RPC is unavailable!!!

Hi!
I have a domain with 20 pc's. I have installed a third party antivirus AVG
antivirus with Firewall.
I have configured the profile of the firewall to domain profile and enabled
the "file printing and sharing".

When the AVG firewall is turned ON - I see that the users take a long time
( around 4 minutes) to log onto domain.
And if I wanted to add any new computer to the domain I get the error
message " RPC server unavailable".
The moment I "deactivate the firewall" - all seems to work fine and the new
computer can easily be joined to domain.

Can anybody guide me thru the steps on how to configure this at the firewall
front??

Thank you
Hari

Hari wrote:
> Hi!
> I have a domain with 20 pc's. I have installed a third party antivirus AVG
> antivirus with Firewall.
> I have configured the profile of the firewall to domain profile and enabled
> the "file printing and sharing".
>
> When the AVG firewall is turned ON - I see that the users take a long time
> ( around 4 minutes) to log onto domain.
> And if I wanted to add any new computer to the domain I get the error
> message " RPC server unavailable".
> The moment I "deactivate the firewall" - all seems to work fine and the new
> computer can easily be joined to domain.
>
> Can anybody guide me thru the steps on how to configure this at the firewall
> front??
>
> Thank you
> Hari
>
>
This is almost certainly a dns or ldap failure. Maybe you need to
specifically configure the firewall to allow all traffic on port 53 and
443. Or to allow NetBIOS ports on the LAN. Most firewalls can be
configured to trust all traffic on the local subnet.

....kurt

Did you install the AVG firewall on the domain controller?
If yes, just uninstall it.

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader...lt2.asp?ref=au


"Hari" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hi!
> I have a domain with 20 pc's. I have installed a third party antivirus AVG
> antivirus with Firewall.
> I have configured the profile of the firewall to domain profile and
> enabled the "file printing and sharing".
>
> When the AVG firewall is turned ON - I see that the users take a long time
> ( around 4 minutes) to log onto domain.
> And if I wanted to add any new computer to the domain I get the error
> message " RPC server unavailable".
> The moment I "deactivate the firewall" - all seems to work fine and the
> new computer can easily be joined to domain.
>
> Can anybody guide me thru the steps on how to configure this at the
> firewall front??
>
> Thank you
> Hari
>

Hi! Thank you for the reply. Yes I installed the AV Firewall on the domain
controller. but why to uninstall it??
I have only one server and it is a DC. My router does not have any firewall
feature.
I cannot provide security otherwise, please advice.
Thank you
Hari

"Andrei Ungureanu [MVP]" <contact me via www.itboard.ro> wrote in message
news:(E-Mail Removed)...
> Did you install the AVG firewall on the domain controller?
> If yes, just uninstall it.
>
> --
> Regards,
> Andrei Ungureanu
> www.eventid.net
> Test our new EventReader!
> http://www.altairtech.ca/eventreader...lt2.asp?ref=au
>
>
> "Hari" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Hi!
>> I have a domain with 20 pc's. I have installed a third party antivirus
>> AVG antivirus with Firewall.
>> I have configured the profile of the firewall to domain profile and
>> enabled the "file printing and sharing".
>>
>> When the AVG firewall is turned ON - I see that the users take a long
>> time ( around 4 minutes) to log onto domain.
>> And if I wanted to add any new computer to the domain I get the error
>> message " RPC server unavailable".
>> The moment I "deactivate the firewall" - all seems to work fine and the
>> new computer can easily be joined to domain.
>>
>> Can anybody guide me thru the steps on how to configure this at the
>> firewall front??
>>
>> Thank you
>> Hari
>>
>
>

Because you'll need to open ports for Kerberos, LDAP, SMB, RPC, DNS. And
from what I know, by default the ports for LSA RPC and NTLM are dynamic (can
by changed from registry). So, what is the sense of a firewall on this
machine if everything needs to be open?
A personal firewall on a DC will create only problems - and a false sense of
security. If your router can do NAT this can be enough for the moment and
you should think to buy a dedicated firewall (a hardware device or a
computer with ISA, Checkpoint, etc).

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader...lt2.asp?ref=au

"Hari" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi! Thank you for the reply. Yes I installed the AV Firewall on the domain
> controller. but why to uninstall it??
> I have only one server and it is a DC. My router does not have any
> firewall feature.
> I cannot provide security otherwise, please advice.
> Thank you
> Hari
>
> "Andrei Ungureanu [MVP]" <contact me via www.itboard.ro> wrote in message
> news:(E-Mail Removed)...
>> Did you install the AVG firewall on the domain controller?
>> If yes, just uninstall it.
>>
>> --
>> Regards,
>> Andrei Ungureanu
>> www.eventid.net
>> Test our new EventReader!
>> http://www.altairtech.ca/eventreader...lt2.asp?ref=au
>>
>>
>> "Hari" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>>> Hi!
>>> I have a domain with 20 pc's. I have installed a third party antivirus
>>> AVG antivirus with Firewall.
>>> I have configured the profile of the firewall to domain profile and
>>> enabled the "file printing and sharing".
>>>
>>> When the AVG firewall is turned ON - I see that the users take a long
>>> time ( around 4 minutes) to log onto domain.
>>> And if I wanted to add any new computer to the domain I get the error
>>> message " RPC server unavailable".
>>> The moment I "deactivate the firewall" - all seems to work fine and the
>>> new computer can easily be joined to domain.
>>>
>>> Can anybody guide me thru the steps on how to configure this at the
>>> firewall front??
>>>
>>> Thank you
>>> Hari
>>>
>>
>>
>
>

yes, u got it right.
I removed the firewall from DC and configured it on the users pc as of now.
My router does not do NAT, will look for a alternative.
thank you for the help
"Andrei Ungureanu [MVP]" <contact me via www.itboard.ro> wrote in message
news:%(E-Mail Removed)...
> Because you'll need to open ports for Kerberos, LDAP, SMB, RPC, DNS. And
> from what I know, by default the ports for LSA RPC and NTLM are dynamic
> (can by changed from registry). So, what is the sense of a firewall on
> this machine if everything needs to be open?
> A personal firewall on a DC will create only problems - and a false sense
> of security. If your router can do NAT this can be enough for the moment
> and you should think to buy a dedicated firewall (a hardware device or a
> computer with ISA, Checkpoint, etc).
>
> --
> Regards,
> Andrei Ungureanu
> www.eventid.net
> Test our new EventReader!
> http://www.altairtech.ca/eventreader...lt2.asp?ref=au
>
> "Hari" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi! Thank you for the reply. Yes I installed the AV Firewall on the
>> domain controller. but why to uninstall it??
>> I have only one server and it is a DC. My router does not have any
>> firewall feature.
>> I cannot provide security otherwise, please advice.
>> Thank you
>> Hari
>>
>> "Andrei Ungureanu [MVP]" <contact me via www.itboard.ro> wrote in message
>> news:(E-Mail Removed)...
>>> Did you install the AVG firewall on the domain controller?
>>> If yes, just uninstall it.
>>>
>>> --
>>> Regards,
>>> Andrei Ungureanu
>>> www.eventid.net
>>> Test our new EventReader!
>>> http://www.altairtech.ca/eventreader...lt2.asp?ref=au
>>>
>>>
>>> "Hari" <(E-Mail Removed)> wrote in message
>>> news:%(E-Mail Removed)...
>>>> Hi!
>>>> I have a domain with 20 pc's. I have installed a third party antivirus
>>>> AVG antivirus with Firewall.
>>>> I have configured the profile of the firewall to domain profile and
>>>> enabled the "file printing and sharing".
>>>>
>>>> When the AVG firewall is turned ON - I see that the users take a long
>>>> time ( around 4 minutes) to log onto domain.
>>>> And if I wanted to add any new computer to the domain I get the error
>>>> message " RPC server unavailable".
>>>> The moment I "deactivate the firewall" - all seems to work fine and the
>>>> new computer can easily be joined to domain.
>>>>
>>>> Can anybody guide me thru the steps on how to configure this at the
>>>> firewall front??
>>>>
>>>> Thank you
>>>> Hari
>>>>
>>>
>>>
>>
>>
>
>