SCCM DP/MP/SUP Setup for non trusted forest :- RRS feed

  • Question

  • Hi

    We are deploying new DP\MP\SUP in untrusted Domain (AWS\Azure) from on-premises SCCM server. I can understand that port 135, 389, 3268 require to open from site server to untrusted domain controller to discover but I am unable to understand why Dynamic ports need to open from site server to untrusted Domain Controller.

    Tuesday, May 14, 2019 2:41 PM

All replies

  • Those are for publishing information to the forest to my knowledge. If you won't be doing that, then it's most likely not needed.

    Jason | | @jasonsandys

    Tuesday, May 14, 2019 4:11 PM
  • Hi,

    RPC uses a range of dynamic ports to transfer data. The initial connection is made to the endpoint mapping port (135), and at the point a port from the dynamic port range is chosen for further communication. If you are using a firewall. You must ensure these dynamic ports are allowed through the firewall to enable RPC communication.   

    The reference:


    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact

    Wednesday, May 15, 2019 3:04 AM