Dcom and Firewall

[VikDalal]

Here is the issue I'm having:

IIS Web Server-----||-----MTS App Server
Firewall
Only one port is allowed to talk to MTS through the firewall. I've gone through everything Microsoft has to offer and applied every patch and hotfix available. My issue is, is it possible to get DCOM to talk only on one port? Since I've done everything from DCOMCNFG.EXE to REGEDT32 to get the ports configured, but everytime I set it to use only a single port, the IIS services on both machines fail to start. Is there any way to accomplish this? I can get the MTS machine added to MTS Explorer but I can't see the components on the MTS machine, I get an error when trying to view them. Any ideas?

 

[jmarler]

DCOM Must have at least 2 ports open. One is port 135 for SCM/RPC and then at least one other port (you can configure which one using DCOMCNFG.EXE). But there will always be at least 2 ports. Also, if your firewall uses NAT (Network Address Translation), then DCOM won't work since it stores the destination IP address in the DCOM packet and when this packet get rerouted to a different IP address, the IP address that is stored in the packet does not match the machine that it goes to.
A better option for firewalls is to look at sending XML/Soap through port 80. - Jeff Marler B-)