Unknown and running on 2K 1

[BernieT]

I have 3 servers on the DMZ (Fixed IP), and a PDC (AD,DNS) on the LAN. All 3 servers on the DMZ display "userenv 1000 The domain Controller for your network can´t be found. Value(59)" in the event log.
After trawling the various forums etc I found they refer to error 59 being a hardware issue (Nic, Cables, FireWall etc).
I (Eventually) found a doc from Microsoft that describes my scenario and which ports are required to be open on the firewall to enable authentication traffic.
Kerberos 88 (Tcp & Udp)
DNS 53 (Tcp & Udp)
LDAP 389 (Tcp & Udp)
Microsoft-DS 445 (Tcp & Udp)
Can anyone Pleeeeeeeeeaaaase tell me 'What is Microsoft-DS and what does it do?'
I am very nervous about opening ports in the firewall for things that I haven't got a clue what they do

Thanks in advance

 

[hoinvip]

Port 445 is how Windows 2000 does its file sharing now instead of NetBIOS. There are a number of potential DoS security vulnerabilities related to opening this port on your firewall. See:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q320751

for more info on a fix to one of the problems.

Hope this helps.

HoinviP

http://www.global-net.co.uk

 

[BernieT]

Many thanks hoinvip
Clear, concise, and to the point.
Just what a newbie (Like me) needs

 

[SgtB]

Do these 3 servers on your DMZ need to authenticate on your domain? What are their functions? Chances are you don't need them to be part of your domain.
Your current config kind of defeats the purpose of a DMZ.
Anyway, more info on the 3 servers would help clear things up a bit.


I'll see your DMCA and raise you a First Amendment.

http://www.anti-dmca.org