which firewall rule should you change?

HOTSPOT

Your company is deploying 100 Windows 7 Enterprise virtual machines (VMs). The company uses
Key Management Service (KMS) for client computer activation. A server named Server1 is a KMS
host that runs Windows Server 2008 R2. After deployment, the VMs do not activate. You need to
ensure that the VMs can activate by using KMS. On Server1, which firewall rule should you change?
To answer, select the appropriate setting in the answer area.

HOTSPOT

Your company is deploying 100 Windows 7 Enterprise virtual machines (VMs). The company uses
Key Management Service (KMS) for client computer activation. A server named Server1 is a KMS
host that runs Windows Server 2008 R2. After deployment, the VMs do not activate. You need to
ensure that the VMs can activate by using KMS. On Server1, which firewall rule should you change?
To answer, select the appropriate setting in the answer area.

Answer:

Explanation:
Note: Ensure that clients can connect to Kerberos ports on the Active Directory role
To use Kerberos authentication, clients will have to request ticket granting tickets (TGT) and service
tickets (ST) from the Key Distribution Center (KDC) over UDP or TCP port 88. By default, when you
install the Active Directory Role in Windows Server 2008 and later, the role will configure the
following incoming rules to allow this communication by default:
Kerberos Key Distribution Center – PCR (TCP-In)
Kerberos Key Distribution Center – PCR (UDP-In)
Kerberos Key Distribution Center (TCP-In)
Kerberos Key Distribution Center (UDP-In)

In your environment ensure these rules are enabled and that clients can connect to the KDC (domain
controller) over port 88. Reference: Configuring Kerberos authentication: Core configuration
(SharePoint Server 2010)



Leave a Reply 0

Your email address will not be published. Required fields are marked *