How to enable Remote Installation Services when Internet Connection Firewall is enabled in Windows Server 2003 (889712)



The information in this article applies to:

  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Standard Edition

INTRODUCTION

This article discusses how to enable Remote Installation Services (RIS) when Internet Connection Firewall (ICF) is enabled in Microsoft Windows Server 2003.

MORE INFORMATION

You can use RIS to install Microsoft Windows Server 2003, Microsoft Windows XP, and Microsoft Windows 2000 on Pre-Boot Execution Environment (PXE) client computers that can start remotely.

The Boot Information Negotiation Layer (BINL) service is the primary component of RIS. The BINL service answers PXE client requests, validates clients by using Active Directory, and passes client information to and from the server.

Trivial FTP (TFTP) supports setting up a computer that has no disk drives. TFTP is a part of RIS environments.

RIS environments frequently require a Dynamic Host Configuration Protocol (DHCP) server. You can install the DHCP server on the same server as RIS, or you can install the DHCP server on a separate server.

To enable RIS when you enable ICF in your environment, see the following tables. Then, follow the steps that are described later to open ports on your servers.

When DHCP and RIS are installed on separate servers

To enable RIS when DHCP and RIS are installed on separate servers, open the following ports on the DHCP server where ICF is enabled.
Service nameUDPTCP
DHCP67,69Not applicable
Open the following ports on the RIS server where ICF is enabled.
Service nameUDPTCP
BINL4011Not applicable
TFTP69Not applicable
NetBIOSNot applicable139
Server message block (SMB)Not applicable445
Lightweight Directory Access Protocol (LDAP)Not applicable389

When DHCP and RIS are installed on the same server

To enable RIS when DHCP and RIS are installed on the same server, open the following ports on the server where ICF is enabled.
Service nameUDPTCP
DHCP and TFTP67,69Not applicable
BINL4011Not applicable
NetBIOSNot applicable139
SMBNot applicable445
LDAPNot applicable389

Opening a UDP port or a TCP port for the ICF

To open a port when ICF is enabled, follow these steps on the server where you want to open ports:
  1. Click Start, click Run, type ncpa.cpl in the Open box, and then press ENTER.
  2. Right-click the connection that you use to connect your RIS server to the network. Then, click Properties.
  3. Click the Advanced tab, and then click Settings.

    Note If Settings is unavailable, ICF is not enabled on this connection. You do not have to open any ports, because they are all already open.
  4. Click Add to open a new port.
  5. In the Description box, type a name.

    For example, type File Sharing (SMB): Port 445.
  6. In the Name or IP address of the computer hosting this service on your network box, type 127.0.0.1.

    Note Although you can specify the NetBIOS name of the server or the IP address of the server, we recommend that you use 127.0.0.1.
  7. In the External port box and in the Internal port box, type the port number. Typically, these numbers are the same.
  8. Click TCP or UDP, and then click OK.
  9. Repeat steps 1 through 8 for each port that you want to open.

REFERENCES

For additional information about TCP ports that are used in Windows Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:

832017 Port requirements for the Microsoft Windows server system

For additional information about RIS, visit the following Microsoft Web site:

Modification Type:MajorLast Reviewed:9/1/2006
Keywords:kbhowto KB889712 kbAudITPRO kbAudOEM