"Bernard" <qbernard@hotmail.com> wrote in message
news:uCMTEZWjDHA.1728@TK2MSFTNGP11.phx.gbl...
> Mmm.. and I would say - these port should ONLY
> open to trusted network....
>
> but I won't open it even I can trust them. it just too
> risky.. don't you think so ?
>
> --
> Regards,
> Bernard Cheah
> http://support.microsoft.com/
> Please respond to newsgroups only ...
>
>
>
> "Desmond Lam [msft]" <deslam@online.microsoft.com> wrote in message
> news:ekpzS2UjDHA.2516@TK2MSFTNGP09.phx.gbl...
> > Port 80/443 is reqired to be open at the firewall for http/https access.
> > Unless you are using Kerberos authentication, NTLM do not need
additional
> > ports to be open at the firewall between the web client and the web
> server.
> >
> > If there is a firewall exist between web server and the domain
controller,
> > you may need to open the following ports for NTLM authentication to
work:
> >
> > Client Port(s) Server Port Service
> > 1024-65535/TCP 135/TCP RPC *
> > 137/UDP 137/UDP NetBIOS Name
> > 138/UDP 138/UDP NetBIOS Netlogon and Browsing
> > 1024-65535/TCP 139/TCP NetBIOS Session
> > 1024-65535/TCP 42/TCP WINS Replication
> >
> >
> > Hope it helps,
> > Desmond
> >
> >
> > "James" <big2mouth@hotmail.com> wrote in message
> > news:061401c38d0d$9a46fa60$a101280a@phx.gbl...
> > > I set up a couple pages using the NT challenge
> > > authentication (with user names and passwords of the
> > > domain). It's working fine until the system admin. people
> > > moved the web server behind a firewall. Now whenever I
> > > tried o access these pages from outside, it showed 401.2
> > > error. Guess I need to ask the admin. guys to open some
> > > port on the firewall. Roughly remember the port 443 needs
> > > to be opened. Tried that, but still same error. Can't find
> > > much information regarding the ports from MS website.
> > > Could anyone kindly give me some hints? Thanks in advance.
> >
> >
>
>

"James" <big2mouth@hotmail.com> wrote in message
news:061401c38d0d$9a46fa60$a101280a@phx.gbl...
> I set up a couple pages using the NT challenge
> authentication (with user names and passwords of the
> domain). It's working fine until the system admin. people
> moved the web server behind a firewall. Now whenever I
> tried o access these pages from outside, it showed 401.2
> error. Guess I need to ask the admin. guys to open some
> port on the firewall. Roughly remember the port 443 needs
> to be opened. Tried that, but still same error. Can't find
> much information regarding the ports from MS website.
> Could anyone kindly give me some hints? Thanks in advance.

"James" <big2mouth@hotmail.com> wrote in message
news:061401c38d0d$9a46fa60$a101280a@phx.gbl...
> I set up a couple pages using the NT challenge
> authentication (with user names and passwords of the
> domain). It's working fine until the system admin. people
> moved the web server behind a firewall. Now whenever I
> tried o access these pages from outside, it showed 401.2
> error. Guess I need to ask the admin. guys to open some
> port on the firewall. Roughly remember the port 443 needs
> to be opened. Tried that, but still same error. Can't find
> much information regarding the ports from MS website.
> Could anyone kindly give me some hints? Thanks in advance.

"Desmond Lam [msft]" <deslam@online.microsoft.com> wrote in message
news:ekpzS2UjDHA.2516@TK2MSFTNGP09.phx.gbl...
> Port 80/443 is reqired to be open at the firewall for http/https access.
> Unless you are using Kerberos authentication, NTLM do not need additional
> ports to be open at the firewall between the web client and the web
server.
>
> If there is a firewall exist between web server and the domain controller,
> you may need to open the following ports for NTLM authentication to work:
>
> Client Port(s) Server Port Service
> 1024-65535/TCP 135/TCP RPC *
> 137/UDP 137/UDP NetBIOS Name
> 138/UDP 138/UDP NetBIOS Netlogon and Browsing
> 1024-65535/TCP 139/TCP NetBIOS Session
> 1024-65535/TCP 42/TCP WINS Replication
>
>
> Hope it helps,
> Desmond
>
>
> "James" <big2mouth@hotmail.com> wrote in message
> news:061401c38d0d$9a46fa60$a101280a@phx.gbl...
> > I set up a couple pages using the NT challenge
> > authentication (with user names and passwords of the
> > domain). It's working fine until the system admin. people
> > moved the web server behind a firewall. Now whenever I
> > tried o access these pages from outside, it showed 401.2
> > error. Guess I need to ask the admin. guys to open some
> > port on the firewall. Roughly remember the port 443 needs
> > to be opened. Tried that, but still same error. Can't find
> > much information regarding the ports from MS website.
> > Could anyone kindly give me some hints? Thanks in advance.
>
>

"Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message
news:bm10mk$87g6@kcweb01.netnews.att.com...
> The whole problem here is that Windows Integrated authentication makes no
> sense for clients that are outside the firewall, as it attempts to use the
> system logged on user for authentication. How can a remote client outside
> the firewall be logged onto the same domain as the web server behind the
> firewall? This authentication scheme is really best used in an intranet
> environment where all clients are behind the firewall and on the same
> Windows domain.
>
> --
> Tom Kaminski IIS MVP
> http://www.iistoolshed.com/ - tools, scripts, and utilities for running
IIS
> http://mvp.support.microsoft.com/
> http://www.microsoft.com/windowsserver2003/community/centers/iis/
>
> "Bernard" <qbernard@hotmail.com> wrote in message
> news:uCMTEZWjDHA.1728@TK2MSFTNGP11.phx.gbl...
> > Mmm.. and I would say - these port should ONLY
> > open to trusted network....
> >
> > but I won't open it even I can trust them. it just too
> > risky.. don't you think so ?
> >
> > --
> > Regards,
> > Bernard Cheah
> > http://support.microsoft.com/
> > Please respond to newsgroups only ...
> >
> >
> >
> > "Desmond Lam [msft]" <deslam@online.microsoft.com> wrote in message
> > news:ekpzS2UjDHA.2516@TK2MSFTNGP09.phx.gbl...
> > > Port 80/443 is reqired to be open at the firewall for http/https
access.
> > > Unless you are using Kerberos authentication, NTLM do not need
> additional
> > > ports to be open at the firewall between the web client and the web
> > server.
> > >
> > > If there is a firewall exist between web server and the domain
> controller,
> > > you may need to open the following ports for NTLM authentication to
> work:
> > >
> > > Client Port(s) Server Port Service
> > > 1024-65535/TCP 135/TCP RPC *
> > > 137/UDP 137/UDP NetBIOS Name
> > > 138/UDP 138/UDP NetBIOS Netlogon and Browsing
> > > 1024-65535/TCP 139/TCP NetBIOS Session
> > > 1024-65535/TCP 42/TCP WINS Replication
> > >
> > >
> > > Hope it helps,
> > > Desmond
> > >
> > >
> > > "James" <big2mouth@hotmail.com> wrote in message
> > > news:061401c38d0d$9a46fa60$a101280a@phx.gbl...
> > > > I set up a couple pages using the NT challenge
> > > > authentication (with user names and passwords of the
> > > > domain). It's working fine until the system admin. people
> > > > moved the web server behind a firewall. Now whenever I
> > > > tried o access these pages from outside, it showed 401.2
> > > > error. Guess I need to ask the admin. guys to open some
> > > > port on the firewall. Roughly remember the port 443 needs
> > > > to be opened. Tried that, but still same error. Can't find
> > > > much information regarding the ports from MS website.
> > > > Could anyone kindly give me some hints? Thanks in advance.
> > >
> > >
> >
> >
>
>