Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, November 13, 2019 3:53 AM
Hi,
When I request for firewall definition for our dhcp failover does port 647 tcp for both servers be two way? Does both servers become source and destination at the same time?
Also for workstations on TCP port 67, is it two from workstation to server and server to workstation?
All replies (7)
Wednesday, November 13, 2019 4:30 AM ✅Answered
Hi Janus,
DHCP failover uses TCP port 647 to listen for failover messages between two failover partner servers. For this traffic to be allowed by the Windows firewall, the following inbound and outbound firewall rules are added then you install the DHCP Server role:
- Microsoft-Windows-DHCP-Failover-TCP-In
- Microsoft-Windows-DHCP-Failover-TCP-Out
DHCP Servers use TCP port 647 should be bidirectional DHCP Server1 <--> DHCP Server2.
Workstations use TCP port 67/68 and should suffice to be one direction, Workstation --> DHCP Server.
DHCP Server port requirements:
https://support.microsoft.com/en-us/help/832017/service-overview-and-network-port-requirements-for-windows
Best regards,
Leon
Blog: https://thesystemcenterblog.com LinkedIn:
Wednesday, November 13, 2019 6:43 AM ✅Answered
Hi ,
>>*When I request for firewall definition for our dhcp failover does port 647 tcp for both servers be two way? Does both servers become source and destination at the same time? *
Both DHCP servers in a failover relationship must maintain a persistent TCP connection with each other. DHCP failover partners establish and maintain this connection on port 647, and use it to exchange operational state information and lease information.
As Leon said, DHCP Servers use TCP port 647 should be bidirectional.
>>Also for workstations on TCP port 67, is it two from workstation to server and server to workstation?
TCP/UDP 67 and 68 initiate communication between the client and server.
UDP 67 is the destination port of a DHCP server, and port number 68 is used by the client.
Best Regards,
Candy
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Thursday, November 14, 2019 1:32 AM
Thanks Leon!
Thursday, November 14, 2019 1:32 AM
Thanks Candy!
Thursday, November 14, 2019 1:43 AM
Hi ,
You are welcome!
Best Regards,
Candy
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Thursday, November 14, 2019 3:40 PM
Hi All,
I tried to do a telnet to the partner server in port 647 but I get a connection failed. I tried both ways and still failed. Windows firewall for both is disabled and corporate firewall is already allowed. The firewall team did a trace and they see that the server is resetting tcp connection. I tried resetting winsock via netsh and rebooted several times and still the problem is the same.
Thanks!
Thursday, November 14, 2019 9:57 PM
Hello Janus,
If this is a new issue, I would suggest you create a new thread so we don't get two different topics mixed up :) Thanks!
Blog: https://thesystemcenterblog.com LinkedIn: