I am looking to create a one-way trust between forests. These forests reside on different sides of a firewall and I want to know which firewall ports need to be opened to allow this to happen. The trusting forest is Windows 2008. The trusted forest is Windows 2003. I read through http://support.microsoft.com/kb/179442 and it doesn't seem to make sense. It references client and server ports. Does this refer to one side of the trust being a client and the other a server? Also, it shows that 1024-65535 need to be open for LSA RPC service traffic. Is that accurate? That sounds like a pretty large security hole. Is there a simple matrix that shows source/destination/port to allow this traffic? Thanks.

Yes. That is the correct recommendation from MS: http://support.microsoft.com/kb/179442/en-us If you can’t allow all RPC high port, you can try the following options: http://support.microsoft.com/kb/154596Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.

Hello, here you will find all needed ports from AD that needs to be open: http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspxBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Any update? Please let us know if you need more information. Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.