Click here to get back home

Will Terminal Server Licensing fail if Port 139 is closed on Firew

 HomeNewsGroups | Search
Login Password
Register Now! Lost Password?

microsoft.public.windows.server.security - Supporting MS Windows network? Read here before it's too late! 
get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Will Terminal Server Licensing fail if Port 139 is closed on Firew Klay 04-28-2009
Posted by Klay on April 28, 2009, 6:44 pm
Please log in for more thread options
We are expecting to close port 139 on all physical routers/firewalls and have
been told that Terminal Server Licensing may fail. We serve TS licenses from
one server to several other servers over a WAN. To avoid this we are
attempting to implement IPSec between servers. With the servers tunneling
through IPSec we are hoping to tunnel, port 139 requests past the physical
routers. The router would normally filter that out, and allow the 2003
Server to accept request for port 139 (port 139 not blocked on the servers
yet). Is this a workable solution? Also, if port 139 is blocked on the
physical server will that create later problems?

Posted by Anthony [MVP] on May 1, 2009, 8:38 am
Please log in for more thread options
In answer to the subject, here is the MS doc specifying ports for TS
Licensing:

http://support.microsoft.com/kb/832017

Note Terminal Services Licensing offers its services by using RPC over named
pipes. This service has the same firewall requirements as those of the "File
and Printer Sharing" feature.

If you block RPC then not much will work over the WAN. If you use IPSec for
all server communication, then the servers will be able to communicate with
each other, but clients will not communicate with the servers over the WAN.

Instead at the routers/firewalls you could do something like allow servers
to communicate with servers, but not allow clients to communicate with
remote servers except through specified ports e.g for mail, RDP, Citrix,
http etc.

Anthony
http://www.airdesk.com



show/hide quoted text


Similar ThreadsPosted
fail to contact windows 2003 LDAP server to retrive new CRL. August 22, 2006, 6:11 pm
win2k3 ent with sp2 : configure terminal server to use TLS for server authentication is not work!! June 2, 2009, 7:56 am
USER AND TERMINAL SERVER July 3, 2007, 7:12 am
Locking down Terminal Server May 5, 2009, 1:54 pm
terminal server client question September 9, 2005, 5:52 pm
Sharing a Local Printer in Terminal Server December 5, 2006, 2:50 pm
Sharing a Local Printer in Terminal Server December 5, 2006, 2:50 pm
Execute access to files from Terminal server August 3, 2007, 2:17 pm
taskbar access in WIn 2003 Terminal server July 30, 2009, 8:56 pm
audit logon/logoff events on terminal server July 18, 2007, 10:29 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Driving a better car - Fuelzilla.com

Cabling site for homeowners and pros alike - Cabling-Design.com

Friends:

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap
Privacy Policy