Firewall on Servers

Windows Firewall: DNS server

Add UDP port 53 and TCP ports 53, 139, and 445 to the Windows Firewall exceptions list.

Windows Firewall: DHCP server

Add UDP ports 67 and 2535 to the Windows Firewall exceptions list on the DHCP server.
Important:
When you create a Windows Firewall exception for the DHCP protocol on a DHCP server, you must set the scope for the exception to Any computer including those on the Internet. If you leave it set to My network (subnet) only, all inbound DHCP Discover packets from client computers are dropped because the IP address of the packet is 0.0.0.0, which is not recognized by the computer as being part of the local subnet. This causes the DHCP process to fail and clients do not receive IP addresses.

Windows Firewall: File server

Enable the File and Printer Sharing exception in Windows Firewall.

Windows Firewall: Print server

Enable the File and Printer Sharing exception in Windows Firewall.

Windows Firewall: Remote access/VPN server

Turn off Windows Firewall. Stop the Windows Firewall/Internet Connection Sharing (ICS) service.

Windows Firewall: Remote installation server

Add TCP ports 139 and 445 to the Windows Firewall exceptions list.
Add UDP ports 67, 69, and 4011 to the Windows Firewall exceptions list.

Windows Firewall: FTP server

Add the port used for incoming FTP traffic to the Windows Firewall exceptions list. This is usually TCP port 21.

Windows Firewall: SMTP server

Add the port used for incoming SMTP traffic to the Windows Firewall exceptions list. This is usually TCP port 25.
For Secure Sockets Layer (SSL) requests, add TCP port 465 to the Windows Firewall exceptions list.

Windows Firewall: Telnet server

Add TCP port 23 to the Windows Firewall exceptions list.

Windows Firewall: Terminal server

Enable the Remote Desktop exception in Windows Firewall.
If Terminal Server and Terminal Server Licensing are running on separate computers, add TCP port 135 to the Windows Firewall exceptions list.

Windows Firewall: SNMP server

Add UDP port 161 to the Windows Firewall exceptions list.

Windows Firewall: Web server

Add the ports used for incoming HTTP and HTTPS traffic to the Windows Firewall exceptions list. These are usually TCP port 80 and TCP port 443, respectively.

Troubleshootings

Dnscmd.exe: (DNS Server Troubleshooting Tool)

Example 1: Display a complete list of zones on a DNS server

To see a complete list of zones on your DNS server, type:
dnscmd reskit.com /enumzones

Example 2: Display the RecursionTimeout setting from a DNS server

To display the RecursionTimeout setting from a DNS server, type:
dnscmd reskit.com /info recursiontimeout

Example 3: Delete a zone from a DNS server

To delete the test.reskit.com zone from a server, type:
dnscmd reskit.com /zonedelete test.reskit.com

Example 4: Export zone resource records list to a file

To export the resource record list from the test.reskit.com zone on the reskit.com DNS server, type:
dnscmd reskit.com /zoneexport test.reskit.com test.reskit.com.dns

Example 5: Display RefreshInterval setting from the registry

To display the values in the RefreshInterval entry in the registry, type:
dnscmd reskit.com /zoneinfo test.reskit.com refreshinterval