-
Title
Communication Ports for Active Roles Service and Clients -
Description
Here is a list of the required ports that need to be opened on the Active Roles, Sync Services, and Quick Connect hosts as noted below.
-
Resolution
Active Roles Ports
DNS:
- 53 TCP/UDP Inbound/Outbound
Web Interface:
- 80 (HTTP) TCP Inbound/Outbound
- 443 (if SSL is enabled) TCP Inbound/Outbound
SQL Server:
- 1433 (default SQL instance) TCP Inbound/Outbound
- 1434 (SQL Server Browser service) UDP Inbound/Outbound
Domain Controllers:
- 88 (Kerberos) TCP/UDP Inboud/Outbound
- 135 (RPC endpoint mapper) TCP Inboud/Outbound
- 139 (SMB/CIFS) TCP Inbound/Outbound
- 445 (SMB/CIFS) TCP Inbound/Outbound
- 389 (LDAP) TCP/UDP Outbound
- 3268 (Global Catalog LDAP) TCP Outbound
- 636 (LDAP SSL) TCP Outbound
- This port is required if Active Roles is configured to access the domain by using SSL.
- 3269 (Global Catalog LDAP SSL) TCP Outbound
- This port is required if Active Roles is configured to access the domain by using SSL.
A dynamically allocated TCP port for RPC communication with the Global Catalog Server. See http://support.microsoft.com/kb/224196 for instructions on how to configure Active Directory to use a predefined port number for RPC communication.
Exchange servers:
- 135 (RPC endpoint mapper) TCP Inbound/Outbound
A dynamically allocated TCP port for RPC communication with the Exchange Server (MSExchangeIS). See http://support.microsoft.com/kb/270836 for instructions on how to configure Exchange to use predefined port numbers for RPC communication.
Computer resource management:
- 139 (SMB/CIFS on the managed computers) TCP Inbound/Outbound
- 445 (SMB/CIFS on the managed computers) TCP Inbound/Outbound
Home folder provisioning/deprovisioning:
- 139 (SMB/CIFS on the servers that host home folders) TCP Inbound/Outbound
- 445 (SMB/CIFS on the servers that host home folders) TCP Inbound/Outbound
Computer restart:
- 139 (SMB/CIFS on the servers that host home folders) TCP Inbound/Outbound
- 137 (WINS) UDP Outbound
- 138 (NetBIOS datagrams) UDP Outbound
Mailbox Replication Service:
- 808 TCP, 1024-65536 on the ActiveRoles Server and Exchange Server
SMTP servers (e-mail notification feature):
- 25 (Default SMTP port) TCP Outbound
- Active Roles uses SMTP port 25 by default. The default port number can be changed in the properties of the Mail Configuration object in the Active Roles console. If Mail Configuration specifies a different port, open that port rather than port 25.
Managed AD LDS instances:
- The TCP port used for LDAP communication with the AD LDS server is configurable in the Add Managed AD LDS Instance Wizard.
Quick Connect:
- Requires the same ports as Active Roles as well as 137 - 139 NetBIOS
Quick Connect Password Capture Agent:
- Port 808 Inbound/Outbound between Quick Connect host and all Domain Controllers hosting the Capture Agent
- 7148 TCP Inbound (only if Synchronization Service is configured to synchronize user passwords from an Active Directory domain to other connected data systems)
- 15172 TCP Inbound/Outbound between Active Roles Administration Host and all Active Roles clients (Needed for Active Roles 7.X)
Synchronization Service Additional Ports:
- 15173 TCP Outbound (Only required if Synchronization Service is configured to use SSL to connect to an AD domain)
Note: Port 15173 is also needed for Password Synchronization. This port is used by the Capture Agent to talk to the Sync Service.
Synchronization Service Capture Agent:
- 7148 TCP Inbound (only if Synchronization Service is configured to synchronize user passwords from an Active Directory domain to other connected data systems)
Note: Port 7148 is used by the Sync Service to communicate with the Capture Agent.
Active Roles Collector Ports:
- 15172 TCP Inbound/Outbound (Needed to reach the Active Roles Administration Service)
- 1433 (default SQL instance) TCP Inbound/Outbound
- 1434 (SQL Server Browser service) UDP Inbound/Outbound
Communicating with Azure:
In addition to the above requirements, if an integration with an Azure Tenant is desired, the Active Roles Administration Service host must be able to resolve and access the following URLs:
https://login.microsoftonline.com/https://graph.microsoft.com/https://graph.windows.net/More detailed requirements for Office 365 connectivity are available from this Microsoft resource.Further Details On Necessary Ports:- Domain Controllers: 135 (RPC endpoint mapper) TCP Inbound/Outbound
Default Port 135 is used by Active Directory domain controllers to perform replication. This is a requirement of the ADDC for Directory level replication (if more than one DC exist for the domain) so that all the DC should have same data.
By default, Active Directory replication remote procedure calls (RPC) occur dynamically over an available port through the RPC Endpoint Mapper (RPCSS) by using port 135.
If you want to use a specific port number (rather than default port 135), then the following statement holds good:
A dynamically allocated TCP port for RPC communication with the Global Catalog Server. See http://support.microsoft.com/kb/224196 for instructions on how to configure Active Directory to use a predefined port number for RPC communication .
- 139 (SMB/CIFS on the managed computers) TCP Inbound/Outbound
- 445 (SMB/CIFS on the managed computers) TCP Inbound/Outbound
SMB ports:
SMB ports are mainly used to manage Computer, computer resources (like printer) and Home folder through ARS, SMB is an application-layer network protocol primarily used for offering shared access to files, printers, serial ports, and other sorts of communications between nodes on a network.
CIFS ports:
Common Internet File Service (CIFS) is the successor to the server message block (SMB) protocol. CIFS uses UDP ports 137 and 138, and TCP ports 139 and 445.
Storage system sends and receives data on these ports while providing CIFS service.
If the storage system is a member of an Active Directory domain, then storage system must also make outbound connections destined for DNS and Kerberos.
CIFS over IPv6 uses only port 445.
Ports 137, 138, and 139 are used by NetBIOS, which does not support IPv6.
CIFS is required for Windows file service.
Home folder provisioning/deprovisioning:
- 139 (SMB/CIFS on the servers that host home folders) TCP Inbound/Outbound
- 445 (SMB/CIFS on the servers that host home folders) TCP Inbound/Outbound
Computer restart:
- 139 (SMB/CIFS on the servers that host home folders) TCP Inbound/Outbound
- 137 (WINS) UDP Outbound
- 138 (NetBIOS datagrams) UDP Outbound
-
Additional Information
In some instances, it will be necessary to open UDP Port 1434 for SQL server. Common Use: Microsoft SQL Monitor use in monitoring Microsoft SQL Databases.
The ActiveRoles Administration Service from versions prior to Active Roles 7.0 uses Distributed COM (DCOM) to process client connections and requests. Port 135 is used by these Administration Service clients to locate the Administration Service, and then a second connection in an range of ports is negotiated. By default, any available port in the 1024-65535 range will be used. All requests from Administration Service clients, such as the Active Roles Console or ADSI Provider, will need to use these port. Note that the port range can be restricted. For more information on this option, please see this Microsoft resource.
Starting with Active Roles 7.0, only bi-directional connectivity on port 15172 is required between the Active Roles Administration Service and any Active Roles Client.