none
Ports needed for AD profile imports RRS feed

  • Question

  • Our MOSS environment needs to import profiles and provide access to AD users in a child domain in a separate forest through a firewall. We currently have ports 135, 139, and 389 opened from the MOSS servers to the DC of the child domain, but I'm still getting these errors every time I try to sync profiles from the other forest:

    Exception from HRESULT: 0x8004400C (Error (0x8004400c) occurred, which may have resulted from the unavailability of directory service server (childdomain.rootforest.com). If the auto discovery option is turned on, import will re-try it with the newly discovered directory server. Otherwise, verify your import settings and make sure the server is still available. )

    There are no more endpoints available from the endpoint mapper. (Exception from HRESULT: 0x800706D9)


    From what I understand, the RPC call over 135 will assign a port between 1024 and 65535 for communication. Does this mean we have to open up ALL those ports?

    If we were to use SSL LDAP over 636, would that also need additional port openings? If not, is there any special configuring for this that needs to be done on the AD/DC side?

    Wednesday, March 11, 2009 1:59 PM

Answers

  • Thanks for the response Dan. It turned our another team member had already hard coded some rpc ports on the DC so we opened those up which allowed the import to successfully take place.

    • Proposed as answer by Mike Oryszak Friday, March 13, 2009 2:37 AM
    • Marked as answer by Mike Walsh FIN Saturday, March 14, 2009 10:27 AM
    Thursday, March 12, 2009 5:47 PM

All replies

  • Wednesday, March 11, 2009 4:20 PM
  • Thanks for the response Dan. It turned our another team member had already hard coded some rpc ports on the DC so we opened those up which allowed the import to successfully take place.

    • Proposed as answer by Mike Oryszak Friday, March 13, 2009 2:37 AM
    • Marked as answer by Mike Walsh FIN Saturday, March 14, 2009 10:27 AM
    Thursday, March 12, 2009 5:47 PM
  • Hi AC_Skip,
    What port was hardcoded in your case? I'm seeing similar error message though I'm importing from an LDAP source. Checking the following ports from the blog post and all are open except 88. Not really sure whether I need 88 as am not using Kerberos authentication. Also most of the users are imported fine only few thousands not. 

    Any suggestion? 

    http://blogs.msdn.com/b/maximeb/archive/2007/11/21/required-firewall-ports-for-importing-active-directory-profiles-with-moss.aspx

    Appreciate any feedback!

    BlueSky2010
    Please help and appreciate others by using forum features: "Propose As Answer", "Vote As Helpful" and "Mark As Answer"

    Friday, May 10, 2013 10:58 PM