When using domain services through a firewall the RPC ports must be limited from the range 1025-65535 to specific ports.
Windows registry settings, must be implemented at least on domain controllers. It can be a advantage to implement the RPC settings on the Certificate servers, file servers and the servers that are using dynamic rpc ports.
In this case i have selected two different ports. It can be implemented through a GPO to centralize the deployment of the settings.
Registry key 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Registry value: TCP/IP
Port Value
type: REG_DWORD
Value data: 4210Registry key 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Registry value: DCTcpipPort
Value type: REG_DWORD
Value data: 4211Registry Key 2
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet
Ports: REG_MULTI_SZ: 4212-5212
PortsInternetAvailable: REG_SZ: Y
UseInternetPorts: REG_SZ: YRestart server for the changed to take effect.
