Configure a Windows Firewall Domain Controller
One of the most common problems with Windows Firewall is the fact that it blocks ports that are not marked as an exception. Since some of your domain controller’s services use random ports, Windows Firewall will not treat them as an exception and block incoming and outgoing traffic on them. These services are the Active Directory Replication (AD) and File Replication Service (FRS). To configure things properly, you will have to make these two services use a fixed port and Windows Firewall to treat them as an exception.
Instructions
Step 1: Go to your Start menu and click “Run.”
Step 2: Write “regedit” in the textbox and click “OK.”
Step 3: Browse to “HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSParametersTCP/IP Port,” right-click the value, and click “Modify.”
Step 4: Choose “Decimal” as your base and write any port between 49152 and 65535. Click “OK” after you are finished.
Step 5: Repeat steps 3 and for, this time browsing to “HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNtFrsParametersRPC TCP/IP Port Assignment.” Be sure not to configure this service to use the same port as the other service you configured.
Step 6: Go to your Start menu and click “Control Panel.”
Step 7: Click “Security Center.”
Step 8: Scroll down on the security center window to where it says “Manage security settings for” and click on “Windows Firewall.”
Step 9: Click on the Exceptions tab.
Step 10: Click the button called “Add Port.”
Step 11: For the name, write any name you’d like and write the port number of the first service you configured. Select “TCP” and click “OK” when you are done. Be sure to repeat this process with the other configured port
