Hi We are running Exchange 2003 SP2 and Outlook 2003 SP2. One of our new sites will be a standalone site with its own AD forest, Exchange etc. One of the requirements (don't ask) is that the servers (in this case, the relevant ones are DC's and Exchange) are segmented from the client network by firewalls. So I need to provide a list of ports that Outlook speaks to Exchange and AD on, so that we can open them up. I thought this would be fairly straightforward to search on Technet but obviously not, does anyone have any handy links or know the answer? We don't want to use static ports, they will all have to be dynamic (as per default).

Hi , Here is the complete list of Ports for Exchange 2003. Protocol: LDAP Port (TCP/UDP): 389 (TCP) Description: Lightweight Directory Access Protocol (LDAP), used by Active Directory, Active Directory Connector, and the Microsoft Exchange Server 5.5 directory. Protocol: LDAP/SSL Port (TCP/UDP): 636 (TCP) Description: LDAP over Secure Sockets Layer (SSL). When SSL is enabled, LDAP data that is transmitted and received is encrypted. To enable SSL, you must install a Computer certificate on the domain controller or Exchange Server 5.5 computer. Protocol: LDAP Port (TCP/UDP): 379 (TCP) Description: The Site Replication Service (SRS) uses TCP port 379. Protocol: LDAP Port (TCP/UDP): 390 (TCP) Description: While not a standard LDAP port, TCP port 390 is the recommended alternate port to configure the Exchange Server 5.5 LDAP protocol when Exchange Server 5.5 is running on a Microsoft Windows 2000 Active Directory domain controller. Protocol: LDAP Port (TCP/UDP): 3268 (TCP) Description: Global catalog. The Windows 2000 Active Directory global catalog (which is really a domain controller "role") listens on TCP port 3268. When you are troubleshooting issues that may be related to a global catalog, connect to port 3268 in LDP. Protocol: LDAP/SSL Port (TCP/UDP): 3269 (TCP) Description: Global catalog over SSL. Applications that connect to TCP port 3269 of a global catalog server can transmit and receive SSL encrypted data. To configure a global catalog to support SSL, you must install a Computer certificate on the global catalog. Protocol: IMAP4 Port (TCP/UDP): 143 (TCP) Description: Internet Message Access Protocol version 4, may be used by "standards-based" clients such as Microsoft Outlook Express or Netscape Communicator to access the e-mail server. IMAP4 runs on top of the Microsoft Internet Information Service (IIS) Admin Service (Inetinfo.exe), and enables client access to the Exchange 2000 information store. Protocol: IMAP4/SSL Port (TCP/UDP): 993 (TCP) Description: IMAP4 over SSL uses TCP port 993. Before an Exchange 2000 server supports IMAP4 (or any other protocol) over SSL, you must install a Computer certificate on the Exchange 2000 server. Protocol: POP3 Port (TCP/UDP): 110 (TCP) Description: Post Office Protocol version 3, enables "standards-based" clients such as Outlook Express or Netscape Communicator to access the e-mail server. As with IMAP4, POP3 runs on top of the IIS Admin Service, and enables client access to the Exchange 2000 information store. Protocol: POP3/SSL Port (TCP/UDP): 995 (TCP) Description: POP3 over SSL. To enable POP3 over SSL, you must install a Computer certificate on the Exchange 2000 server. Protocol: NNTP Port (TCP/UDP): 119 (TCP) Description: Network News Transport Protocol, sometimes called Usenet protocol, enables "standards-based" client access to public folders in the information store. As with IMAP4 and POP3, NNTP is dependent on the IIS Admin Service. Protocol: NNTP/SSL Port (TCP/UDP): 563 (TCP) Description: NNTP over SSL. To enable NNTP over SSL, you must install a Computer certificate on the Exchange 2000 Server. Protocol: HTTP Port (TCP/UDP): 80 (TCP) Description: Hyper-Text Transfer Protocol is the protocol used primarily by Microsoft Outlook Web Access (OWA), but also enables some administrative actions in Exchange System Manager. HTTP is implemented through the World Wide Web Publishing Service (W3Svc), and runs on top of the IIS Admin Service. Protocol: HTTP/SSL Port (TCP/UDP): 443 (TCP) Description: HTTP over SSL. To enable HTTP over SSL, you must install a Computer certificate on the Exchange 2000 server. Protocol: SMTP Port (TCP/UDP): 25 (TCP) Description: Simple Mail Transfer Protocol, is the foundation for all e-mail transport in Exchange 2000. The SMTP Service (SMTPSvc) runs on top of the IIS Admin Service. Unlike IMAP4, POP3, NNTP, and HTTP, SMTP in Exchange 2000 does not use a separate port for secure communication (SSL), but rather, employs an "in-band security sub-system" called Transport Layer Security (TLS). Protocol: SMTP/SSL Port (TCP/UDP): 465 (TCP) Description: SMTP over SSL. TCP port 465 is reserved by common industry practice for secure SMTP communication using the SSL protocol. However, unlike IMAP4, POP3, NNTP, and HTTP, SMTP in Exchange 2000 does not use a separate port for secure communication (SSL), but rather, employs an "in-band security sub-system" called Transport Layer Security (TLS). To enable TLS to work on Exchange 2000, you must install a Computer certificate on the Exchange 2000 server. Protocol: SMTP/LSA Port (TCP/UDP): 691 (TCP) Description: The Microsoft Exchange Routing Engine (also known as RESvc) listens for routing link state information on TCP port 691. Exchange 2000 uses routing link state information to route messages and the routing table is constantly updated. The Link State Algorithm (LSA) propagates outing status information between Exchange 2000 servers. This algorithm is based on the Open Shortest Path First (OSPF) protocol from networking technology, and transfers link state information between routing groups by using the X-LSA-2 command verb over SMTP and by using a Transmission Control Protocol (TCP) connection to port 691 in a routing group. Protocol: RVP Port (TCP/UDP): 80 (TCP) Description: RVP is the foundation for Instant Messaging in Exchange 2000. While RVP communication begins with TCP port 80, the server quickly sets up a new connection to the client on an ephemeral TCP port above 1024. Because this port is not known in advance, issues exist when you enable Instant Messaging through a firewall. Protocol: IRC/IRCX Port (TCP/UDP): 6667 (TCP) Description: Internet Relay Chat (IRC) is the chat protocol. IRCX is the extended version offered by Microsoft. While TCP port 6667 is the most common port for IRC, TCP port 7000 is also very frequently used. Protocol: IRC/SSL Port (TCP/UDP): 994 (TCP) Description: IRC (or Chat) over SSL. IRC or IRCX over SSL is not supported in Exchange 2000. Protocol: X.400 Port (TCP/UDP): 102 (TCP) Description: ITU-T Recommendation X.400 is really a series of recommendations for what an electronic message handling system (MHS) should look like. TCP port 102 is defined in IETF RFC-1006, which describes OSI communications over a TCP/IP network. In brief, TCP port 102 is the port that the Exchange message transfer agent (MTA) uses to communicate with other X.400-capable MTAs. I hope this will helpful for you. Regards. Shafaquat Ali.M.C.I.T.P Exchange 2007/2010, M.C.I.T.P Windows Server 2008, M.C.T.S OCS Server 2007 R2

You need to do static port mappings for MAPI. 1) Outlook connects to Exchange on tcp port 135 (RPC Endpoint Mapper). 2) The RPC End Point Mapper returns two tcp ports back on which the communication is to proceed. These tcp ports are randomly chosen between > 1023 and < 65536. That's the normal way without static port mappings. Exchange Server static port mappings http://support.microsoft.com/kb/270836 With Exchange 2010, btw, the port ranges have been narrowed down Configuring Static RPC Ports on an Exchange 2010 Client Access Server http://social.technet.microsoft.com/wiki/contents/articles/configuring-static-rpc-ports-on-an-exchange-2010-client-access-server.aspx MCTS: Messaging | MCSE: S+M | Small Business Specialist

The simple option would be to get a commercial SSL certificate and configure RPC over HTTPS. Then you only need one port open - 443, rather than turning the firewall in to swiss cheese. The amount of holes and configure changes required to Exchange and the firewall would basically make the firewall an expensive box doing very little. Simon.Simon Butler, Exchange MVP http://blog.sembee.co.uk http://exbpa.com/

Hi Pancamo, Remote Procedure Call (RPC) dynamic port allocation is used by Exchange server. When a Outlook /MAPI clients connect to exchange server, RPC dynamic port allocation will instruct the outlook clients to use a particular random port above 1024. So we do not know which ports will be used. There are two ways to resolve this problem: Method 1. Windows Server Security Configuration Wizard (Recommended) ========================== 1. Go to Control Panel-> Add or remove programs->Add\Remove Windows Components. Install the Security Configuration Wizard 2. Click Start button->All Programs->Administrative Tools-> Security Configuration Wizard to start it. 3. Click Next, In “Select the action you want to perform:” select Create a new security policy. 3. Click Next, when you reach the “Select Server Roles” screen, select the Exchange 2003 back-end server. If Exchange 2003 front-end serer is using, also select it. 4. Click Next, when you reach the “Select Administration an other Options” screen, select the following items: Exchange 2003 IMAP3 server Exchange 2003 NNTP server Exchange 2003 POP3 server Exchange event service Exchange MTA Exchange Site Replication Service Global catalog Note: You do not need to uncheck the default selected items. 5. Click Next, until you reach the “Handing unspecified Services”, select “Do not change the startup mode of the service”. 6. Click Next until “Security Policy File Name” screen, in “Security policy file name” section, type in the name of the security policy file. 7. Click Next, click Apply now. Method 2. Statically map the ports. ========================== More information, please refer the following link: Exchange Server static port mappings http://support.microsoft.com/default.aspx/kb/270836?p=1 How to configure RPC dynamic port allocation to work with firewalls http://support.microsoft.com/kb/154596/