myITforum.com Community Forum myITforum.com Community Forum

Home  Forums  Blogs  Live Support chat  Search Articles  Wiki  FAQ  Email Lists  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

All Forums RSS Feed Subscription:


           



SCCM RPC Ports & Hardware Firewalls

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
  Printable Version
All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager >> SCCM RPC Ports & Hardware Firewalls Page: [1]
Login
Message << Older Topic   Newer Topic >>
SCCM RPC Ports & Hardware Firewalls - 4/14/2008 10:22:51 PM   
jkuta

 

Posts: 11
Score: 0
Joined: 9/13/2007
Status: offline 		We have a hardware firewall between our ConfigMgr server and our client network segments.  I had to create a rule that allows all traffic on ports 1025-5000 due to RPC requirements.
 
I used the RPC configuration tool (rpccfg.exe) that Microsoft makes available (KB154596) and configured a range of ports (5100-5200) for the server to use and rebooted.
 
After doing a Wireshark packet capture of a successful client deployment and analyzing it I noticed that RPC is still choosing random ports, in this case ports 1211, 1212 & 1214.  No matter what I try, ConfigMgr still chooses random ports. 
 
Has anyone experienced this?  If so, is there any way to limit ConfigMgr to a smaller range of ports?
Post #: 1
RE: SCCM RPC Ports & Hardware Firewalls - 4/21/2008 3:44:34 AM   
mlindgren

 

Posts: 3
Score: 0
Joined: 2/8/2006
Status: offline 		I have tried but have the same problem, got an answer from Wally Mead in a Microsoft Forum and he told me to contact Product support, because it should work.

(in reply to jkuta)
Post #: 2
RE: SCCM RPC Ports & Hardware Firewalls - 4/22/2008 10:49:46 AM   
jkuta

 

Posts: 11
Score: 0
Joined: 9/13/2007
Status: offline 		I opened a ticket with Microsoft Product Support Services for this issue and this is the response I received:

I spoke to my Escalation lead and she said that in fact there is an RPC call between server and client.
I decided to repro this in the lab and found that it does send RPC calls to acquire information from WMI and we see several request and response between client and server. In our lab it was using ports above 1024 for source and above 3600 for response. This confirms the use of ports above 1024.
 
If you were to control the ports used for RPC you will need to run rpccfg.exe on the clients as well.
 
Looks like the firewall rule is going to stay in place because it's hardly feasible to run the rpccfg.exe on each and every current and future workstation in our environment of 30,000+ machines.

(in reply to mlindgren)
Post #: 3
Page:   [1]
All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager >> SCCM RPC Ports & Hardware Firewalls Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.453