DX Unified Infrastructure Management

The Firewall Port Reference guide states we must open "port 135 and others" on a firewall to enable discovery.

I often get questions about what this means. It would be helpful to have clearer documentation. First, is this TCP only or is it TCP/UDP? Second, what others? Is this just the dynamic DCOM port range?

If it is the dynamic DCOM port range, and we limit as follows:

1. Open regedt32.exe
2. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
3. If there is no subkey titled "Internet", create one.
4. Inside the Internet key, create a REG_MULTI_SZ value named "Ports". Each line of the Ports value should specify a range of ports available to DCOM. For this example, add a single line that reads "3000-3100".
5. Add a new REG_SZ value named "PortsInternetAvailable", set it to "Y"
6. Add a new REG_SZ value named "UseInternetPorts", set it to "Y"

Then does the description basically mean "port 135 and 3000-3100?"

WMI port usage is Windows thing that UIM uses, and not controlled by UIM. 

WMI Access: 
TCP port 135 and a range of dynamic ports,
TCP 49152-65535 (RPC dynamic ports – Windows Vista, 2008 and above), 
TCP 1024-65535 (RPC dynamic ports – Windows NT4, Windows 2000, Windows 2003), or a custom range of ports

------------------------------
Support Engineer
Broadcom
------------------------------

Original Message:
Sent: 03-25-2020 03:08 PM
From: Dan Gill
Subject: Discovery Agent ports for WMI

The Firewall Port Reference guide states we must open "port 135 and others" on a firewall to enable discovery.

I often get questions about what this means. It would be helpful to have clearer documentation. First, is this TCP only or is it TCP/UDP? Second, what others? Is this just the dynamic DCOM port range?

If it is the dynamic DCOM port range, and we limit as follows:

1. Open regedt32.exe
2. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
3. If there is no subkey titled "Internet", create one.
4. Inside the Internet key, create a REG_MULTI_SZ value named "Ports". Each line of the Ports value should specify a range of ports available to DCOM. For this example, add a single line that reads "3000-3100".
5. Add a new REG_SZ value named "PortsInternetAvailable", set it to "Y"
6. Add a new REG_SZ value named "UseInternetPorts", set it to "Y"

Then does the description basically mean "port 135 and 3000-3100?"

In my experience you need ports 135 and 137 TCP and UDP and also to allow WMI in firewall with a command like this:

netsh advfirewall firewall add rule dir=in name ="WMI_FOR_CA_Agent_Deployment" program=%systemroot%\system32\svchost.exe service=winmgmt action = allow protocol=TCP localport=any

Original Message:
Sent: 03-25-2020 03:08 PM
From: Dan Gill
Subject: Discovery Agent ports for WMI

The Firewall Port Reference guide states we must open "port 135 and others" on a firewall to enable discovery.

I often get questions about what this means. It would be helpful to have clearer documentation. First, is this TCP only or is it TCP/UDP? Second, what others? Is this just the dynamic DCOM port range?

If it is the dynamic DCOM port range, and we limit as follows:

1. Open regedt32.exe
2. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
3. If there is no subkey titled "Internet", create one.
4. Inside the Internet key, create a REG_MULTI_SZ value named "Ports". Each line of the Ports value should specify a range of ports available to DCOM. For this example, add a single line that reads "3000-3100".
5. Add a new REG_SZ value named "PortsInternetAvailable", set it to "Y"
6. Add a new REG_SZ value named "UseInternetPorts", set it to "Y"

Then does the description basically mean "port 135 and 3000-3100?"