In the default configuration, the certificate authority's certificate request interface is configured to negotiate dynamic ports for the incoming RPC/DCOM connections (for more details, see the article "Firewall rules required for Active Directory Certificate Services„).
Network protocol | Destination port | Protocol |
---|---|---|
TCP | 135 | RPC Endpoint Mapper |
TCP | 49152-65535 | RPC dynamic ports |
This configuration is not feasible in every enterprise environment. Often there are restrictive firewall rules that do not allow the use of dynamic network ports.
In such a case, the certificate authority must be configured to a static port.
Continue reading „Konfigurieren der Zertifizierungsstelle auf einen statischen Port (RPC-Endpunkt)“