Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

Hull and Outfitting

TABLE OF CONTENTS

Limiting Ports Used with RPC Communication

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedNov 27, 2025
  • 3 minute read

It is possible to limit the destination port that RPC uses when communicating with another machine. The source port used will still be in the range >1024, but for security reasons firewalls are primarily only concerned with destination ports.

The Ports value specifies the range of ports that RPC will use, in this case 20 ports, ranging from 5000 to 5020. The user will need to configure on all systems running the Global daemon across a firewall. On Windows, a reboot of the system is required after registry modifications.

Once the RPC ports are defined, the firewall can be configured. As shown below, the firewalls for both organizations are opened to allow only communications to and from each other’s Global Servers on TCP ports 135 and 5000-5020.

These ports must be opened bi-directionally to allow Global to operate. It is possible to limit access to these ports using the UUID for Global;

d2af263a-b21d-1001-8e31-0800690811cc

(this is not the same as the project UUID).

The following solution can be applied to any modern firewall with the functionality of packet filtering.

The procedure for restricting the use of dynamic ports for RPC is through additions in the Microsoft Windows registry.

Note: Incorrect modification of the registry can lead to serious problems. Always back up the registry before making changes.

  1. To change the registry, the user must use REGEDT32 and not REGEDT, as the latter does not allow modification of the string data type.

    If REGEDT32 is not used the following message will appear on daemon startup:

    Can’t establish protocol sequences: Not enough resources are available to complete this operation

  2. The user must add a subkey and three values to the registry.

  3. Under the following key, add a subkey called Internet:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc

    This results in the registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet

  4. Under the Internet subkey create three values with the corresponding string data - displayed in the Registry Editor as:-

    "Ports" (type MULTI_SZ):5000-5020

    "PortsInternetAvailable" (type REG_SZ):Y

    "UseInternetPorts" (type REG_SZ):Y

    Note: When entering the three strings DO NOT enter the colon before 5000-5020 and Y entries. If the colons are added the global daemon batch file will abort with the following error:

    Can't establish protocol sequence: The parameter is incorrect

    The edited registry should now look something like this:

    Note: The RPC configuration procedure described in this document can also be found in Microsoft TechNet Knowledge base: Article number: Q154596. Note that Microsoft recommend a minimum of 20 ports to be open for other services; for further information on this please refer to the article which is available on the Internet at https://learn.microsoft.com/en-gb/. The number of open ports suggested in the example above is just that: a suggestion. However it is generally true that the more Global projects you are using, the more ports you are going to require to be open.

TitleResults for “How to create a CRG?”Also Available in