English

How To: Restrict the range of DCOM ports used with ArcGIS Server on Solaris and Linux

Summary

Some of the ArcGIS Server processes run on specific ports, such as RPCSS process on port 135, while the underlying DCOM layer uses a random range of ports for DCOM communication. However, in a configuration that uses firewalls, it may be desirable to restrict this range to a pre-defined set of ports. Instructions provided describe the steps to enforce this restriction.

Warning:
It is important to note that ESRI does not recommend or support firewalls or NAT devices between ArcGIS Server DCOM components. ESRI can provide only limited assistance with firewall and NAT issues encountered with ArcGIS Server.


Note:
The steps below require ArcGIS Server to be restarted.


Note:
At the ArcGIS 9.2 release, the ArcGIS Server Manager port information page does not display the range of DCOM ports that is set using the procedure explained in this document.

Procedure

  1. While the ArcGIS Server is running, open a terminal as the owner of the ArcGIS Server install.
  2. Set the environment variable DISPLAY to an appropriate value.
  3. If using .sh or .bash:

    Code:
    # source $AGSHOME/servercore/.Server/init_server.sh


    If using .csh or .tcsh:

    Code:
    # source $AGSHOME/servercore/.Server/init_server.csh


    Note:
    $AGSHOME refers to the ArcGIS Server installation directory.

  4. Run the command dcomcnfg to open the DCOM configuration utility.

    Code:
    # dcomcnfg


    Note:
    It may take a few minutes to launch the DCOM configuration utility.

  5. Click on the Properties for COM Network Services tab.
  6. Click Add and specify a port or range of ports that DCOM should use. Click OK.
    An example of a range of ports or a port is as follows: 1100-1200 or 1339

    Note:
    Using commas or any other delimiter is not currently supported.


    Warning:
    The port values listed in the example above are random and should not be treated as a recommendation.

    Use a port value or range of port values above 1024 and below 65535. If one or more ports specified in dcomcnfg is already in use, ArcGIS Server uses the next available port in that range.

    If all the ports in the configured range are used, the remote client/server method calls on that process fails.
  7. Repeat Step 6 to add additional ports or a range of ports.
  8. Click Apply and OK to accept the changes.
  9. Open a new terminal as the owner of the ArcGIS Server install.
  10. Run the script "$AGSHOME/scripts/stopserver" to shutdown the server.
  11. Run the script "$AGSHOME/scripts/startserver" to start the server.
  12. If using a distributed install of ArcGIS Server, repeat Steps 1 through 11 for each machine containing a ArcGIS Server SOM and/or SOC component.

Related Information