Follow

Info: AD Wizard/Driver cannot use DCs that are only available via 636/tcp

Applies To:

All versions of Venafi Software with the Active Director Identity Provider

Summary:

AD Wizard/Driver cannot discover/use DCs that are only available via LDAP over SSL

The Active Directory Identity Wizard uses the following ports:

https://support.venafi.com/entries/45671107-Info-What-ports-does-the-Active-Directory-identity-provider-use

88

Kerberos

135

TCP for RPC, EPM (Replication)

389

TCP, UDP for LDAP (Directory, Replication, User and Computer Authentication, Group Policy, Trusts)

445

TCP, UDP for SMB, CIFS, SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc (Replication, User and Computer Authentication, Group Policy, Trusts)

636

TCP, UDP for LDAP SSL (Directory, Replication, User and Computer Authentication, Group Policy, Trusts)

1025-5000

TCP Dynamic for RPC Windows server 2003

49152-65535

TCP Dynamic for RPC Windows server 2008

More Info:

There is an LDAP driver that can utilize solely the 636 port. This driver does not do an in-depth discovery of other LDAP servers and only one Host can be specified per Identity connector.

Was this article helpful?
0 out of 0 found this helpful

Comments