Hi All We have the following SCCM Server configuration at our Primary Sites: 1. Site Server with DB, MP, FSP & RP Roles 2. Site System with PXE, SMP, & DP roles. We want to use the OSD Feature of SCCM and our environment is tightly controlled by our Network Team. They need specific port and direction in which those ports whould be opened, so want to know what ports are required to be opened between Site Server and Clients as well as Site System (with DP, PXE n SMP Roles) and the Clients. I've prepared the following table to send to our Network Team using the Technet link--. http://technet.microsoft.com/en-us/library/bb632618.aspx Client -- > PXE Service Point Description UDP TCP Dynamic Host Configuration Protocol (DHCP) 67 and 68 -- Trivial File Transfer Protocol (TFTP) 69 (See Note Trivial FTP (TFTP) Daemon) -- Boot Information Negotiation Layer (BINL) 4011 -- Site Server < -- > PXE Service Point Description UDP TCP Server Message Block (SMB) -- 445 RPC Endpoint Mapper 135 135 RPC -- DYNAMIC kindly let me know in case there's any addition to be done Also there's a note on TFTP which states the following: Note: Trivial File Transfer Protocol is designed to support diskless boot environments. TFTP Daemons listen on UDP port 69 but respond from a dynamically allocated high port. Therefore, enabling this port will allow the TFTP service to receive incoming TFTP requests but will not allow the selected server to respond to those requests. Allowing the selected server to respond to inbound TFTP requests cannot be accomplished unless the TFTP server is configured to respond from port 69. Couldn't understand the bold lines in the above note, does that mean that we need to open Dynamic Port range between PXE SP and Clients? Regards Taranjeet Singh zamn

Clients must also communicate with the MP and DP during OSD so you should include those sections from document also. As for TFTP, that is correct, dynamic ports are used after the initial connection for the data transfer: http://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol.Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys

That means we need to include: Client -- > Distribution Point Description UDP TCP Hypertext Transfer Protocol (HTTP) -- 80 (See note 2, Alternate Port Available) Secure Hypertext Transfer Protocol (HTTPS) -- 443 (See note 2, Alternate Port Available) Server Message Block (SMB) -- 445 Multicast Protocol 63000-64000 -- Client -- > Management Point Description UDP TCP Hypertext Transfer Protocol (HTTP) -- 80 (See note 2, Alternate Port Available) Secure Hypertext Transfer Protocol (HTTPS) -- 443 (See note 2, Alternate Port Available) Client -- > State Migration Point Description UDP TCP Hypertext Transfer Protocol (HTTP) -- 80 (See note 2, Alternate Port Available) Secure Hypertext Transfer Protocol (HTTPS) -- 443 (See note 2, Alternate Port Available) Server Message Block (SMB) -- 445 Note 2 Alternate Port Available: An alternate port can be defined within Configuration Manager for this value. If a custom port has been defined, substitute that custom port when defining the IP filter information for IPsec policies or for configuring firewalls. Also, the last line of the TFTP note (bold text): Note: Trivial File Transfer Protocol is designed to support diskless boot environments. TFTP Daemons listen on UDP port 69 but respond from a dynamically allocated high port. Therefore, enabling this port will allow the TFTP service to receive incoming TFTP requests but will not allow the selected server to respond to those requests. Allowing the selected server to respond to inbound TFTP requests cannot be accomplished unless the TFTP server is configured to respond from port 69. Says that we can allow the TFPT Server (PXE Server) to respond on port 69, does that mean that we can have OSD implementations in SCCM without openning Dynamic Port range. Is it a workaround of not openning Dynamic Port range between Client and the TFPT server? Regards Taranjeet Singh zamn

Hi, We are alos facing similar issue with TFTP ports. Could you please confim whether Dynamic ports also required for the communication of the PXE server to the clients.-VMJ