Firewall port needed

Hey everyone,

We are running a Windows 2003 domain and using a PIX Firewall. I have a
server out in the DMZ (bad idea, I know). On that server I am install
BlackBerry ES 4.1. BlackBerry needs an AD service acct. set as local
administrator. When I try to add it I get the following error:

"There are no more endpoints available from the endpoint mapper"

Anyone know what I need to do to add this AD account to local administrator?
I'm sure I need to open a port on the firewall but I don't know which one.

Can anyone help me with this?

TIA,

Clayton

RPC

You need to open up 135 and all high ports by default. This is a really bad
idea. So you can open up 135 and lock down a predefined port(s) for RPC
traffic.

http://support.microsoft.com/kb/154596/en-us


Yes you answered your own question -- BAD IDEA --

--
Paul Bergson MCT, MCSE, MCSA, Security+, CNE, CNA, CCA
http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup

This posting is provided "AS IS" with no warranties, and confers no rights.

"Clayton" <(E-Mail Removed)> wrote in message
news:N_gog.360376$(E-Mail Removed) m...
> Hey everyone,
>
> We are running a Windows 2003 domain and using a PIX Firewall. I have a
> server out in the DMZ (bad idea, I know). On that server I am install
> BlackBerry ES 4.1. BlackBerry needs an AD service acct. set as local
> administrator. When I try to add it I get the following error:
>
> "There are no more endpoints available from the endpoint mapper"
>
> Anyone know what I need to do to add this AD account to local
> administrator? I'm sure I need to open a port on the firewall but I don't
> know which one.
>
> Can anyone help me with this?
>
> TIA,
>
> Clayton
>

"Clayton" <(E-Mail Removed)> wrote in message
news:N_gog.360376$(E-Mail Removed) m...
> We are running a Windows 2003 domain and using a PIX Firewall. I have a
> server out in the DMZ (bad idea, I know). On that server I am install

Doesn't sound like you even have a DMZ. That would require a third interface
on the PIX (Tri-Homed DMZ) or you would need two firewalls (Back-to-Back
DMZ). If you have that, it helps to know what you exactly have.

> BlackBerry ES 4.1. BlackBerry needs an AD service acct. set as local
> administrator. When I try to add it I get the following error:
> Anyone know what I need to do to add this AD account to local
administrator?
> I'm sure I need to open a port on the firewall but I don't know which one.

No,..you need to move the Server into the LAN and "publish" the server with
the Firewall. The term for it is Static NAT or reverse NAT,...but different
firewall manufactures call it by different names. Now the server can
authenticate properly while having inbound communication limited to the type
of communication you need.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com