none
RPC/DTC port question RRS feed

  • Question

  • As a company, we have stores running a custom developped Point Of Sale software. This POS needs to synchronize data with a centralized server over a web service (the stores being outside our intranet). We want this synchronization to be transactional, meaning that both parties need to be aware of the state of the transaction at the other end. So we decided to go with the DTC-based architecture.

     

    The web service runs on a machine located in a DMZ, behind a firewall. The store connects over VPN to this DMZ. As suggested by a standard DTC architecture, we opened the following ports in our firewall :

    Store to Server : 135 (RPC), and 5000-5020 (DTC dynamic ports).

    Server to store : 5000-5020 (DTC dynamic ports).

     

    According to DTC documentation, this should suffice. Problem is that we noticed in our firewall management console that transactions required ports 1027 and 1053 to be opened from Server to Store. Even more strange, when we use a store simulation machine located in our intranet (hence no VPN client software running), only port 1053 needs to be opened, no need to open port 1027.

     

     I am getting crazy trying to figure out why those ports need to be opened, and not finding any good answer on the internet. Any idea why I have to open those two ports, which are never mentionned in any MSDN DTC-related documentation?

     

    Monday, November 5, 2007 7:30 PM

Answers

  • Did you also restrict the RPC dynamic port allocation range on both servers to 5000-5020 as indicated by KB154596?

     

    --Johannes

    Wednesday, November 7, 2007 2:48 PM

All replies

  • Did you also restrict the RPC dynamic port allocation range on both servers to 5000-5020 as indicated by KB154596?

     

    --Johannes

    Wednesday, November 7, 2007 2:48 PM
  • In fact from reading this KB article I noticed that dynamic RPC ports need to be configured on both machines participating in the transaction. That explains why we noticed traffic on ports 1027 or 1053. Now that I restricted dynamic ports on both machines to the range 5000-5020, traffic is kept in this range.

     

    Thanks a lot for poiting out this article.

    Friday, November 9, 2007 2:04 PM