Merge pull request #94253 from Nickomang/smbportupdate

Revert "updated SMB port requirements"

Author: PRMerger7

articles/service-fabric/service-fabric-cluster-standalone-deployment-preparation.md

@@ -98,8 +98,9 @@ When a cluster administrator configures a Service Fabric standalone cluster, the
    * Have Service Fabric runtime uninstalled 
    * Have the Windows Firewall service (mpssvc) enabled
    * Have the Remote Registry Service (remote registry) enabled
+   * Have file sharing (SMB) enabled
    * Have necessary ports opened, based on cluster configuration ports
-   * Have necessary ports opened for Remote Registry service: 135, 137, 138, and 139
+   * Have necessary ports opened for Windows SMB and Remote Registry service: 135, 137, 138, 139, and 445
    * Have network connectivity to one another
 3. None of the cluster node machines should be a Domain Controller.
 4. If the cluster to be deployed is a secure cluster, validate the necessary security prerequisites are in place, and are configured correctly against the configuration.

articles/service-fabric/service-fabric-tutorial-create-vnet-and-windows-cluster.md

@@ -107,6 +107,7 @@ The following inbound traffic rules are enabled in the **Microsoft.Network/netwo
 
 * ClientConnectionEndpoint (TCP): 19000
 * HttpGatewayEndpoint (HTTP/TCP): 19080
+* SMB: 445
 * Internodecommunication: 1025, 1026, 1027
 * Ephemeral port range: 49152 to 65534 (need a minimum of 256 ports).
 * Ports for application use: 80 and 443

articles/service-fabric/service-fabric-tutorial-scale-cluster.md

@@ -382,6 +382,20 @@ In the *template.json* file, add new network security group and virtual machine
     },
     "properties": {
         "securityRules": [
+            {
+                "name": "allowSvcFabSMB",
+                "properties": {
+                    "access": "Allow",
+                    "destinationAddressPrefix": "*",
+                    "destinationPortRange": "445",
+                    "direction": "Inbound",
+                    "priority": 3950,
+                    "protocol": "*",
+                    "sourceAddressPrefix": "VirtualNetwork",
+                    "sourcePortRange": "*",
+                    "description": "allow SMB traffic within the net, used by fabric to move packages around"
+                }
+            },
             {
                 "name": "allowSvcFabCluser",
                 "properties": {

articles/service-fabric/service-fabric-tutorial-standalone-azure-create-infrastructure.md

@@ -85,12 +85,18 @@ Launch two more **Virtual Machines**, being sure to maintain the same settings o
 
 4. Open the RDP file, and when prompted enter the username and password you provided in the VM setup.
 
-5. Once you are connected to an instance, you need to validate that remote registry was running and open the requisite ports.
+5. Once you are connected to an instance, you need to validate that remote registry was running, enable SMB, and open the requisite ports for SMB and remote registry.
+
+   To enable SMB, this is the PowerShell command:
+
+   ```powershell
+   netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
+   ```
 
 6. To open the ports in the firewall here is the PowerShell command:
 
    ```powershell
-   New-NetFirewallRule -DisplayName "Service Fabric Ports" -Direction Inbound -Action Allow -RemoteAddress LocalSubnet -Protocol TCP -LocalPort 135, 137-139
+   New-NetFirewallRule -DisplayName "Service Fabric Ports" -Direction Inbound -Action Allow -RemoteAddress LocalSubnet -Protocol TCP -LocalPort 135, 137-139, 445
    ```
 
 7. Repeat this process for your other instances, again noting the private IP addresses.
@@ -107,6 +113,15 @@ Launch two more **Virtual Machines**, being sure to maintain the same settings o
 
    If your output looks like `Reply from 172.31.20.163: bytes=32 time<1ms TTL=128` repeated four times then your connection between the instances is working.
 
+3. Now validate that your SMB sharing works with the following command:
+
+   ```
+   net use * \\172.31.20.163\c$
+   ```
+
+   It should return `Drive Z: is now connected to \\172.31.20.163\c$.` as the output.
+
+
    Now your instances are properly prepared for Service Fabric.
 
 ## Next steps

articles/service-fabric/service-fabric-tutorial-standalone-create-infrastructure.md

@@ -77,7 +77,7 @@ Service Fabric requires a number of ports open between the hosts in your cluster
 
 To avoid opening these ports to the world, you instead open them only for hosts in the same security group. Take note of the security group ID, in the example it's **sg-c4fb1eba**.  Then select **Edit**.
 
-Next, add four rules to the security group for service dependencies, and then three more for Service Fabric itself. The first rule is to allow ICMP traffic, for basic connectivity checks. The others rules open the required ports to enable Remote Registry.
+Next, add four rules to the security group for service dependencies, and then three more for Service Fabric itself. The first rule is to allow ICMP traffic, for basic connectivity checks. The others rules open the required ports to enable SMB and Remote Registry.
 
 For the first rule select **Add Rule**, then from the dropdown menu selects **All ICMP - IPv4**. Select the entry box next to custom and enter your security group ID from above.
 
@@ -113,18 +113,30 @@ To validate that basic connectivity works, use the ping command.
 ping 172.31.20.163
 ```
 
-If your output looks like `Reply from 172.31.20.163: bytes=32 time<1ms TTL=128` repeated four times then your connection between the instances is working.  
+If your output looks like `Reply from 172.31.20.163: bytes=32 time<1ms TTL=128` repeated four times then your connection between the instances is working.  Now validate that your SMB sharing works with the following command:
+
+```
+net use * \\172.31.20.163\c$
+```
+
+It should return `Drive Z: is now connected to \\172.31.20.163\c$.` as the output.
 
 ## Prep instances for Service Fabric
 
-If you were creating this from scratch, you'd need to take a couple extra steps.  Namely, you'd need to validate that remote registry was running and open the requisite ports.
+If you were creating this from scratch, you'd need to take a couple extra steps.  Namely, you'd need to validate that remote registry was running, enable SMB, and open the requisite ports for SMB and remote registry.
 
 To make it easier you embedded all of this work when you bootstrapped the instances with your user data script.
 
+To enable SMB, this is the PowerShell command you used:
+
+```powershell
+netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
+```
+
 To open the ports in the firewall here is the PowerShell command:
 
 ```powershell
-New-NetFirewallRule -DisplayName "Service Fabric Ports" -Direction Inbound -Action Allow -RemoteAddress LocalSubnet -Protocol TCP -LocalPort 135, 137-139
+New-NetFirewallRule -DisplayName "Service Fabric Ports" -Direction Inbound -Action Allow -RemoteAddress LocalSubnet -Protocol TCP -LocalPort 135, 137-139, 445
 ```
 
 ## Next steps