Hopefully the description nails this one. My hardware firewall is fine,mailmoves freely in and out of the network as it should. On my internal network, I am using Exchange 2007 onour mailserver, with hub transport running on it. I am not using an edge server. TheWindows Firewall software on the server has some ports open: Port 25 Port 80 Port 135 Port 443 When I try to connect to the mail server with Outlook 2007 from a PC on the network, I get this message: "Microsoft Office Outlook There is a problem with the proxy server's security certificate. The security certificate is not from a trusted certifying authority. Outlook is unable to connect to the proxy server <our mail server>. (Error Code 8)." *Also, I get this message* "Microsoft Office Outlook Cannot Start Microsoft Office Outlook. Cannot open the Outlook window. The set of folders cannot be opened. MIcrosoft Exchange is not available. Either there are network problems or the Exchange computer is down for maintenance." Now, When I turn off theWindows Firewall software on the server, my connection problems to the mail server from Outlook 2007on the local network go away, there are no error messages and everything is hunky dory! My question is, which ports am I missing in my list above that I need to open up to allow access to Outlook 2007 on the network?

You're missing ports. Outlook uses RPC to connect to Exchange, its mostly to Information Store service youcan use Security configuration wizard to configure windows Firewall on an Exchange server

I know I'm missing some ports... that's why it works when the firewall is down and doesn't when it's up! I'd like to stay away from Security configuration wizard if possible. Is there no way to get a list of the ports I need to open without using the Security configuration wizard?

Since its RPC it not a fixed port, it varies. if you have roles spread out on different servers they communicate with each other and uses mostly RPC aswell. If you configure windows firewall manually I would let users connecto to 'store.exe' for starters. outlook also communicates with DC/GC and it must also be allowed in the firewall. This is LDAP RPC etc. I would take a look at security configuration wizard, it will help you a lot.