Mienolf, I have added all the ports listed in the document your fist link points to. Some of them, when adding, explianed they could not be added possibly since they were already in there . I added these and then enabled the firwall on the (backup) domain controller (server 2003 r2 sp2) I had 2 problems originally when turning the FW on.. relpication would stop expalining no end points from mapper, and DHCP clients would no longer get requestd DHCP leases after adding all the listed ports ....DHCP server is working fine but replication is having problems when I run replmon , my primary DC is listed first and this server ( DC #2) is listed 2nd the firstenry states the mapper erro a=butthe rest (config/schema/DNSzones\Forest DNS zones are all OK the sencod "section" for this DC#2 all 5 items have the BANG on them ( yellow circle with exclaimation point) and there is no "stuff" displayed at all if you click on one of them

also when I have the FW up ( and then I get the endpoint mapper errors ) I asos l run dcdiag and all test pass (even one called replication ) I also do ahve the FW logs but cant begin to analyse those :(

hello , I see a lot of technical stuff up here...but does anyone have a quick listing of the ports or aother exceptions that are needed to keep replication going when the windows forwall is up? thanks

Hi, information about the replication traffic through a firewall you will find further information here: http://support.microsoft.com/kb/555381 regards Thomas Paetzold visit my blog on: http://sus42.wordpress.com

Hello, which kind of replication are you talking about? Active Directory, then the minimum is http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx For other services and network ports see http://support.microsoft.com/kb/832017Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Yes Active directory thanks Mr Weber

Hello, please upload the following files for a better overview: ipconfig /all >c:\ipconfig.txt [all DCs] dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)] dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045) As the output will become large, DON'T post them into the thread, please use Windows Sky Drive(with open access!) http://explore.live.com/windows-live-skydrive and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

heres the URL https://skydrive.live.com/#cid=BD95D9F727CB8E30&id=BD95D9F727CB8E30%21120 ipconfig1 = main DC ipconfig 2= backup DC this is the one that if I put the FireWall on replication fails ( I have the FW off on DC1 intending to learn from this issue with DC2 before I turn the FW on DC1 backon) Thanks letme know if you need me to do more stuff

Hello, as you use HP teaming please assure that the configuration is made for failover and NOT for load balancing as this is NOT supported from Microsoft. What are the Forwarders 192.168.1.21, 192.168.1.22 and 192.168.100.2 for machines, are they domain DNS servers? Normally you should use either the root hints or ISPs DNS server as Forwarders. Is your domain a child domain and the used forwarders are from the root domain?Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

I am going ti dissolve the team..... there is no real value to it atthis point and once again I have found little support out there for the configuration.... the forwarders ...... they are DNS servers in other domains I connect to (trusts stuff)_

OK HP adapter team has been disolved on Server #1 I turned the firewall back on on server #2 still get "no end points error" I am offto do more "no end ppint " research

this may be why so many folks dont turn the FW on on their servers .......