<Quote>
Outlook will send a request from a high port on the local machine to
port 135 on the Exchange server. The Exchange server will listen on
Port 135 and respond on some high port.
TCP/IP communication........
Also note it is a new TCP communication, when the server contacts the client on the high numbered port. This means that a stateful firewall will not allow that traffic back in. So to reiterate, you need to modify the registry to tell exchange to use a specific port for that return communication. There is a Technote available.
The following is not directly applicable but it may help you.
How to enable communication from a Windows OS Active Directory Client to the Active Directory Server across a firewall
The following ports will be used for outbound communication from the client to the server. This assumes that a stateful firewall is being used to allow inbound communication from the server.
- DNS will be using TCP and UDP port 53
- Network Time Protocol (NTP) if required uses TCP port 123
- Microsoft’s implementation of Kerberos will be using TCP and UDP port 88 (Note this may be non-standard compared to the MIT Kerberos implementation)
- The EndpointMapper for RPC services will use TCP port 135
- LDAP will use TCP port 389 and Microsoft uses an LDAP “ping” on UDP port 389
- Server Messaging Block services (SMB, SAMBA) will use TCP port 445
- Global Catalog services use TCP port 3268 – this should be necessary when logging into forests with more than one domain
- The last port is used for Active
Directory Logon and replication. Normally this is a dynamic port. For security
reasons this should be configured to use a static port, so that the firewall
rules can be specific. To configure this open the registry on each Domain
controller that needs to be contacted through the firewall. Navigate to
the following Key – HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
Add a new value with the following properties:
- Value Name: “TCP/IP Port”
- Data Type: “REG_DWORD”
- Radix: “Decimal”
- Value: some number between 1025 and 65534, we will standardize on “1025”
Additional configuration will be needed for specific application access and use, such as Exchange
Jim Katoe
Mindshare
Directory Services Manager
MCSE,MCSA,PCLP,CCNA,CCDA,CNA
Worldwide IT Infrastructure Team
825 8th Avenue, NY, NY 10019email: [EMAIL PROTECTED]
Office: 646.756.4587
Fax: 646.756.5951
<[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]01/09/2003 11:46 AM
Please respond to ActiveDir
To: <[EMAIL PROTECTED]>
cc:
Subject: RE: [ActiveDir] Protocols Required
Outlook will send a request from a high port on the local machine to
port 135 on the Exchange server. The Exchange server will listen on
Port 135 and respond on some high port.
TCP/IP communication........
-----Original Message-----
From: Roger Seielstad [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 09, 2003 11:35 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Protocols Required
You don't seem to be listening.
The RPC endpoint mapper, which is what runs on port 135, is an initial
connection point for ALL RPC traffic. That's the port used to negotiate
the actual connections. All MAPI connections are RPC. What do you think
the answer is?
------------------------------------------------------
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA
> -----Original Message-----
> From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 09, 2003 9:46 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: [ActiveDir] Protocols Required
>
>
> Right, so does outlook still communicate over port 135 to
> change the server
>
> -----Original Message-----
> From: Carey, Greg [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 09, 2003 9:34 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] Protocols Required
>
> With the caveat that the old mail store remains up until the client
> connects.
>
> -----Original Message-----
> From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 09, 2003 9:28 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: [ActiveDir] Protocols Required
>
>
> When you move a mailbox to another server, Outlook will
> automatically change
> the server defined in the local profile.
>
> -----Original Message-----
> From: Rick Kingslan [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 09, 2003 9:25 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] Protocols Required
>
> Justin,
>
> I'm not sure what you mean by 'reconfiguring the server in the local
> profile'? The requirement *is* to communicate over port 135. Outlook
> cannot just arbitrarilly decide to communicate over another port to
> support this - hence it cannot automatically reconfigure itself.
>
> Rick Kingslan MCSE, MCSA, MCT
> Microsoft MVP - Active Directory
> Associate Expert
> Expert Zone - www.microsoft.com/windowsxp/expertzone
>
>
>
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]] On Behalf Of
> > Salandra, Justin A.
> > Sent: Thursday, January 09, 2003 8:00 AM
> > To: '[EMAIL PROTECTED]'
> > Subject: RE: [ActiveDir] Protocols Required
> >
> >
> > What would prevent Mapi Outlook clients from automatically
> > reconfiguring the server in the local profile?
> >
> > Justin A. Salandra, MCSE
> > Senior Network Engineer
> > Catholic Healthcare System
> > 914.681.8117 office
> > 646.483.3325 cell
> > [EMAIL PROTECTED]
> >
> >
> > -----Original Message-----
> > From: Roger Seielstad [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, January 09, 2003 9:01 AM
> > To: '[EMAIL PROTECTED]'
> > Subject: RE: [ActiveDir] Protocols Required
> >
> > No. Something needs to point it to the correct ports.
> >
> > ------------------------------------------------------
> > Roger D. Seielstad - MCSE
> > Sr. Systems Administrator
> > Inovis - Formerly Harbinger and Extricity
> > Atlanta, GA
> >
> >
> > > -----Original Message-----
> > > From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, January 08, 2003 3:26 PM
> > > To: '[EMAIL PROTECTED]'
> > > Subject: RE: [ActiveDir] Protocols Required
> > >
> > >
> > > Would Outlook 2000 still function if port 135 is bocked? Meaning
> > > that the user can still use outlook for outlook will never
> > > automatically reconfigure
> > > itself?
> > >
> > > -----Original Message-----
> > > From: Roger Seielstad [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, January 08, 2003 3:25 PM
> > > To: '[EMAIL PROTECTED]'
> > > Subject: RE: [ActiveDir] Protocols Required
> > >
> > > Needs RPC end point mapper (135) and then the ports for DS and IS.
> > > Seeing as those default to being randomly assigned, you're in
> > > trouble.
> > >
> > > Read the FAQ on how to assign static ports to the services.
> > >
> > > ------------------------------------------------------
> > > Roger D. Seielstad - MCSE
> > > Sr. Systems Administrator
> > > Inovis - Formerly Harbinger and Extricity
> > > Atlanta, GA
> > >
> > >
> > > > -----Original Message-----
> > > > From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]]
> > > > Sent: Wednesday, January 08, 2003 3:18 PM
> > > > To: '[EMAIL PROTECTED]'
> > > > Subject: RE: [ActiveDir] Protocols Required
> > > >
> > > >
> > > > Sorry, I need to know about outlook 2000 and exchange 5.5
> > > > communications
> > > >
> > > > -----Original Message-----
> > > > From: Weston Rogers [mailto:[EMAIL PROTECTED]]
> > > > Sent: Wednesday, January 08, 2003 3:08 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: RE: [ActiveDir] Protocols Required
> > > >
> > > > Maybe this will help?
> > > >
> > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;278339
> > > >
> > > > -----Original Message-----
> > > > From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]]
> > > > Sent: Wednesday, January 08, 2003 2:49 PM
> > > > To: ActiveDir (E-mail)
> > > > Subject: [ActiveDir] Protocols Required
> > > > Importance: High
> > > >
> > > >
> > > > Hello everyone,
> > > >
> > > > I really need some help on this subject.
> > > >
> > > > Does everyone here know that when you move a mailbox in
> > exchange to
> > > > another mailbox in the same organization the outlook
> 2000 client
> > > > automatically reconfigures the mail server setting on the
> > profile to
> > > > allow the client to contact the correct mail server where
> > > that mailbox
> > > > now resides. My question is what are the protocols needed by
> > > > the client in order for that to occur and the ports associated
> with them. I
> > > > believe it is NetBIOS Broadcast calls and RPC but I am not
> > > sure. Also
> > > > what protocols and ports are needed in order to have proper
> > > > communication between client and server when it comes to
> > exchange.
> > > > Thanks for your help.
> > > >
> > > >
> > > >
> > > > Justin A. Salandra, MCSE
> > > > Senior Network Engineer
> > > > Catholic Healthcare System
> > > > 914.681.8117 office
> > > > 646.483.3325 cell
> > > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> > > >
> > > > List info : http://www.activedir.org/mail_list.htm
> > > > List FAQ : http://www.activedir.org/list_faq.htm
> > > > List archive:
> > > > http://www.mail-archive.com/activedir%40mail.activedir.org/
> > > > List info : http://www.activedir.org/mail_list.htm
> > > > List FAQ : http://www.activedir.org/list_faq.htm
> > > > List archive:
> > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/
> > > >
> > > > List info :
> > > > http://www.activedir.org/mail_list.htm
> > > > List FAQ : http://www.activedir.org/list_faq.htm
> > > > List archive:
> > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/
> > > >
> > > List info : http://www.activedir.org/mail_list.htm
> > > List FAQ : http://www.activedir.org/list_faq.htm
> > > List archive:
> > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/
> > >
> > > List info :
> > > http://www.activedir.org/mail_list.htm
> > > List FAQ : http://www.activedir.org/list_faq.htm
> > > List archive:
> > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/
> > >
> > List info : http://www.activedir.org/mail_list.htm
> > List FAQ : http://www.activedir.org/list_faq.htm
> > List archive:
> > http://www.mail-archive.com/activedir%> 40mail.activedir.org/
> >
> > List info :
> > http://www.activedir.org/mail_list.htm
> > List FAQ : http://www.activedir.org/list_faq.htm
> > List archive:
> > http://www.mail-archive.com/activedir%> 40mail.activedir.org/
> >
>
>
> List info : http://www.activedir.org/mail_list.htm
> List FAQ : http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%> 40mail.activedir.org/
>
> List info :
> http://www.activedir.org/mail_list.htm
> List FAQ : http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%> 40mail.activedir.org/
>
> List info :
> http://www.activedir.org/mail_list.htm
> List FAQ : http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%> 40mail.activedir.org/
>
> List info :
> http://www.activedir.org/mail_list.htm
> List FAQ : http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%> 40mail.activedir.org/
>
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
