Sign in with
Sign up | Sign in
Your question

Use of UDP Port 389

Last response: in Windows 2000/NT
Share
August 22, 2005 12:57:17 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I currently have a network of Windows 2000 servers connected via a VPN.

Recently I noticed that our firewall was blocking UDP Port 389 traffic to an
IP network that we do not have any domain controllers in. The traffic is
orginating from each 2000 server. It appears as if the AD may be trying to
replicate to an ip address that doesn't even exist.

I am assuing the UDP traffic being blocked is a AD ping to find the
172.192.1.190 address.

How can we first verify that AD is trying to replicate to 172.192.1.190 and
then stop it?

Any help will be appreciated.

Thanks

More about : udp port 389

Anonymous
August 22, 2005 9:54:09 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

The UDP ping is used during the DC location process. Check DNS for any
references to a DC with that IP address.

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Confused wrote:
> I currently have a network of Windows 2000 servers connected via a VPN.
>
> Recently I noticed that our firewall was blocking UDP Port 389 traffic to an
> IP network that we do not have any domain controllers in. The traffic is
> orginating from each 2000 server. It appears as if the AD may be trying to
> replicate to an ip address that doesn't even exist.
>
> I am assuing the UDP traffic being blocked is a AD ping to find the
> 172.192.1.190 address.
>
> How can we first verify that AD is trying to replicate to 172.192.1.190 and
> then stop it?
>
> Any help will be appreciated.
>
> Thanks
August 23, 2005 10:07:05 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Joe,

There is no entry in DNS for 172.192.190.1. That is what is so strange about
this.

How can I get the traffic to stop, since there is no DC with that address?
The other question is what caused this to happen in the first place. We do
not even use that subnet for anything other than dial-up access?

Thanks in advance

"Joe Richards [MVP]" wrote:

> The UDP ping is used during the DC location process. Check DNS for any
> references to a DC with that IP address.
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> Confused wrote:
> > I currently have a network of Windows 2000 servers connected via a VPN.
> >
> > Recently I noticed that our firewall was blocking UDP Port 389 traffic to an
> > IP network that we do not have any domain controllers in. The traffic is
> > orginating from each 2000 server. It appears as if the AD may be trying to
> > replicate to an ip address that doesn't even exist.
> >
> > I am assuing the UDP traffic being blocked is a AD ping to find the
> > 172.192.1.190 address.
> >
> > How can we first verify that AD is trying to replicate to 172.192.1.190 and
> > then stop it?
> >
> > Any help will be appreciated.
> >
> > Thanks
>
Anonymous
August 23, 2005 11:42:35 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I would say do a network trace of the machines doing the requests and see if
there is anything around it that makes sense. You can also try to figure out
which processes are using that port on those machines.

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Confused wrote:
> Joe,
>
> There is no entry in DNS for 172.192.190.1. That is what is so strange about
> this.
>
> How can I get the traffic to stop, since there is no DC with that address?
> The other question is what caused this to happen in the first place. We do
> not even use that subnet for anything other than dial-up access?
>
> Thanks in advance
>
> "Joe Richards [MVP]" wrote:
>
>
>>The UDP ping is used during the DC location process. Check DNS for any
>>references to a DC with that IP address.
>>
>>--
>>Joe Richards Microsoft MVP Windows Server Directory Services
>>www.joeware.net
>>
>>
>>Confused wrote:
>>
>>>I currently have a network of Windows 2000 servers connected via a VPN.
>>>
>>>Recently I noticed that our firewall was blocking UDP Port 389 traffic to an
>>>IP network that we do not have any domain controllers in. The traffic is
>>>orginating from each 2000 server. It appears as if the AD may be trying to
>>>replicate to an ip address that doesn't even exist.
>>>
>>>I am assuing the UDP traffic being blocked is a AD ping to find the
>>>172.192.1.190 address.
>>>
>>>How can we first verify that AD is trying to replicate to 172.192.1.190 and
>>>then stop it?
>>>
>>>Any help will be appreciated.
>>>
>>>Thanks
>>
!