I am trying to use certsrv.msc to connect from my workstation to the CA for administration purposes. Workstation is Win7, CA is 2008 R2 Enterprise running Enterprise Subordinate on a dedicated box.
I configured a static DCOM port for certsvc by following this article, including bouncing the service and also rebooting the CA box:
http://social.technet.microsoft.com/wiki/contents/articles/1559.how-to-configure-a-static-dcom-port-for-ad-cs.aspx
The static port was opened in the firewall from my workstation to the CA. We also found that TCP 445 was required, so that has been opened as well, port 135 & other ports normally needed for autoenrollment should be open. Sniffing the firewall showed that a random high numbered port that is not the static dcom port is being attempted - this is the only port showing dropped packets & no traffic on the static port.
I am wondering if there is a way to configure a static port for this high-level random port to use with certsrv.msc as I was able to do with the certsvc dcom port? I am trying to avoid having tens of thousands of network ports wide open going to my CA... Thanks in advance!