Environment
Situation
This article discusses which ports are required when adding a server to PowerRecon's inventory.
Resolution
The following ports are used by PowerRecon during the inventory process:
For Linux/VMware ESX 2.5.x or earlier:
22 TCP SSH Port used when adding supported Linux servers or VMware ESX Servers
For VMware Infrastructure 3.x:
22 TCP SSH Port used
443 TCP VMware Infrastructure Web Services port
For Windows Servers:
53 TCP/UDP Domain
88 TCP/UDP Kerberos
123 UDP Time
137 UDP Netbios-ns
139 TCP Netbios-ssn
389 TCP/UDP LDAP
3268 TCP LDAP to Global Catalog
135/445 TCP For DCOM/RPC communication as PowerRecon utilizes WMI when adding Windows based servers
**WMI (RPC/DCOM) may use TCP ports 135 and 445 as well as random/dynamically assigned ports above 1024.
Microsoft has published technical articles on how to limit the port range for DCOM and RPC:
Using Distributed COM with Firewalls:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndcom/html/msdn_dcomfirewall.asp
How to configure RPC dynamic port allocation to work with firewalls:
http://support.microsoft.com/default.aspx?scid=kb;en-us;154596
DCOM Does Not Work over Network Address Translation-Based Firewall
http://support.microsoft.com/kb/248809
** Please be advised that the above has not been certified by PlateSpin.