Re: Setting TCP/ip ports for exchange and firewalls
- From: "Simon Glencross" <simon.glencross@xxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 26 Jun 2005 09:49:59 +0100
Your confusing the issue now, how else are users going to be able to gain
access to webmail or rpc/https if I dont open ports see MS article
below..........
Is this correct or not???
Many Thanks Simon
XADM: Setting TCP/IP Port Numbers for Internet Firewalls
View products that this article applies to.
Article ID : 148732
Last Review : April 28, 2005
Revision : 4.2
This article was previously published under Q148732
IMPORTANT: This article contains information about modifying the registry.
Before you modify the registry, make sure to back it up and make sure that
you understand how to restore the registry if a problem occurs. For
information about how to back up, restore, and edit the registry, click the
following article number to view the article in the Microsoft Knowledge
Base:
256986 Description of the Microsoft Windows Registry
On this page
SUMMARY
MORE INFORMATION
APPLIES TO
SUMMARY
This article explains how to configure the Microsoft Exchange Information
Store, Directory, and System Attendant Services to use predefined TCP/IP
port numbers. This is useful when configuring Internet firewalls or routers.
Back to the top
MORE INFORMATION
Some Internet firewalls may not accept TCP/IP port numbers that Microsoft
Exchange Server uses for remote procedure call (RPC) communication. To solve
this problem, you must permit Transmission Control Protocol (TCP)
connections to be made on port 135 of your firewall, and then configure
Exchange Server to use the ports that your firewall permits. The computer
must be restarted for these changes to take effect.
WARNING: If you use Registry Editor incorrectly, you may cause serious
problems that may require you to reinstall your operating system. Microsoft
cannot guarantee that you can solve problems that result from using Registry
Editor incorrectly. Use Registry Editor at your own risk.
To configure the RPC Port for the Microsoft Exchange Directory Service: 1.
Start Registry Editor (Regedt32.exe).
2. Find the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeDS\Parameters
3. Add the following registry value
TCP/IP port
as DWORD value, specifying the port to be used. The radix should be
set to decimal when entering the value.
4. Quit Registry Editor.
To configure the RPC Port for the Microsoft Exchange Information Store
Service: 1. Start Registry Editor (Regedt32.exe).
2. Find the following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
3. Add the following registry value
TCP/IP port
as DWORD value, specifying the port to be used. The radix should be
set to decimal when entering the value.
4. Quit Registry Editor.
To configure the RPC Port for the Microsoft Exchange System Attendant:
NOTE: In order to administer an Exchange Server across a firewall, the
Microsoft Exchange System Attendant should be configured to use a specific
RPC port as well. 1. Start Registry Editor (Regedt32.exe).
2. Find the following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeSA\Parameters
3. Add the following registry value
TCP/IP port
as DWORD value, specifying the port to be used. The radix should be
set to decimal when entering the value.
4. Quit Registry Editor.
NOTE: The DWORD value should be in decimal.
NOTE: You have to change this registry setting only on the computer that
runs Microsoft Exchange Server. Clients always connect to port 135, the RPC
endpoint mapper, and then ask what ports they should use for the Directory
and Information Store Services.
WARNING: Do not assign ports immediately above the 1023 range. For
additional information about the ramifications and guidelines for static
port assignment of Exchange services, click the article number below to view
the article in the Microsoft Knowledge Base:
180795 XADM: Intrasite Directory Replication Fails with Error 1720
For additional information Exchange Services for Internet Firewalls and port
considerations, click the article numbers below to view the articles in the
Microsoft Knowledge Base:
155831 XADM: Setting TCP/IP Ports for Exchange and Outlook Client
Connections Through a Firewall
194952 XADM: Statically Mapped Port Limitations for Exchange Server
Back to the top
"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:O21JNTceFHA.2736@xxxxxxxxxxxxxxxxxxxxxxx
>
>
> In news:%23Eu0udbeFHA.2244@xxxxxxxxxxxxxxxxxxxx,
> Simon Glencross <simon.glencross@xxxxxxxxxxxxxxxxxxxx> typed:
>> The reason why I am doing this is due to the fact we have a sonicwall
>> firewall and as per the article 14873 it is required as these poerts
>> will need to be configured on the sonicwall intself, I have
>> configured the rpc/httpp and https.
>> Do you know why I should not have MsExchangeDS in the registry as
>> explained below?
>
> That KB article doesn't seem to be currently available.
> I can't tell you the specifics, but again, if you are doing this in an
> effort to permit Outlook users to connect 'bareback' over the Internet to
> your server, you should not pursue this route at all. If you're using RPC
> over HTTP(s), a) good to mention that in the first post and b) I'm not
> sure
> you need to be doing this at all... ?
>>
>>
>>
>> "Lanwench [MVP - Exchange]"
>> <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
>> message news:ujlSjLbeFHA.2288@xxxxxxxxxxxxxxxxxxxxxxx
>>>
>>>
>>> In news:OBppGmZeFHA.1448@xxxxxxxxxxxxxxxxxxxx,
>>> Simon Glencross <simon.glencross@xxxxxxxxxxxxxxxxxxxx> typed:
>>>> I am currently configuring static tcp ports as per article 155831, I
>>>> have set in the registry the port for MSexchangeIS but I am unable
>>>> to find MSexchangeDS in the registry I can find MSexchangeDSAccess
>>>> but it does not have a sub folder of Parameters??
>>>>
>>>> Anyone have any ideas what I should do??
>>>>
>>>> Cheers
>>>
>>> Not sure. If you're doing this because you want to allow unsecured
>>> Outlook connections from the Internet to the Exchange server,
>>> rethink it. VPN or RPC/HTTP ...don't do it any other way. OWA is
>>> always an option (but force/use SSL on that).
>
>
begin 666 downArrow.gif
M1TE&.#EA"@`*`/<``````( ```" `(" ````@( `@ " @(" @,# P/\```#_
M`/__````__\`_P#______P``````````````````````````````````````
M````````````````````````````````````````````````````````````
M````,P``9@``F0``S ``_P`S```S,P`S9@`SF0`SS `S_P!F``!F,P!F9@!F
MF0!FS !F_P"9``"9,P"99@"9F0"9S "9_P#,``#,,P#,9@#,F0#,S #,_P#_
M``#_,P#_9@#_F0#_S #__S,``#,`,S,`9C,`F3,`S#,`_S,S`#,S,S,S9C,S
MF3,SS#,S_S-F`#-F,S-F9C-FF3-FS#-F_S.9`#.9,S.99C.9F3.9S#.9_S/,
M`#/,,S/,9C/,F3/,S#/,_S/_`#/_,S/_9C/_F3/_S#/__V8``&8`,V8`9F8`
MF68`S&8`_V8S`&8S,V8S9F8SF68SS&8S_V9F`&9F,V9F9F9FF69FS&9F_V:9
M`&:9,V:99F:9F6:9S&:9_V;,`&;,,V;,9F;,F6;,S&;,_V;_`&;_,V;_9F;_
MF6;_S&;__YD``)D`,YD`9ID`F9D`S)D`_YDS`)DS,YDS9IDSF9DSS)DS_YEF
M`)EF,YEF9IEFF9EFS)EF_YF9`)F9,YF99IF9F9F9S)F9_YG,`)G,,YG,9IG,
MF9G,S)G,_YG_`)G_,YG_9IG_F9G_S)G__\P``,P`,\P`9LP`F<P`S,P`_\PS
M`,PS,\PS9LPSF<PSS,PS_\QF`,QF,\QF9LQFF<QFS,QF_\R9`,R9,\R99LR9
MF<R9S,R9_\S,`,S,,\S,9LS,F<S,S,S,_\S_`,S_,\S_9LS_F<S_S,S___\`
M`/\`,_\`9O\`F?\`S/\`__\S`/\S,_\S9O\SF?\SS/\S__]F`/]F,_]F9O]F
MF?]FS/]F__^9`/^9,_^99O^9F?^9S/^9___,`/_,,__,9O_,F?_,S/_,____
M`/__,___9O__F?__S/___RP`````"@`*```('@`?"!Q(D*",@@@3/CBH,"'#
/AP8',HPXL6#%A@(#`@`[
`
end
begin 666 upArrow.gif
M1TE&.#EA"@`*`/<``````( ```" `(" ````@( `@ " @(" @,# P/\```#_
M`/__````__\`_P#______P``````````````````````````````````````
M````````````````````````````````````````````````````````````
M````,P``9@``F0``S ``_P`S```S,P`S9@`SF0`SS `S_P!F``!F,P!F9@!F
MF0!FS !F_P"9``"9,P"99@"9F0"9S "9_P#,``#,,P#,9@#,F0#,S #,_P#_
M``#_,P#_9@#_F0#_S #__S,``#,`,S,`9C,`F3,`S#,`_S,S`#,S,S,S9C,S
MF3,SS#,S_S-F`#-F,S-F9C-FF3-FS#-F_S.9`#.9,S.99C.9F3.9S#.9_S/,
M`#/,,S/,9C/,F3/,S#/,_S/_`#/_,S/_9C/_F3/_S#/__V8``&8`,V8`9F8`
MF68`S&8`_V8S`&8S,V8S9F8SF68SS&8S_V9F`&9F,V9F9F9FF69FS&9F_V:9
M`&:9,V:99F:9F6:9S&:9_V;,`&;,,V;,9F;,F6;,S&;,_V;_`&;_,V;_9F;_
MF6;_S&;__YD``)D`,YD`9ID`F9D`S)D`_YDS`)DS,YDS9IDSF9DSS)DS_YEF
M`)EF,YEF9IEFF9EFS)EF_YF9`)F9,YF99IF9F9F9S)F9_YG,`)G,,YG,9IG,
MF9G,S)G,_YG_`)G_,YG_9IG_F9G_S)G__\P``,P`,\P`9LP`F<P`S,P`_\PS
M`,PS,\PS9LPSF<PSS,PS_\QF`,QF,\QF9LQFF<QFS,QF_\R9`,R9,\R99LR9
MF<R9S,R9_\S,`,S,,\S,9LS,F<S,S,S,_\S_`,S_,\S_9LS_F<S_S,S___\`
M`/\`,_\`9O\`F?\`S/\`__\S`/\S,_\S9O\SF?\SS/\S__]F`/]F,_]F9O]F
MF?]FS/]F__^9`/^9,_^99O^9F?^9S/^9___,`/_,,__,9O_,F?_,S/_,____
M`/__,___9O__F?__S/___RP`````"@`*```(( `?"!Q(D*",@@,/'BRX\$%#
1AP(7/D2(<")%BA8O/@@(`#L`
`
end
.
- Follow-Ups:
- Re: Setting TCP/ip ports for exchange and firewalls
- From: Lanwench [MVP - Exchange]
- Re: Setting TCP/ip ports for exchange and firewalls
- References:
- Setting TCP/ip ports for exchange and firewalls
- From: Simon Glencross
- Re: Setting TCP/ip ports for exchange and firewalls
- From: Lanwench [MVP - Exchange]
- Re: Setting TCP/ip ports for exchange and firewalls
- From: Simon Glencross
- Re: Setting TCP/ip ports for exchange and firewalls
- From: Lanwench [MVP - Exchange]
- Setting TCP/ip ports for exchange and firewalls
- Prev by Date: Re: Exchange 5.5 to Exchange 2003 resource mailbox question
- Next by Date: Re: Exchange 2000 server that's a DC
- Previous by thread: Re: Setting TCP/ip ports for exchange and firewalls
- Next by thread: Re: Setting TCP/ip ports for exchange and firewalls
- Index(es):
Relevant Pages
|
