A Quick Tip To Strict FRS Replication To A Specific Port

by [Published on 22 Oct. 2009 / Last Updated on 30 April 2009]

This article explains a registry heck which can be used to strict FRS Replication to a specific port.

File Replication Service and Active Directory Replication require that you open more than 10 TCP and UDP ports in Firewall. File Replication Service works on Dynamic RPC port to replicate the SYSVOL contents. Sometimes, it is not possible to open this port range in a production environment. You can strict the FRS Replication to work on a specific port. You enable this functionality by setting the below mentioned registry entries on all the domain controllers where SYSVOL folder is hosted:

  • KEY NAME: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTFRS\Parameters
  • Entry Name: RPC TCP/IP Port Assignment
  • Type: REG_DWORD
  • Value: Port No...(for example: 4999)

With above configuration, you only need to open the Port No: 4999 to allow FRS to replicate the contents of SYSVOL to all the domain controllers. This minimizes the security risk in the production environment.

The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal is a MCSEx3, MCITP and was awarded Microsoft MVP award in Directory Services and Windows Networking. He is specialized in Directory Services, Microsoft Clustering, Hyper-V, SQL and Exchange and has been involved in Microsoft Technologies since 1994.

Latest Contributions

Featured Links