Microsoft KB Archive/917449

= Automated Deployment Services may use undocumented ports on a Windows Server 2003-based computer =

Article ID: 917449

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)

-





Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry

Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.



SYMPTOMS
On a Microsoft Windows Server 2003-based computer, Automated Deployment Services (ADS) may use undocumented ports. This behavior could lead to various issues. For example, the ADS server may try to use ports that are restricted by a firewall or by a router.



RESOLUTION
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To resolve this issue, configure a port range that the ADS server can use to deploy images. This resolution uses an undocumented feature that lets ADS administrators set the ports that the ADS server can use to deploy images. To enable this feature, follow these steps:  Click Start, click Run, type regedit, and then click OK. Locate and then right-click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADSImgSvc\Parameters

 On the Edit menu, point to New, and then click DWORD Value. Type PortsStart to name the value, and then press ENTER. On the Edit menu, point to New, and then click DWORD Value. Type PortsEnd to name the value, and then press ENTER.</li> Double-click PortsStart, type the port number that you want to use for the start of the port range in the Value data box, and then click OK.</li> Double-click PortsEnd, type the port number that you want to use for the end of the port range in the Value data box, and then click OK.

Note You have to use at least two ports in this range.</li> Restart the Image Distribution service.</li></ol>

<div class="workaround_section">

WORKAROUND
Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

To work around this issue, open all ports on the firewall or on the router. See the product documentation for information about how to configure ports on a firewall or on a router.

Keywords: kbexpertiseadvanced kbtshoot kbbug KB917449

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.