Here is a list of the required ports that need to be opened on the Active Roles, Sync Services, and Quick Connect hosts as noted below.
Active Roles Ports
DNS:
Web Interface:
SQL Server:
Domain Controllers:
A dynamically allocated TCP port for RPC communication with the Global Catalog Server. See http://support.microsoft.com/kb/224196 for instructions on how to configure Active Directory to use a predefined port number for RPC communication.
Exchange servers:
A dynamically allocated TCP port for RPC communication with the Exchange Server (MSExchangeIS).
Computer resource management:
Home folder provisioning/deprovisioning:
Computer restart:
Mailbox Replication Service:
SMTP servers (e-mail notification feature):
Managed AD LDS instances:
Quick Connect:
Quick Connect Password Capture Agent:
Starling Connect Notifications Pane Ports:
Synchronization Service Additional Ports:
Note: Port 15173 is also needed for Password Synchronization. This port is used by the Capture Agent to talk to the Sync Service.
Synchronization Service Capture Agent:
Note: Port 7148 is used by the Sync Service to communicate with the Capture Agent.
Active Roles Collector Ports:
Communicating with Azure:
In addition to the above requirements, if an integration with an Azure Tenant is desired, the Active Roles Administration Service host must be able to resolve and access the following URLs:
Default Port 135 is used by Active Directory domain controllers to perform replication. This is a requirement of the ADDC for Directory level replication (if more than one DC exist for the domain) so that all the DC should have same data.
By default, Active Directory replication remote procedure calls (RPC) occur dynamically over an available port through the RPC Endpoint Mapper (RPCSS) by using port 135.
If you want to use a specific port number (rather than default port 135), then the following statement holds good:
A dynamically allocated TCP port for RPC communication with the Global Catalog Server. See http://support.microsoft.com/kb/224196 for instructions on how to configure Active Directory to use a predefined port number for RPC communication .
SMB ports:
SMB ports are mainly used to manage Computer, computer resources (like printer) and Home folder through ARS, SMB is an application-layer network protocol primarily used for offering shared access to files, printers, serial ports, and other sorts of communications between nodes on a network.
CIFS ports:
Common Internet File Service (CIFS) is the successor to the server message block (SMB) protocol. CIFS uses UDP ports 137 and 138, and TCP ports 139 and 445.
Storage system sends and receives data on these ports while providing CIFS service.
If the storage system is a member of an Active Directory domain, then storage system must also make outbound connections destined for DNS and Kerberos.
CIFS over IPv6 uses only port 445.
Ports 137, 138, and 139 are used by NetBIOS, which does not support IPv6.
CIFS is required for Windows file service.
Home folder provisioning/deprovisioning:
Computer restart:
In some instances, it will be necessary to open UDP Port 1434 for SQL server. Common Use: Microsoft SQL Monitor use in monitoring Microsoft SQL Databases.
The ActiveRoles Administration Service from versions prior to Active Roles 7.0 uses Distributed COM (DCOM) to process client connections and requests. Port 135 is used by these Administration Service clients to locate the Administration Service, and then a second connection in an range of ports is negotiated. By default, any available port in the 1024-65535 range will be used. All requests from Administration Service clients, such as the Active Roles Console or ADSI Provider, will need to use these port. Note that the port range can be restricted. For more information on this option, please see this Microsoft resource.
Starting with Active Roles 7.0, only bi-directional connectivity on port 15172 is required between the Active Roles Administration Service and any Active Roles Client.
© 2019 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy