PCNS issue? RRS feed

  • Question

  • I've been trying to get PCNS up and running at a customer site. It was working fine to the old ILM server, but I cannot get it to connect to the new FIM server. The PCNS target for the FIM server seems to be fine the SPNs look ok. There is a firewall in between the servers.

    I get a couple different error messages about the RPC server:

    0x000006BA - The RPC server is unavailable.

    Status is 10060 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

    Everything seems to point to the RPC server. The FIM server does have three IP addresses configured. I can telnet to port 135 on all of the addresses.

    Any ideas on what else to look for?

    Thanks for your help.


    Mark Creekmore - BlueVault Software

    • Edited by mcreek Friday, August 2, 2013 2:49 PM
    Monday, July 29, 2013 10:36 PM


  • After struggling with the specific firewall ports, we decided to open up all ports from the AD DC to the FIM sync server. After doing this, all password changes were successfully delivered. So it was obviously a port issue. We had opened the following ports based on the forums and TechNet articles.

    Kerberos TCP/UDP 88
    DNS TCP/UDP 53
    Kerberos Change Password TCP/UDP 464
    RPC Endpoint mapper TCP 135
    Dynamic RPC ports (PCNS) TCP 5000-5100

    These ports alone did not work. We used a network monitor to verify that requests were being made to other ports. While searching for information on the additional ports we uncovered this KB article:

    We opened the additional port range of TCP 49152-65535 and everything started working perfectly.


    Mark Creekmore - BlueVault Software

    • Marked as answer by mcreek Friday, August 2, 2013 2:57 PM
    Friday, August 2, 2013 2:57 PM