we fixed our NTDS port to 13500 using the registry key:
reg add HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters /v "TCP/IP Port" /t REG_DWORD /d 13500 /f
for years now this worked fine, and traffic was redirected to port 13500
Last week we noticed an issue where we saw that interface 12345778-1234-abcd-ef00-0123456789ab was suddenly additionally registered on port 50007. 12345778-1234-abcd-ef00-0123456789ab is the LSARPC interface who handles LsarLookupSids3 functions
for sid translation over trusts. From our trusting DC's port 50007 was not opend to our DC's on the firewall. Is this behavior normal or do we have to open a case with out Premier support? It seems that 50007 is still registered, for over a week now. Can we remove this port?
PortQry result for this interface:
UUID: 12345778-1234-abcd-ef00-0123456789ab
ncacn_np:localhost[\\pipe\\lsass]
UUID: 12345778-1234-abcd-ef00-0123456789ab
ncacn_np:localhost[\\PIPE\\protected_storage]
UUID: 12345778-1234-abcd-ef00-0123456789ab
ncacn_ip_tcp:localhost[50003]
UUID: 12345778-1234-abcd-ef00-0123456789ab
ncacn_ip_tcp:localhost[13500]
UUID: 12345778-1234-abcd-ef00-0123456789ab
ncacn_http:localhost[50006]
UUID: 12345778-1234-abcd-ef00-0123456789ab
ncacn_ip_tcp:localhost[50007]
I can not seem to find information that explains this behavior, already looked in:
https://support.microsoft.com/kb/179442
http://support.microsoft.com/kb/224196
http://social.technet.microsoft.com/Forums/windowsserver/en-US/33d3fc9f-893c-4310-aec5-2cf0b0a55b22/how-rpc-works-in-active-directory-and-how-rpc-port-binding-in-active-directory
http://technet.microsoft.com/en-us/library/dd772723(v=WS.10).aspx
Please advise,
kind regards,
PJ