3

I read in the technet, that the WMI Services uses random ports over 1024 because of RPC..

Now is the question does it use 1025-5000 because of the microsoft port reservation or could it use more than the 5000 port? I am firewall admin and want to know exactly!

Here are some Links i found:

http://msdn.microsoft.com/en-us/library/bb219447%28VS.85%29.aspx

http://technet.microsoft.com/en-us/library/bb632618.aspx

http://social.technet.microsoft.com/Forums/en-US/configmgrgeneral/thread/3107d180-ae84-4895-babd-c2891a878e4d

Hope someone can help.. Thank you!

gWaldo
  • 11,957
  • 8
  • 42
  • 69
Fake4d
  • 603
  • 7
  • 10
  • 16
  • So there is a port for RPC "signaling" I don't remember the right term for it and then a range of ports used for communication. You can however force these with a simple regedit. I had to do this on my domain controllers so that a device on the other side of a firewall could reach them on a specific set of ports. Tom – SpacemanSpiff Oct 15 '10 at 15:06

1 Answers1

4

The RPC end point mapper listens on TCP 135. The subsequent conversation continues on a random, negotiated port. Microsoft KB 154596 (http://support.microsoft.com/kb/154596) describes how to limit the "random" port range.

However, a number of firewalls are now able to follow an MS-RPC conversation, i.e.: you specify that the conversation is MS-RPC, and the firewall intercepts the port negotiation, then continue to monitor that conversation.

Not sure if this helps. I've used the latter with RPC through a Juniper firewall.

Simon Catlin
  • 5,232
  • 3
  • 17
  • 20