SCCM RPC Ports & Hardware Firewalls (Full Version)

All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager



Message

jkuta -> SCCM RPC Ports & Hardware Firewalls (4/14/2008 10:22:51 PM)

We have a hardware firewall between our ConfigMgr server and our client network segments.  I had to create a rule that allows all traffic on ports 1025-5000 due to RPC requirements.
 
I used the RPC configuration tool (rpccfg.exe) that Microsoft makes available (KB154596) and configured a range of ports (5100-5200) for the server to use and rebooted.
 
After doing a Wireshark packet capture of a successful client deployment and analyzing it I noticed that RPC is still choosing random ports, in this case ports 1211, 1212 & 1214.  No matter what I try, ConfigMgr still chooses random ports.  [:@]
 
Has anyone experienced this?  If so, is there any way to limit ConfigMgr to a smaller range of ports?



mlindgren -> RE: SCCM RPC Ports & Hardware Firewalls (4/21/2008 3:44:34 AM)

I have tried but have the same problem, got an answer from Wally Mead in a Microsoft Forum and he told me to contact Product support, because it should work.



jkuta -> RE: SCCM RPC Ports & Hardware Firewalls (4/22/2008 10:49:46 AM)

I opened a ticket with Microsoft Product Support Services for this issue and this is the response I received:

I spoke to my Escalation lead and she said that in fact there is an RPC call between server and client.
I decided to repro this in the lab and found that it does send RPC calls to acquire information from WMI and we see several request and response between client and server. In our lab it was using ports above 1024 for source and above 3600 for response. This confirms the use of ports above 1024.
 
If you were to control the ports used for RPC you will need to run rpccfg.exe on the clients as well.
 
Looks like the firewall rule is going to stay in place because it's hardly feasible to run the rpccfg.exe on each and every current and future workstation in our environment of 30,000+ machines.



Page: [1]

Valid CSS!




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI
0.203125