Which ports does WMI Service in Active Directory use exactly?
The RPC end point mapper listens on TCP 135. The subsequent conversation continues on a random, negotiated port. Microsoft KB 154596 (http://support.microsoft.com/kb/154596) describes how to limit the "random" port range.
However, a number of firewalls are now able to follow an MS-RPC conversation, i.e.: you specify that the conversation is MS-RPC, and the firewall intercepts the port negotiation, then continue to monitor that conversation.
Not sure if this helps. I've used the latter with RPC through a Juniper firewall.
Related videos on Youtube
Comments
-
IRousso almost 2 years
I read in the technet, that the WMI Services uses random ports over 1024 because of RPC..
Now is the question does it use 1025-5000 because of the microsoft port reservation or could it use more than the 5000 port? I am firewall admin and want to know exactly!
Here are some Links i found:
http://msdn.microsoft.com/en-us/library/bb219447%28VS.85%29.aspx
http://technet.microsoft.com/en-us/library/bb632618.aspx
Hope someone can help.. Thank you!
-
SpacemanSpiff over 13 yearsSo there is a port for RPC "signaling" I don't remember the right term for it and then a range of ports used for communication. You can however force these with a simple regedit. I had to do this on my domain controllers so that a device on the other side of a firewall could reach them on a specific set of ports. Tom
-