You may have some questions or feedback to share with me, please click the comments below and share your thoughts. I am so happy to answer your questions. Your email address will not be published.
Save my name, email, and website in this browser for the next time I comment. Make sure the local server in the server pool and select it and click Next. On the next page, leave the Features as it is and click Next. Select the Radio button next to Custom Configuration and click Next. Right-click the server node and click properties as in the screen below. Click OK once the IP address properly typed. Also, uncheck the boxes near Less Secure Authentication methods. On the Configure Constraints page, leave the defaults and click Next.
Also, Configure Settings page leave the default and click Next. Click Finish to end the wizard. For more information, see How to configure client communication ports. To initiate Remote Assistance from the Configuration Manager console, add the custom program Helpsvc. You must also permit Remote Assistance and Remote Desktop.
If you initiate Remote Assistance from the client computer, Windows Firewall automatically configures and permits Remote Assistance and Remote Desktop.
If you enable the wake-up proxy client setting, a new service named ConfigMgr Wake-up Proxy uses a peer-to-peer protocol to check whether other computers are awake on the subnet and to wake them up if necessary.
This communication uses the following ports:. If you specify the Power Management : Windows Firewall exception for wake-up proxy client setting, these ports are automatically configured in Windows Firewall for clients. However, if clients run a different firewall, you must manually configure the exceptions for these port numbers. In addition to these ports, wake-up proxy also uses Internet Control Message Protocol ICMP echo request messages from one client computer to another client computer.
This communication is used to confirm whether the other client computer is awake on the network. For more information about wake-up proxy, see Plan how to wake up clients. NET State Service stores session data out-of-process. The service uses sockets to communicate with ASP. NET that is running on a web server. Certificate Services is part of the core operating system. By using Certificate Services, a business can act as its own certification authority CA.
It lets the business issue and manage digital certificates for programs and protocols such as:. For more information, see 3. The Cluster service controls server cluster operations and manages the cluster database. A cluster is a collection of independent computers that act as a single computer.
Managers, programmers, and users see the cluster as a single system. The software distributes data among the nodes of the cluster. If a node fails, other nodes provide the services and data that were formerly provided by the missing node.
When a node is added or repaired, the cluster software migrates some data to that node. By default, DTLS is enabled. The Computer Browser system service maintains an up-to-date list of computers on your network and supplies the list to programs that request it.
The Computer Browser service is used by Windows-based computers to view network domains and resources. Computers that are designated as browsers maintain browse lists that contain all shared resources that are used on the network. Earlier versions of Windows-based programs, such as My Network Places, the net view command, and Windows Explorer, all require browsing capability.
For example, when you open My Network Places on a computer that is running Microsoft Windows 95, a list of domains and computers appears. To display this list, the computer obtains a copy of the browse list from a computer that is designated as a browser.
If you are running only Windows Vista and later versions of Windows, the browser service is no longer required. You can use this service to adjust the advanced network settings of DHCP clients. The Distributed File System Replication DFSR service is a state-based, multi-master file replication engine that automatically copies updates to files and folders between computers that are participating in a common replication group.
It is not used on a Windows Server domain controller. The Distributed Link Tracking Server system service stores information so that files that are moved between volumes can be tracked to each volume in the domain.
The Distributed Link Tracking Server service runs on each domain controller in a domain. This service enables the Distributed Link Tracking Client service to track linked documents that are moved to a location in another NTFS file system volume in the same domain.
The Distributed Transaction Coordinator DTC system service coordinates transactions that are distributed across multiple computer systems and resource managers, such as databases, message queues, file systems, or other transaction-protected resource managers. DNS servers are required to locate devices and services that are identified by using DNS names and to locate domain controllers in Active Directory.
The Event Log system service logs event messages that are generated by programs and by the Windows operating system. Event log reports contain information that you can use to diagnose problems.
You view reports in Event Viewer. The Event Log service writes events that are sent to log files by programs, by services, and by the operating system.
The events contain diagnostic information in addition to errors that are specific to the source program, the service, or the component. This service has the same firewall requirements as the File and Printer Sharing feature. Fax Service lets users use either a local fax device or a shared network fax device to send and receive faxes from their desktop programs.
The File Replication service FRS is a file-based replication engine that automatically copies updates to files and folders between computers that are participating in a common FRS replica set.
FRS is the default replication engine that is used to replicate the contents of the SYSVOL folder between Windows based domain controllers and Windows Server based domain controllers that are located in a common domain. By default, the FTP control port is The default data that is used for active mode FTP port is automatically set to one port less than the control port.
Therefore, if you configure the control port to port , the default data port is port This means that the client first connects to the FTP server by using the control port. Then, the client opens a second connection to the FTP server for transferring data.
You can configure the range of high ports by using the IIS metabase. If any one of these protocols is unavailable or blocked between the client and a relevant domain controller, Group Policy will not apply or update. For a cross-domain logon, where a computer is in one domain and the user account is in another domain, these protocols may be required for the client, the resource domain, and the account domain to communicate. ICMP is used for slow link detection. When you initiate remote group policy results reporting from a Windows Server computer, access to the destination computer's event log is required.
See the Event Log section in this article for port requirements. Windows Server support the initiation of remote group policy update against Windows Server computers. SSL is an open standard for establishing an encrypted communications channel to help prevent the interception of extremely important information, such as credit card numbers.
Although this service works on other Internet services, it is primarily used to enable encrypted electronic financial transactions on the World Wide Web WWW. Internet Authentication Service IAS performs centralized authentication, authorization, auditing, and accounting of users who are connecting to a network. These users can be on a LAN connection or on a remote connection. This system service provides NAT, addressing, and name resolution services for all computers on your home network or your small-office network.
When the Internet Connection Sharing feature is enabled, your computer becomes an Internet gateway on the network. Other client computers can then share one connection to the Internet, such as a dial-up connection or a broadband connection. They do not provide these services on the external network interface. When you use the Kerberos Key Distribution Center KDC system service, users can sign in to the network by using the Kerberos version 5 authentication protocol.
As in other implementations of the Kerberos protocol, the KDC is a single process that provides two services: the Authentication Service and the Ticket-Granting Service. The Authentication Service issues ticket granting tickets, and the Ticket-Granting Service issues tickets for connection to computers in its own domain. Windows Server newer versions of Windows Server have increased the dynamic client port range for outgoing connections. The new default start port is , and the default end port is Therefore, you must increase the RPC port range in your firewalls.
This differs from a mixed-mode domain that consists of Windows Server domain controllers, Windows Server-based domain controllers, or legacy clients, where the default dynamic port range is through For more information about the dynamic port range change in Windows Server , Windows Server and Windows Server R2, see the following resources:. ICMP is used to determine whether the link is a slow link or a fast link.
In Windows Server and later versions, the Network Location Awareness Service provides the bandwidth estimate based on traffic with other stations on the network. There is no traffic generated for the estimate. However, this behavior may be changed by a specific registry setting. This limits the number of ports that the firewall has to open. For PPTP, the following ports must be enabled.
0コメント