Static RPC port(s) – Soms kan het noodzakelijk zijn om het netwerk verkeer te reguleren zodat de firewall beheerder niet gek wordt van alle meldingen. Zo was dit ook bij mij het geval. nou kan het natuurlijk geen kwaad om bij windows de verschillende poorten vast te zetten om het verkeer wat over de firewall gaat inzichtelijk te krijgen. Hieronder de werkwijze om de RPC poorten van windows server 2000 en 2003 vast te zetten.
Static RPC port(s)
The values (and Internet key) discussed below do not appear in the registry; they must be added manually using the Registry Editor. Also, note that you must use Regedt32.exe instead of Regedit.exe to add the
REG_MULTI_SZ value.
With Registry Editor, you can modify the following parameters for RPC. The RPC Port key values discussed
below are all located in the following key in the registry:
HKEY_LOCAL_MACHINESoftwareMicrosoftRpcInternet
Key Data Type
Ports REG_MULTI_SZ
Specifies a set of IP port ranges consisting of either all the ports available from the Internet or all the ports not available from the Internet. Each string represents a single port or an inclusive set of ports (for example, "5000-5050" "5984"). If any entries are outside the range of 0 to 65535, or if any string cannot be interpreted, the RPC run-time treats the entire configuration as invalid.
PortsInternetAvailable REG_SZ Y or N (not case-sensitive)
If Y, the ports listed in the Ports key are all the Internet-available ports on that computer. If N, the ports listed in the Ports key are all those ports that are not Internet-available.
UseInternetPorts REG_SZ ) Y or N (not case-sensitive
Specifies the system default policy.
If Y, the processes using the default will be assigned ports from the set of Internet-available ports, as defined previously.
If N, the processes using the default will be assigned ports from the set of intranet-only ports.
Example:
Add the Internet key under:
HKEY_LOCAL_MACHINESoftwareMicrosoftRpc
Under the Internet key, add the values "Ports" (MULTI_SZ), "PortsInternetAvailable" (REG_SZ), and "UseInternetPorts" (REG_SZ).
In this example, use ports 5000 through 5020 inclusive, so the new registry key appears as follows:
Ports: REG_MULTI_SZ: 5000-5020
PortsInternetAvailable: REG_SZ: Y
UseInternetPorts: REG_SZ: Y
Restart the server. All applications that use RPC dynamic port allocation uses ports 5000 through 5020, inclusive. In most environments, a minimum of 20 ports should be opened, because several system services rely on these RPC ports to communicate with each other.
You should open up a range of ports above port 5000. Port numbers below 5000 may already be in use by other applications and could cause conflicts with your DCOM application(s). Furthermore, previous experience shows that a minimum of 20 ports should be opened, because several system services rely on these RPC ports to communicate with each other.