
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2017 11:57 PM
We have a customer that is asking if port TCP 464 “KPASS” is required to be opened between the ISE and AD. If yes, what is the exact purpose of opening this port and is it required during the authentication phase ?
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2017 05:10 AM
It is not specifically needed, but could alleviate some headaches. KPASS is used on TCP Port 464 for Kerberos based password changes. Starting in Vista, Microsoft used this as the default password change method. However, if KPASS is not accessible (as in the port is closed), it will default back to NTLM for password changes.
This article goes more in-depth:
https://blogs.technet.microsoft.com/askds/2011/09/30/friday-mail-sack-super-slo-mo-edition/
Charles Moreton
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2017 05:10 AM
It is not specifically needed, but could alleviate some headaches. KPASS is used on TCP Port 464 for Kerberos based password changes. Starting in Vista, Microsoft used this as the default password change method. However, if KPASS is not accessible (as in the port is closed), it will default back to NTLM for password changes.
This article goes more in-depth:
https://blogs.technet.microsoft.com/askds/2011/09/30/friday-mail-sack-super-slo-mo-edition/
Charles Moreton

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2017 05:45 PM
HI Samer,
Please see the ports that need to be open between ISE nodes. ISE PSN talks to AD using certain functionalities.
For ISE to work correctly the ports need to be open.
http://www.cisco.com/c/dam/en/us/td/i/400001-500000/410001-420000/413001-414000/413702.jpg
Thanks
Krishnan

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2017 11:37 PM
Thanks Charles. Much appreciated.
