Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Win 2003 Server - AD issue

  • 12-02-2009 7:04pm
    #1
    Registered Users, Registered Users 2 Posts: 81 ✭✭


    as I'm new to boards.ie... hello everybody!

    I have an issue with new installed Win2003 srv. I'm going to use it as Domain Controller + more.. I have everything installed and running (DNS, DHCP, WINS, WSUS). I put there few testing PCs.. they are getting network settings perfect.. etc. but when i try to login user from PC to my domain it is veeeeryyy sloooww (but it's working then)... I solved it for now by disabling firewall (all ports open to my LAN!). Could you give me an idea which ports should I open to make it working without any delays... (I've been trying with all ports for services mentioned above.. and I still had long delay).

    Any help appreciated!

    aFri


Comments

  • Moderators, Music Moderators Posts: 23,363 Mod ✭✭✭✭feylya


    Port 389 is the LDAP port, 8530 is wsus, DNS is 53 and DHCP is 67. Open ports 80 and 443 for web access too.

    Not to be rude but that's solved by a very simple Google search.


  • Registered Users, Registered Users 2 Posts: 81 ✭✭africates


    Hi feylya... as I said before.. I've been trying with these... + ports for files sharing.. with no results.. still very slooooooow but working


  • Moderators, Music Moderators Posts: 23,363 Mod ✭✭✭✭feylya


    You've specifically opened 389?

    Have a read of this http://technet.microsoft.com/en-us/library/cc875816.aspx


  • Registered Users, Registered Users 2 Posts: 81 ✭✭africates


    This doc is about configure Firewall for Win XP through GPO... but I'm not using firewalls on testing PCs at all... My problem is on the server.... and yes I opened 389 before, together with other ports


  • Closed Accounts Posts: 28 +Jim+


    Hi Africates,

    If i read your post correctly, it seems you are having difficulties with slow logons from client pc's on the Local domain, is that right? In other words, you are not trying to access the domain remotely or from another site, but from inside the same lan?
    Slow client logons to a Server2003 domain controller are nearly always caused by an incorrectly configured dns server.
    you need to configure your Dns server (running on server2003 machine) with a local ip address, then ensure that the Dhcp server is supplying all client pcs with that same Ip address (if using a single nic in your server, then the client dns server would simply be the ip address of your domain controller)
    Also, make sure that no client pc's are using an external ip as a dns server (eg. eircom or other isp) All clients should feature a dns server with a local address (eg. 192.168.x.x or similar)
    The only place you should ever see dns pointing to an external ip would be in the forwarders tab of your Dns server setup.

    Hope this helps, let me know if you need more info, good luck!

    Jim


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 81 ✭✭africates


    Thanks Jim,
    Yes this is inside my LAN and DNS server is configured fine on win 2003 machine (with one NIC). Clients get all network settings perfect from DHCP so they do not use external dns servers. My problem dissapears when I open all ports on Windows 2003 Server (disable firewall).. so i'd recogn that this is related to ports which I have to open when I'm using firewall ??

    aFri


  • Registered Users, Registered Users 2 Posts: 1,009 ✭✭✭vangoz


    africates wrote: »
    Thanks Jim,
    Yes this is inside my LAN and DNS server is configured fine on win 2003 machine (with one NIC). Clients get all network settings perfect from DHCP so they do not use external dns servers. My problem dissapears when I open all ports on Windows 2003 Server (disable firewall).. so i'd recogn that this is related to ports which I have to open when I'm using firewall ??

    aFri

    Is the the DC acting as a firewall to an external network? EG the internet?


  • Registered Users, Registered Users 2 Posts: 81 ✭✭africates


    No, DC is not a firewall for external.. we are using Sonicwall equipment to do that... DC is going to the Internet only to download updates for WSUS... and deal with DNS queries.


  • Registered Users, Registered Users 2 Posts: 11,389 ✭✭✭✭Saruman


    Are you sure its not a DNS problem? Is it taking forever on the loading settings screen?

    Make sure your DNS is correctly configured on the server and most important, the ONLY dns setting the workstations should be using is the IP of the server. Make sure there are no ISP dns settings in there at all. They go in the forwarder settings on the server.


  • Registered Users, Registered Users 2 Posts: 81 ✭✭africates


    Hi Saruman.. DNS seems to be correctly configured and PCs get only DC IP as DNS address. Why this issue (delay) gone after turning off Win 2003 server firewall then?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 11,389 ✭✭✭✭Saruman


    Oh its the server firewall you are playing around with? You must have set up the firewall yourself then as i have never seen a windows server 2003 with the firewall enabled out of the box nor have i ever considered configuring it on any of the 100s of servers i look after of install. I always use a hardware solution like sonicwall.

    Anyway check out this technet article for help if you feel you need the windows firewall enabled on the server. http://support.microsoft.com/kb/555381


  • Registered Users, Registered Users 2 Posts: 81 ✭✭africates


    Thanks Saruman. I'd never try to do that if I didn't have to. Payment Card Industry (PCI) Data Security Standard states that we have to have turned off all unused ports on all critical servers even locally.. :(


  • Registered Users, Registered Users 2 Posts: 11,389 ✭✭✭✭Saruman


    That explains it.. anyway let us know if that technote is of use. I would be interested to know the outcome.


  • Registered Users, Registered Users 2 Posts: 81 ✭✭africates


    I should be able to let you know at monday evening.. keep your fingers crosed :)


  • Registered Users, Registered Users 2 Posts: 81 ✭✭africates


    Thanks again.. it seems to be working! I have few small issues but I'll manage hopefully... I am unable to connect to the server using Remote Desktop Connection now (but I enabled the rule 'Allow remote administration exception' as it is in tech note - ports 135 & 445 -<edit> this is done... by turning on Remote Desktop Connection Exception <edit>). The second issue is that one of the PCs can not get network settings from DHCP... <edit> this is done... i realized that all PCs were affected but only this one has that short DHCP lease so I noticed it first... I've just added exception to Domain's Firewall GPO for UDP 67 & 68 (it is important to leave scope as '*') <edit> but rest of them are perfect.
    Cheers!
    aFri


    EOT


Advertisement