DCOM port requirements for Windows Discovery

Go to solution
Suggy
Giga Sage

‎09-02-2021 02:02 AM

I need more details on DCOM ports opening for Windows Discovery.

Which all ports needs to be opened. How DCOM is related to Windows discovery. What all needs to be done.

Need to share the exact details to my windows team for fulfilling successful discovery of Windows hosts.

I see its a huge list:

The default ranges of DCOM ports are:

  • from 1025   to 5000:   Windows 2000, Windows XP and Windows Server 2003
  • from 49152 to 65535: Windows Server 2008 and later versions, and in Windows Vista and later versions

 

Should I tell my windows team to open all the above ports? Will my windows team be okay to enable so many ports? 

Please share your experience on this topic.

Thanks

0 Helpfuls
  • 4,329 Views
1 ACCEPTED SOLUTION

Go to solution
VivekSattanatha
Mega Sage
Mega Sage
In response to Suggy

‎09-02-2021 05:38 AM

hi Suggy,

 

These are high ports there is no need that we need to open all these 16k+ ports. we need a minimum of at least 300 ports within that range so that wmi can use any of them. You can talk to your windows teams it's not like the windows team has to open these ports one by one, when they create a firewall inbound rule they can specify these ranges which they need. If your company using agentless monitoring solutions like SolarWinds, Icinga, or Nagios they would be having these ports already so it won't be a problem for them.

 

Regards,

Vivek

View solution in original post

0 Helpfuls
8 REPLIES 8

Go to solution
Neeraj Sharma13
Mega Expert

‎09-02-2021 02:38 AM

Hi Suggy, Please refer to the below link.

https://community.servicenow.com/community?id=community_article&sys_id=4e1c2a21dbd0dbc01dcaf3231f9619fa

Go to solution
Rahul Priyadars
Giga Sage
Giga Sage

‎09-02-2021 02:52 AM

Refer this URL

Configure MID Server network connectivity | ServiceNow Docs

  • WMI: For Windows machines, Discovery uses the Windows Management Instrumentation (WMI) interface to query devices. Due to security restrictions for WMI, the MID Server application executing the WMI queries must run as a domain user with local (target) administrator privileges. When Discovery detects activity on port 135, it launches a WMI query. The response from the Windows device is sent over a Distributed Component Object Model (DCOM) port configured for WMI on Windows machines. This can be any port. Ensure that the MID Server application host machine has access to the targets on all ports due to the unique nature of the WMI requirements.

Regards

RP

Go to solution
Suggy
Giga Sage

‎09-02-2021 04:50 AM

@Rahul Priyadarshy  @Neeraj Sharma 

 

Thats a huge list.

  • from 1025   to 5000:  Windows 2000, Windows XP and Windows Server 2003
  • from 49152 to 65535: Windows Server 2008 and later versions, and in Windows Vista and later versions

Will the windows team agree to open all those.

What is your experience on this please. Should I tell my windows team that they need to open all those ports explicitly?

0 Helpfuls

Go to solution
Rahul Priyadars
Giga Sage
Giga Sage
In response to Suggy

‎09-02-2021 05:01 AM

It has to be opened inside of your environment .

From Mid server to your Infra not for Outside world.

for WMI to work properly it is needed as after 135 port they return data on these Range ports.

Regards

RP