Hello all does any one knows what ports are we need to open in a firewall..? The ca is on different location and vlan than the users computer and the dc. We are using the ca for autoenrollment in case fails what problem the users will face..? users computer and main sign thanks

Hii gues you don´t have http-enroll so this are the firewall settings you need to have.RPC TCP High ports 1024-65535 for system older then Vista and 2008RPC TCP High ports 49152-65535 for newer system including vista and 2008RPC TCP 135/Johan

CA interface is in fact DCOM, so yes, you will need the RPC 135 and some random in the ranges mentioned.the most simplest and secure method is to use either Security Configuration Wizard (on 2k3) or let it create its own exceptions in 2k8.ondrej.

You still can pin down number of ports to few, if you follow these articles.http://support.microsoft.com/kb/832017http://support.microsoft.com/kb/154596/HTHMartin

thanx Johan :-)

Thanx Ondrej.

Thankx Martin

thankx for thankx dkotix :-)