https://community.cisco.com/t5/network-security/dmz-server-authentication-issue/m-p/734945#M1002980 <HTML><HEAD></HEAD><BODY><P>There are too many ports to be opened.</P><P>Check the link below.</P><P></P><P>If it is a critical server, then </P><P>I suggest you do an IPSEC tunnel between the server &amp; the DC inside. </P><P></P><P>Tuff job but doable &amp; secure.</P><P></P><P><A class="jive-link-custom" href="http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx" target="_blank">http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx</A></P></BODY></HTML> Tue, 19 Jun 2007 09:01:56 GMT anandramapathy 2007-06-19T09:01:56Z https://community.cisco.com/t5/network-security/dmz-server-authentication-issue/m-p/734943#M1002978 <P>I have a DMZ (192.168.4.0/24) setup for my web server on a PIX 515. When I put a laptop (running XP Pro) in the DMZ to test connectivity to the inside it is able to hit all the resources with a ping so I believe that traffic is flowing correctly. Then when I tried to join the laptop to my Active Directory domain I received an error stating that "no endpoints available from the end point mapper". This also happened with a Windows 2003 server but did not happen with a Windows 2000 server. Has anyone else ran into this and know what port need to be opened to allow authentication traffic with the newer Windows operating systems? </P><P></P><P>I've been trying to troubleshoot this as a Windows issue but I know it's not a DNS issue which is what I'm being told. Any help is appreciated.</P> Mon, 11 Mar 2019 10:32:04 GMT https://community.cisco.com/t5/network-security/dmz-server-authentication-issue/m-p/734943#M1002978 qbakies11 2019-03-11T10:32:04Z https://community.cisco.com/t5/network-security/dmz-server-authentication-issue/m-p/734944#M1002979 <HTML><HEAD></HEAD><BODY><P>I have not come across such an issue b4, but to tell you a suggestion. You should enable logging on terminal (monitor) or console and start analysing the message which will tell you why the pix is dropping the AD join packets. This will help you in identifying the ports that need to be opened.</P><P></P><P>HTH, Murali</P></BODY></HTML> Tue, 19 Jun 2007 06:13:18 GMT https://community.cisco.com/t5/network-security/dmz-server-authentication-issue/m-p/734944#M1002979 musethur 2007-06-19T06:13:18Z https://community.cisco.com/t5/network-security/dmz-server-authentication-issue/m-p/734945#M1002980 <HTML><HEAD></HEAD><BODY><P>There are too many ports to be opened.</P><P>Check the link below.</P><P></P><P>If it is a critical server, then </P><P>I suggest you do an IPSEC tunnel between the server &amp; the DC inside. </P><P></P><P>Tuff job but doable &amp; secure.</P><P></P><P><A class="jive-link-custom" href="http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx" target="_blank">http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx</A></P></BODY></HTML> Tue, 19 Jun 2007 09:01:56 GMT https://community.cisco.com/t5/network-security/dmz-server-authentication-issue/m-p/734945#M1002980 anandramapathy 2007-06-19T09:01:56Z https://community.cisco.com/t5/network-security/dmz-server-authentication-issue/m-p/734946#M1002981 <HTML><HEAD></HEAD><BODY><P>How do I enable the logging on the PIX?</P></BODY></HTML> Tue, 19 Jun 2007 11:49:20 GMT https://community.cisco.com/t5/network-security/dmz-server-authentication-issue/m-p/734946#M1002981 qbakies11 2007-06-19T11:49:20Z https://community.cisco.com/t5/network-security/dmz-server-authentication-issue/m-p/734947#M1002982 <HTML><HEAD></HEAD><BODY><P>Check this link - </P><P>Choose what you want to log the information to </P><P></P><P>syslog / console etc </P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450bf7.html#wp1047918" target="_blank">http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450bf7.html#wp1047918</A></P><P></P><P>hjh - pls rate all useful posts</P></BODY></HTML> Tue, 19 Jun 2007 12:06:39 GMT https://community.cisco.com/t5/network-security/dmz-server-authentication-issue/m-p/734947#M1002982 anandramapathy 2007-06-19T12:06:39Z