Q: How do I enable DFS Replication between hosts separated by a firewall?

A: DFS Replication (DFSR) normally uses the remote procedure call (RPC) dynamic Endpoint Mapper, which is difficult to support through a firewall. You can configure DFSR to use a static port instead of a dynamic one by using the dfsrdiag command with the staticRPC /port: switch, then restart DFSR. For example:

dfsrdiag staticRPC /port:net stop dfsrnet start dfsr

You can verify the change by typing the command below and looking at the RpcPortAssignment value, which if it shows a value of 0 means it’s using dynamic ports (anything other than 0 is the static port configured):

Dfsrdiag DumpMachineCFG

To really double-check that the static port is being used, you can inspect the port listener. First, find the process ID of dfsrs.exe:

tasklist | findstr dfsrs.exe

It might return something like this, for example:

C:>tasklist /svc | findstr dfsrs.exe
dfsrs.exe 1772 DFSR

Now search a netstat -ano for the process ID, which will find the port being listened on. In this case, below, it shows port 5722, which was the static port configured:

C:>netstat -ano | findstr 1772
TCP 0.0.0.0:5722 0.0.0.0:0 LISTENING 1772
TCP 192.168.1.10:5722 192.168.1.12:63377 ESTABLISHED 1772
TCP 192.168.1.10:58823 192.168.1.11:135 SYN_SENT 1772
TCP [::]:5722 [::]:0 LISTENING 1772
TCP [fe80::4c46:84be:c9e0:2f2e%12]:61123 [fe80::4c46:84be:c9e0:2f2e%12]:38
9 ESTABLISHED 1772
TCP [fe80::4c46:84be:c9e0:2f2e%12]:61195 [fe80::4c46:84be:c9e0:2f2e%12]:38
9 ESTABLISHED 1772
TCP [fe80::4c46:84be:c9e0:2f2e%12]:63987 [fe80::4c46:84be:c9e0:2f2e%12]:49
155 ESTABLISHED 1772
UDP 127.0.0.1:58547 *:* 1772

Looking for additional troubleshooting assistance with Windows administration issues? See more of John Savill's FAQs for Windows.