The information in this article applies to:
IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe. SYMPTOMSBranch-based SNA Servers that use a Remote Link Service may not be able to communicate with a Central SNA Server if there are Internet firewalls or screening routers between the SNA Server systems. CAUSE
You can configure Central SNA Servers that are distributing link services
for remote SNA servers to use specific software port numbers. This allows
administrators of Internet firewalls to filter packets based on port
number, thereby denying/accepting their propagation to the private
network.
MORE INFORMATION
If a connection is configured to activate "On Demand" or "By Admin" the node
issues an initial Open Link request. When the connection is activated, the
node issues a Close Link request, then an Open Link request for the actual
connection. If a DLS link service (SNAREMx) is configured to use a fixed
IP port number (LocalIPport registry entry), the second Open Link request
will fail because the port will be in a Time_Wait state from the first
Open/Close Link. Q224303 SNA Server Allows Range of IP Ports With Distributed Link ServiceFor additional information regarding SNA Server and Internet firewalls, please see the following article in the Microsoft Knowledge Base: Q139508 Internet Firewall Support in SNA Server RESOLUTION
The SNA Server transport DLLs were modified to support registry
entries that can be used to set fixed port numbers over the
protocols supported by distributed link services. The supported
protocols are TCP/IP, IPX/SPX, and Banyan Vines IP.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<linkservice>\Parameters\If TCP/IP: IpPort: REG_DWORD: If Netware IPX/SPX: IpxPort: REG_DWORD: If Banyan Vines: VinesPort: REG_DWORD: For example: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SnaDlc1\Parameters\IpPort: REG_DWORD: 1479 (decimal)The firewall must be configured to allow TCP/IP traffic to and from the port number used by the distributed link service running on the central server. It should not be necessary to set the local port number used by the remote link service (i.e. SnaRemX) running on the branch system, so that a dynamic port number is always used by SnaRemX. WARNING: If you configure fixed IP ports on both ends, you will be unable to reopen a connection for several minutes after it is disconnected. This is due to the TcpTimedWaitDelay, per TCP/IP RFC793. However, if you must set the local port number that is used by the remote link service (SnaRemX), the following registry setting can be used to set the port number used by the link service: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SnaRemX\Parameters\If TCP/IP: LocalIpPort: REG_DWORD:If Netware IPX/SPX: LocalIpxPort: REG_DWORD:If Banyan Vines: LocalVinesPort: REG_DWORD: Where "X" is the link service name. Note that there may be several "SnaRemx" link services installed on the branch server. The names default to SnaRem1, SnaRem2, and so forth. For example: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SnaRem1\Parameters\IpPort: REG_DWORD: 1479 (decimal)The following files were modified to provide this support: <snaroot>\system\snaip.dll <snaroot>\system\snanw.dll <snaroot>\system\snabv.dll STATUSMicrosoft has confirmed this to be a problem in SNA Server version 3.0. This problem was corrected in the latest Microsoft SNA Server 3.0 U.S. Service Pack. For information on obtaining the service pack, query on the following word in the Microsoft Knowledge Base (without the spaces): S E R V P A C K Additional query words:
Keywords : prodsna kbbug3.00 kbfix3.00.sp1 snadls |
|
Last Reviewed: November 23, 1999 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |