Windows – Which ports does WMI Service in Active Directory use exactly

active-directoryfirewallportwindowswmi

I read in the technet, that the WMI Services uses random ports over 1024 because of RPC..

Now is the question does it use 1025-5000 because of the microsoft port reservation or could it use more than the 5000 port?
I am firewall admin and want to know exactly!

Here are some Links i found:

http://msdn.microsoft.com/en-us/library/bb219447%28VS.85%29.aspx

http://technet.microsoft.com/en-us/library/bb632618.aspx

http://social.technet.microsoft.com/Forums/en-US/configmgrgeneral/thread/3107d180-ae84-4895-babd-c2891a878e4d

Hope someone can help.. Thank you!

Best Answer

The RPC end point mapper listens on TCP 135. The subsequent conversation continues on a random, negotiated port. Microsoft KB 154596 (http://support.microsoft.com/kb/154596) describes how to limit the "random" port range.

However, a number of firewalls are now able to follow an MS-RPC conversation, i.e.: you specify that the conversation is MS-RPC, and the firewall intercepts the port negotiation, then continue to monitor that conversation.

Not sure if this helps. I've used the latter with RPC through a Juniper firewall.

Related Solutions

Windows Active Directory – Command Line to List Users in a Group

try

dsget group "CN=GroupName,DC=domain,DC=name,DC=com" -members

Firewall – WMI through 2 firewalls to Windows 2008

You should try your hand at Network Monitor and install it on the computer you are running the WMI from. You should see it attempt to connect to the remote server so you can first validate it is trying to connect on 24158. You should see connections out and data coming back on those two ports if you have both sides configured correctly.

Best Answer

Related Solutions

Windows Active Directory – Command Line to List Users in a Group

Firewall – WMI through 2 firewalls to Windows 2008

Related Topic