Our firewall divides our network into 2 zones. Occasionally, the firewall reports that it has blocked a connection between zones. The target is port is 1559 on of the domain controllers. I am having difficulty determining what this attempted connection is all about. Here is some information that may be related or helpful: A number of web sites report that port 1559 is "web2host" but I cannot find any useful information about this. The connection appears to be attempted at about the same time a user connects to the source machine via remote desktop. On the machine where the connection originates, the source port has been in the 3000 range. When I run netstat -a -b on the source machine, I see that "TermService" is using that port. This might support the possibility that remote desktop is related. On the target machine, netstat seems to indicate that lsass.exe has connected to certsrv.exe on the same machine on port 1559. Also at around the same time, this event is generated on the source machine (I don't know it it's related): Event Type: Error Event Source: AutoEnrollment Event Category: None Event ID: 16 Date: 2011/06/27 Time: 10:49:19 AM User: DOMAIN\harold Computer: SERVER123 Description: Automatic certificate enrollment for DOMAIN\harold failed to renew one Basic EFS certificate (0x800706ba). The RPC server is unavailable. Any help is appreciated.

Hello, make sure the firewall is configured according to: http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx For event id 16 see: http://technet.microsoft.com/en-us/library/cc755801(WS.10).aspxBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

It is difficult to say what is going on just by the information we have so far. See if you can produce the same traffic to 1559 when you manually try to renew the EFS certificate that client has. If you see the same traffic and same failures when they try renewing the EFS cert, then please collect Network trace from both the CA (Assuming that is the target server communication fails with) and the client at the same time. We should start the trace on both the client and the CA and then try to renew the cert and after it fails, collet the trace from both machines. Gather IP and machine name of both machines. The two links suggested in the thread below are also helpful: Firewall configuration for Domains and Trusts: http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx For event id 16: http://technet.microsoft.com/en-us/library/cc755801(WS.10).aspx Let me know at blrforum at microsoft .com once ready with the data to analyze.Ketan Thakkar | Microsoft Online Community Support

Please excuse my ignorance. How do I manually renew the EFS certificate? For doing the network trace, I am familiar with Microsoft Network Monitor. Is that acceptable to use? The articles linked to seem to describe what ports the firewall should allow. Port 1559 is not listed. Also, if the firewall is not configured correctly, that cause a process to try connecting on 1559, should it? Thank you for being willing to look at the network trace. I will send them if I get something useful. Cameron

. Here is a link that shows how to renew cert manually. Renew a Certificate: http://technet.microsoft.com/en-us/library/cc730605(WS.10).aspx . Netmon will do. let me know if you have more queries/doubts. Ketan Thakkar | Microsoft Online Community Support