RE: [Asrg] BCP suggestion: port-blocking by ISPs

["Matt Bruce" <mbruce at insl.co.uk>]

Brian Bruns wrote:

> Next to H.323, Exchange is probably one of the most NAT 
> unfriendly systems out there. It likes to use dynamic ports 
> for everything, meaning not even port forwarding or leaving 
> open ranges is going to work, unless you give it all 65535 
> ports.

That's not entirely accurate. Exchange Server has had the ability to fix
the IS, DS and SA ports for a number of years (since 4.0, I think) by
doing a surprisingly well documented reg hack. Once done the services
still use dynamic ports for a LAN segment, but will also always appear
on the 3 ports you specify. See Microsoft KB Article 148732.

It's not pretty, but it does what's needed. 

Beats me why it's still a reg hack, though. Maybe it's their way of
keeping "point-and-click admins" away from places where they can do
damage? ;)

Matt



This email transmission is confidential and intended solely for the person or organisation to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of INSL. If you have received this message in error, do not open any attachments but please notify the INSL Service Desk on +44 (0)870 241 1703, and delete this message from your system. This email has been scanned for inappropriate content by SpheriQ, the intelligent message security solution from INSL  


_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg