How Do I Enable DFS Replication Between Hosts Separated by a Firewall?

  • Updated

For the full details and original text, see http://windowsitpro.com/active-directory/q-how-do-i-enable-dfs-replication-between-hosts-separated-firewall.

Procedure

DFS Replication (DFSR) normally uses the remote procedure call (RPC) dynamic Endpoint Mapper, which is difficult to support through a firewall.

You can configure DFSR to use a static port instead of a dynamic one by using the dfsrdiag command, then restarting DFSR.

Example:

DfsrDiag staticRPC /port:<port number>
net stop dfsr
net start dfsr
 

You can verify the change by typing the command below and looking at the RpcPortAssignment value, which if it shows a value of 0 means it is using dynamic ports. (Anything other than 0 indicates the static port configured.)

DfsrDiag DumpMachineCFG

 

To really double-check that the static port is being used, you can inspect the port listener. First, find the process ID of dfsrs.exe:

tasklist | findstr dfsrs.exe

 

It might return something like this, for example:

C:\>tasklist /svc | findstr dfsrs.exe
dfsrs.exe 1772 DFSR

 

Now search a netstat -ano for the process ID, which will find the port being listened on.

In this case, below, it shows port 5722, which was the static port configured:

C:\>netstat -ano | findstr 1772
TCP 0.0.0.0:5722 0.0.0.0:0 LISTENING 1772
TCP 192.168.1.10:5722 192.168.1.12:63377 ESTABLISHED 1772
TCP 192.168.1.10:58823 192.168.1.11:135 SYN_SENT 1772
TCP [::]:5722 [::]:0 LISTENING 1772
TCP [fe80::4c46:84be:c9e0:2f2e%12]:61123 [fe80::4c46:84be:c9e0:2f2e%12]:38
9 ESTABLISHED 1772
TCP [fe80::4c46:84be:c9e0:2f2e%12]:61195 [fe80::4c46:84be:c9e0:2f2e%12]:38
9 ESTABLISHED 1772
TCP [fe80::4c46:84be:c9e0:2f2e%12]:63987 [fe80::4c46:84be:c9e0:2f2e%12]:49
155 ESTABLISHED 1772
UDP 127.0.0.1:58547 *:* 1772

Was this article helpful?

/