Hi all,
according to Planning and Deployment guide, ephemeral ports are required for building domain cache (on top of 135/137/138/139/445/389) which we have trouble explaining to our customers who are upgrading from ESM to CCS.
Internally we have tested data collection (building domain cache) with ephemeral ports closed between CCS Manager and Domain Controller and we did not notice any difference between those ports being opened or closed - data was collected and cache was built. During packet capture we noticed CCS Manager querying Domain Controller on high port 49xxx but the outcome was no different.
Are there some specific cases when CCS Manager needs those ephemeral ports opened? What would be the risk if we keep them closed?
Thanks.