
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-03-2022 09:01 AM
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-07-2022 03:18 PM
Kyle,
Depending on the version of Windows you are connecting to the range differs. Earlier versions of Windows used a default port range of 1025 through 5000, newer versions 49152 to 65535.
see: https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/default-dynamic-port-range-tcpip-chang
Depending on your organisation's policies you can try either of the solutions suggested previously (restrict port range on the target, or just skip it entirely and use WinRm). Though I have experienced that some firewalls do support WMI dynamic port allocation as an option (it was either Juniper or Cisco or both). Even Microsoft mentions it here: https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-rpc-dynamic-port-allocation-with-firewalls
"Some firewalls also allow for UUID filtering where it learns from an RPC Endpoint Mapper request for an RPC interface UUID. The response has the server port number, and a subsequent RPC Bind on this port is then allowed to pass."
So talk to your firewall team, it might be a very simple answer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-03-2022 11:52 PM
Hi, indeed, network team may be against opening ~4k ports on the firewall to allow communication over the whole range; consider to restrict RPC dynamic port range to a smaller, more manageable range.
Placing MID server to the same network segment (behind the firewall) with target server should eliminate the challenge.
Hope it helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-05-2022 03:32 PM
You might consider using WinRM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-07-2022 03:18 PM
Kyle,
Depending on the version of Windows you are connecting to the range differs. Earlier versions of Windows used a default port range of 1025 through 5000, newer versions 49152 to 65535.
see: https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/default-dynamic-port-range-tcpip-chang
Depending on your organisation's policies you can try either of the solutions suggested previously (restrict port range on the target, or just skip it entirely and use WinRm). Though I have experienced that some firewalls do support WMI dynamic port allocation as an option (it was either Juniper or Cisco or both). Even Microsoft mentions it here: https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-rpc-dynamic-port-allocation-with-firewalls
"Some firewalls also allow for UUID filtering where it learns from an RPC Endpoint Mapper request for an RPC interface UUID. The response has the server port number, and a subsequent RPC Bind on this port is then allowed to pass."
So talk to your firewall team, it might be a very simple answer.