Hi all,
I'm working with a customer on delivering password changes cross-forest, with changes originating in a source domain and being reset in a target domain that also contains my FIM server. I added a new target to a pre-existing PCNS installation today, set the SPNs and opened up the usual ports (135, 5000-5100 and 57500-57520) but found the password changes weren't being delivered to FIM, with an RPC error being logged in event log. When I looked at a network trace, I was surprised to find it using port 49200.
I opened up this port and password changes are being delivered OK now, but I'm anxious to make sure that 49200 isn't just in a range of dynamic ports that I've otherwise not opened up. Anybody have any advice, or what I can check? We did find something suggesting that RPC can use a random port in the range 49152-65535 - would PCNS use that on Windows 2008? Though the strange thing is that EVERY DC seemed to be using this port - not very dynamic at all!
Thanks,
Paul