DCOM port issue

Discussion:

DCOM port issue

(too old to reply)

Rathna Raj

2004-07-28 12:28:20 UTC

I have a W2K server (S1) hosting a COM+ component. I have two client machine
(C1 and C2) which access the server component. C1 is in the same DOMAIN as
S1 and there is NO firewall between them. C2 is in a separate WORKGROUP and
there IS a firewall between C2 and S1. I have opened port 135 and port
4000-4010 in the firewall.

When, on S1, I configure the DCOM to use port range 4000-4010 using DCOMCNFG
tool (both "Port range Assignment" and "Default dynamic port allocation" are
set to "Internet range"), C2 (client outside firewall) is able to access the
component on the server, but C1 fails to access the component, with the
error message "RPC Server is unavailable". If I clear the port range
configuration in DCOMCNFG, C1 is able to access the server component and C2
fails with the same message. What is happening here?

So, this is not a firewall issue and this is not any authentication issue
either. Some screw up with port settings. Can anyone point me what is
happening here?

TIA
Rathna Raj

[MSFT]

2004-07-29 02:43:09 UTC

Permalink

Hi Rathna,

Regarding the issue, you may take a look at following article to see if it
will help:

PRB: DCOM Port Range Configuration Problems
http://support.microsoft.com/default.aspx?scid=kb;en-us;217351

Additionlly, I think you had better config the ports from 5000-5020, so
that it would conflct with other apps and has enough ports to allocate.

Hope this help,

Luke

[MSFT]

2004-08-02 07:26:20 UTC

Permalink

Hi Rathna,

Did I suggest help on this issue? If you need more information, please feel
free to let me know.

Luke

Rathna Raj

2004-08-06 10:58:17 UTC

Permalink

Luke,

Thanks for your reply and sorry for not responding to you earlier.

I had tried with 5000-5020 port range before I did my posting here. That
didn't help. Also, in all the clients and the server Connection-oriented
TCP/IP protocol is on the top of Default Protocols list.

As for as using static end points, that is kind of difficult to do because
we have some 450+ components reside on COM+ catalog, which can be accessed
by the clients. My understanding is that if I have to configure static end
points, then I have to do that each one of these components. Is that right?

Do you have anything more suggest me on this?

Also, I can have the machine outside the network to have it's own
application server (COM+ components). But database is inside the network and
we use MSDTC for transactional updates. Since MSDTC lives on DCOM, I still
have to configure these DCOM ports for MSDTC. Now the database server is
also used as application server for the clients inside the network. So when
I configure 10 or 20 ports for DCOM traffic and configure my firewall, MSDTC
transaction from the client outside the network goes through, but all the
client inside the network fail with "RPC Server unavailable" message.

Can I configure end point only for MSDTC? Will this again lead conflict
between internal clients and the one outside the network? Even, if I need to
configure end point for MSDTC, which AppID should I configure the ports for?

Also, one other major thing I observed is that, if I open port 1055 on my
firewall and do not configure any ports in DCOMCNFG of database server,
MSDTC transaction goes through smoothly from the client outside the network
and even all the clients inside the network work fine. What do you think is
happening here? Is some where port 1055 in hooked to DCOM traffic??? Only
other ports open on the network are 135 and 1433 (SQL Server).

Regards,
Rathna Raj

Post by [MSFT]
Hi Rathna,
Did I suggest help on this issue? If you need more information, please feel
free to let me know.
Luke

Heikki Ritvanen

2004-08-06 15:39:03 UTC

Permalink

Hi Rathna,

Here is an good whitepaper which talks about DCOM through firewalls, I am
not sure if you have seen this yet.
http://www.microsoft.com/com/wpaper/dcomfw.asp

Also, you can run NetStat -an on the server to see how you ports are being
used. But based on the description that you mentioned that you have
multiple clients you may just have too few ports open causing the internal
clients to fail.

This is discussed in the following article which will give you some idea
about this.

301512 PRB: Many TCP Connections Are Established for COM+ Proxy/Stub
http://support.microsoft.com/?id=301512

So, the reason why your other client (C1 I believe) is not able to connect
is because C2 may have used all your ports already.

About your question in regards to static endpoint for each component, I am
not sure what you mean with this as the Internet key is not component
specific and affects all the components.

Thank you and I hope this helps,

~ Heikki

This posting is provided "AS IS" with no warranties, and confers no rights.
Please reply to newsgroups only. Thanks.

Rathna Raj

2004-08-09 08:44:35 UTC

Permalink

Heikki,

Thanks for you reply.

Post by Heikki Ritvanen
Here is an good whitepaper which talks about DCOM through firewalls, I am
not sure if you have seen this yet.
http://www.microsoft.com/com/wpaper/dcomfw.asp

Read this article few times in last 5 years :)

Post by Heikki Ritvanen
Also, you can run NetStat -an on the server to see how you ports are being
used. But based on the description that you mentioned that you have
multiple clients you may just have too few ports open causing the internal
clients to fail.

Gone through it and again going thru going through it to find any clue. I
don't see anything crazy happening.

Post by Heikki Ritvanen
This is discussed in the following article which will give you some idea
about this.
301512 PRB: Many TCP Connections Are Established for COM+ Proxy/Stub
http://support.microsoft.com/?id=301512

I don't see the symptom discussed in this article.

Post by Heikki Ritvanen
About your question in regards to static endpoint for each component, I am
not sure what you mean with this as the Internet key is not component
specific and affects all the components.

You may need to refer to Luke's reply to my original post. My original post
is based on the Internet Key setting (DCOMCNFG configuration). Luke referred
to me a MS KB article
(http://support.microsoft.com/default.aspx?scid=kb;en-us;217351) which talks
about configuring static endpoints per AppID basis (I suppose, instead of
configuring through DCOMCNFG, which is applicable to all the DCOM traffic to
that server).

One more question. Will having multiple Netwrok Interface Cards on the
server (one for internal and other for external traffic) make any difference
on the way you configure your DCOM ports?

Thanks
Rathna Raj

[MSFT]

2004-08-11 05:47:03 UTC

Permalink

Hi Rathna,

Did your Windows 2000 server has two network interface cards, one for local
domain, and another for internet behind firewall?

BTW, for MSDTC and firewall, you may refer to following article:

INFO: Configuring Microsoft Distributed Transaction Coordinator (DTC) to
Work Through a Firewall
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q250367

Luke

Continue reading on narkive:

Search results for 'DCOM port issue' (Questions and Answers)

replies

My brand new computer restarts every time it begins loading windows. I don't think it's the memory. Any ideas?

started 2008-10-15 07:03:28 UTC

desktops

replies

Where do i found turbo c Compiler Free of cost?

started 2007-05-03 04:59:54 UTC

programming & design

replies

how to access Internet throw mobile phone to PC? pls tell me names of mobiles?