Endpoint Protection

 View Only

  • 1.  SEP on Domain Controller

    Posted Jan 24, 2012 09:30 AM

    I have a DC that is having WINS/Replication issues generating a considerable amount of 4102 errors. After doing some searching I cam across this

    http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/a33a6864-b21a-4f95-beae-1b8b678b0680/

     

    1. After a recent Symantec Endpoint Protection upgrade, Port 42 (TCP/UDP) became closed.
    2. Does Symantec Enpoint protection close Port 42? If so why and what else do I need to look for with a SEP installation on a DC?

    All exclusions were added.

    Thank you



  • 2.  RE: SEP on Domain Controller

    Posted Jan 24, 2012 05:48 PM

    Here is the guide from Symantec on best practice for installation on a Domain Controller:

    http://www.symantec.com/business/support/index?page=content&id=TECH92440

    There are some other links in the article for more information.

    This article applies to both SEP 11.x and 12.1.

    Generally as a rule of thumb, you should, as indicated consider the roles of the server.  I.E. in your case port 42 being closed.  Likely because the firewall component has been installed and you will need to tweak your rules.

     

    Hope that helps.

    Cheers and let us know if you need more help.



  • 3.  RE: SEP on Domain Controller

    Posted Jan 25, 2012 09:01 AM

    The firewall component would not have been installed because this was a basic install of ONLY Anti-Virus and Anti-Spyware. The Domain controller exceptions are also already established.



  • 4.  RE: SEP on Domain Controller

    Posted Jan 25, 2012 09:23 AM

    I should have asked in the original post, but what version of Windows Server are you running?

    And Windows Firewall is turned off as well?  (Need to ask)

    Thanks.



  • 5.  RE: SEP on Domain Controller
    Best Answer

    Posted Jan 25, 2012 01:49 PM

    I am sure, only AV and AVs will not block the port. Just to rule out the possibility, remove SEP and see.

    Port 42, TCP and UDP  are used to initiate a connection with a remote WINS server. If you block these ports at the firewall, you help prevent computers that are behind that firewall from trying to use this vulnerability. TCP port 42 and UDP port 42 are the default WINS replication ports. We recommend blocking all incoming unsolicited communication from the Internet. http://support.microsoft.com/kb/890710

     

    Check this

    http://support.microsoft.com/kb/832017

    Port requirement for DCCollapse this tableExpand this table

     

    Application protocol

    Protocol

    Ports

    Global Catalog Server

    TCP

    3269

    Global Catalog Server

    TCP

    3268

    LDAP Server

    TCP

    389

    LDAP Server

    UDP

    389

    LDAP SSL

    TCP

    636

    LDAP SSL

    UDP

    636

     

     

     

     

     

     

    RPC

    TCP

    135

    RPC randomly allocated high TCP ports¹

    TCP

    1024 - 65535
    49152 - 65535²

    DNS

    UDP

    53

    DNS

    TCP

    53