/optical/15000r9_1/15454/sonet/reference/guide/454a91_nwconnectivity.html#wp59962
Table 14-6 Ports Used by the TCC2/TCC2P
Thanks,
Will
Maybe you are looking for
-
Problem with ipad 2 safari cannot download the file for windows live photo gallery
on ipad 2 safari cannot download the file for windows live photo gallery
-
I don't know exactly at what point this happened, perhaps with the 4.1 update, but the Chromatic Aberration check box has disappeared from Lens Corrections panel. It isn't where it was a while back under the Profile tab; nor are the old fringe tools
-
E-72 upgrade to firmware 71.004 causes no detectio...
After I upgraded my E-72 to the latest firmware 71.004, my phone is refusing to support any headphones via the top jack connector. Bluetooth headset works fine, but not any other headphones, and I've tried 3. Anytime I plugin one, message is displaye
-
I have recently (how recently I am not sure, as you'll see) started having a problem with "open recent" in several apps. Say Textedit - open it, point it to a file, open, close. Go to File/Open Recent - nothing there but "Clear Menu". It is the same
-
Dear all, I want to Reject (not cancelled) the contract release if there any way to reject the contract release from any user in workflow kindly reply it. Regards, Ali