Ports required from Client to Windows CA
Hi
I am having windows root CA installed on one of member server.This server and Clients netwrok are on different subnet:
for getting client certificates, i have opened 135 port from client netwrok to CA but getting error in certificate installation "RPC server is unavailable"
After doing some research, i found that certificates works on Dcom traffic.Does it mean to open dynamic ports between client netwrok to CA network ?
Moreover, if i need to open few dynamic ports like 25000-25100 in between, can i bind these ports to CA server by editing registry key ?
If yes, do i need to find other servers also like DC or the number of client for getting certificate from CA server.
Any suggestions please.......
Regards,
Ankur
January 19th, 2011 12:22pm
Remove the firewall from between the clients and the CA <G>.
If you really need to get through a firewall, you need to restrict the CA response to a single port.
With the Windows CA, you either restrict to a single port (returned by the query to TCP 135), or you have to open 1024-65534.
Here is a wiki post by Kurt Hudson that describes what you need to do:
http://social.technet.microsoft.com/wiki/contents/articles/how-to-set-a-static-dcom-port-for-ad-cs.aspx?wa=wsignin1.0
Brian
Free Windows Admin Tool Kit Click here and download it now
January 19th, 2011 5:35pm