Ports Needed for OSD & TFTP Clarification
Hi All
We have the following SCCM Server configuration at our Primary Sites:
1. Site Server with DB, MP, FSP & RP Roles
2. Site System with PXE, SMP, & DP roles.
We want to use the OSD Feature of SCCM and our environment is tightly controlled by our Network Team. They need specific port and direction in which those ports whould be opened, so want to know what ports are required to be opened between
Site Server and Clients as well as Site System (with DP, PXE n SMP Roles) and the Clients.
I've prepared the following table to send to our Network Team using the Technet link--.
http://technet.microsoft.com/en-us/library/bb632618.aspx
Client -- > PXE Service Point
Description
UDP
TCP
Dynamic Host Configuration Protocol (DHCP)
67 and 68
--
Trivial File Transfer Protocol (TFTP)
69 (See Note
Trivial FTP (TFTP) Daemon)
--
Boot Information Negotiation Layer (BINL)
4011
--
Site Server < -- > PXE Service Point
Description
UDP
TCP
Server Message Block (SMB)
--
445
RPC Endpoint Mapper
135
135
RPC
--
DYNAMIC
kindly let me know in case there's any addition to be done
Also there's a note on TFTP which states the following:
Note: Trivial File Transfer Protocol is designed to
support diskless boot environments. TFTP Daemons listen on UDP port 69 but respond from a dynamically allocated high port. Therefore, enabling this port will allow the TFTP service to receive incoming TFTP requests but will not allow the selected server
to respond to those requests. Allowing the selected server to respond to inbound TFTP requests cannot be accomplished unless the TFTP server is configured to respond from port 69.
Couldn't understand the bold lines in the above note, does that mean that we need to open Dynamic Port range between PXE SP and Clients?
Regards
Taranjeet Singh
zamn
January 4th, 2011 3:14pm
Clients must also communicate with the MP and DP during OSD so you should include those sections from document also.
As for TFTP, that is correct, dynamic ports are used after the initial connection for the data transfer:
http://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol.Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys
Free Windows Admin Tool Kit Click here and download it now
January 4th, 2011 5:52pm
That means we need to include:
Client -- > Distribution Point
Description
UDP
TCP
Hypertext Transfer Protocol (HTTP)
--
80 (See note 2,
Alternate Port Available)
Secure Hypertext Transfer Protocol (HTTPS)
--
443 (See note 2,
Alternate Port Available)
Server Message Block (SMB)
--
445
Multicast Protocol
63000-64000
--
Client -- > Management Point
Description
UDP
TCP
Hypertext Transfer Protocol (HTTP)
--
80 (See note 2,
Alternate Port Available)
Secure Hypertext Transfer Protocol (HTTPS)
--
443 (See note 2,
Alternate Port Available)
Client -- > State Migration Point
Description
UDP
TCP
Hypertext Transfer Protocol (HTTP)
--
80 (See note 2,
Alternate Port Available)
Secure Hypertext Transfer Protocol (HTTPS)
--
443 (See note 2,
Alternate Port Available)
Server Message Block (SMB)
--
445
Note 2
Alternate Port Available: An alternate port can be defined within Configuration Manager for this value. If a custom port has been defined, substitute
that custom port when defining the IP filter information for IPsec policies or for configuring firewalls.
Also, the last line of the TFTP note (bold text):
Note: Trivial File Transfer Protocol is designed to
support diskless boot environments. TFTP Daemons listen on UDP port 69 but respond from a dynamically allocated high port. Therefore, enabling this port will allow the TFTP service to receive incoming TFTP requests but will not allow the selected server to
respond to those requests. Allowing the selected server to respond to inbound TFTP requests cannot be accomplished unless the TFTP server is configured to respond from port 69.
Says that we can allow the TFPT Server (PXE Server) to respond on port 69, does that mean that we can have OSD implementations in SCCM without openning Dynamic Port range. Is it a workaround
of not openning Dynamic Port range between Client and the TFPT server?
Regards
Taranjeet Singh
zamn
January 5th, 2011 8:03am
Hi,
We are alos facing similar issue with TFTP ports. Could you please confim whether Dynamic ports also required for the communication of the PXE server to the clients.-VMJ
Free Windows Admin Tool Kit Click here and download it now
August 9th, 2011 6:50am