Wednesday, March 28, 2018

If I Can't Reach Active Directory, it's Down

Unless it's not.

I recently had a customer tell me that my AD servers were broken. They were unable to set SPNs via Setspn.

They were able to run AD queries and were able to do other "AD Stuff". As always, I demanded a packet capture.

In very short order, the issue was clear. Setspn, for reasons I cannot guess, uses RPCs to the domain controller to set SPNs. I have not clue why it doesn't just use LDAP. LDAP is better, it only requires one port, that we know will be open.

RPCs are a pain, they require TCP 135, the end point mapper, then some random high port, named at the time of connection.

Below, we see that the customer hit the EPM in Frame 873 and was assigned a new connection on port 1028. We the SYN to 1028 in 874, then retries in 966 and 1146.

Firewalls and windows RPCs don't mix. Click here for larger.


RPC OPEN ALL THE PORTS!!

1 comment:

  1. Promote Abhi is the best Search Engine Optimization, SEO Company in Gwalior, Madhya Pradesh. Total SEO solution under one roof.
    Not only home, but certified best interior designers in Gorakhpur are also qualified to design any space- be it home, office, restaurant, salon and all.
    If you are new and don't know how to deal with Seeking Arrangement login problems, then we let you know that you have
    Buy indoor plants online For Home Decor in India Purpose ; Good Luck Plants, Free Delivery Across India, Bamboo, Money Plant, Red Aglaonema, Jade, English Ivy etc.
    Learn about the new maurices credit card program that can help you save every time you shop at maurices! Find info on applying, logging in to pay and more!
    What are Task Management Software Solutions?? Task Management Software solutions can be described as creating a list of all the things you want to do.

    ReplyDelete