How RPC
Works
Hello Guys, Today will share some idea about how RPC works.
An RPC
service configures itself in the registry with a universally unique identifier
(UUID). UUIDs are well-known identifiers, unique for each service and common
across all platforms. When an RPC service starts, it obtains a free high port
and registers that port with the UUID. Some services use random high ports
and others try to use the same high ports all the time (if they are
available).
When a
client wants to communicate with a particular RPC service, it cannot determine
in advance which port the service is running on. It establishes a connection to
the server's portmapper service (on 135) and requests the service it wants by
using the service's UUID. The portmapper returns the corresponding port number
to the client and closes the connection. Finally, the client makes a new
connection to the server by using the port number it received from the
portmapper.Because it is impossible to know in advance which port an RPC
service will use, the firewall must permit all high ports through.
When a
program tries to connect to a RPC, it requests a free port from the system. The
system randomly generates the port no and give it to program requesting the
port no. The default dynamic range is 1024-65535. System can give out the ports
available from this range randomly.
- KEY Name:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters
- Entry Name: TCPWindowSize
- Type: DWORD
- Value: 65535
Microsoft
has increased the dynamic client port range for outgoing connections in Windows
Vista and in Windows Server 2008. The new default start port is 49152, and the
default end port is 65535. This is a change from the configuration of earlier
versions of Windows that used a default port range of 1025 through 5000
Below
are some Kb for more details about RPC Configuration in different scenarios.
How to
configure RPC dynamic port allocation to work with firewalls
If you want to specify static ports for known services on DC like
Netlogon, NTDS, FRS etc. then follow the articles below.
Restricting
Active Directory replication traffic to a specific port
How to restrict
FRS replication traffic to a specific static port
No comments:
Post a Comment