Re: Setting TCP/ip ports for exchange and firewalls
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 26 Jun 2005 10:36:54 -0400
In news:uLDFMwieFHA.1448@xxxxxxxxxxxxxxxxxxxx,
Simon Glencross <simon.glencross@xxxxxxxxxxxxxxxxxxxx> typed:
> Your confusing the issue now, how else are users going to be able to
> gain access to webmail
Forward port 443 to the LAN IP of your Exchange server for OWA over SSL
(recommended over port 80 for HTTP)
or rpc/https if I dont open ports see MS article
> below..........
>
> Is this correct or not???
Nope. That article would let you connect without it, which is not a good
idea.
See http://support.microsoft.com/?scid=kb;en-us;833401 for info on setting
up RPC over HTTP access.
>
> Many Thanks Simon
> XADM: Setting TCP/IP Port Numbers for Internet Firewalls
> View products that this article applies to.
> Article ID : 148732
> Last Review : April 28, 2005
> Revision : 4.2
>
> This article was previously published under Q148732
> IMPORTANT: This article contains information about modifying the
> registry. Before you modify the registry, make sure to back it up and make
> sure
> that you understand how to restore the registry if a problem occurs. For
> information about how to back up, restore, and edit the registry,
> click the following article number to view the article in the Microsoft
> Knowledge Base:
> 256986 Description of the Microsoft Windows Registry
> On this page
> SUMMARY
> MORE INFORMATION
> APPLIES TO
>
> SUMMARY
> This article explains how to configure the Microsoft Exchange
> Information Store, Directory, and System Attendant Services to use
> predefined
> TCP/IP port numbers. This is useful when configuring Internet firewalls or
> routers. Back to the top
>
> MORE INFORMATION
> Some Internet firewalls may not accept TCP/IP port numbers that
> Microsoft Exchange Server uses for remote procedure call (RPC)
> communication.
> To solve this problem, you must permit Transmission Control Protocol (TCP)
> connections to be made on port 135 of your firewall, and then
> configure Exchange Server to use the ports that your firewall permits. The
> computer must be restarted for these changes to take effect.
>
> WARNING: If you use Registry Editor incorrectly, you may cause serious
> problems that may require you to reinstall your operating system.
> Microsoft cannot guarantee that you can solve problems that result from
> using
> Registry Editor incorrectly. Use Registry Editor at your own risk.
>
>
> To configure the RPC Port for the Microsoft Exchange Directory
> Service: 1. Start Registry Editor (Regedt32.exe).
> 2. Find the following registry subkey:
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeDS\Parameters
> 3. Add the following registry value
> TCP/IP port
> as DWORD value, specifying the port to be used. The radix should
> be set to decimal when entering the value.
> 4. Quit Registry Editor.
> To configure the RPC Port for the Microsoft Exchange Information Store
> Service: 1. Start Registry Editor (Regedt32.exe).
> 2. Find the following subkey:
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
> 3. Add the following registry value
> TCP/IP port
> as DWORD value, specifying the port to be used. The radix should
> be set to decimal when entering the value.
> 4. Quit Registry Editor.
> To configure the RPC Port for the Microsoft Exchange System Attendant:
>
> NOTE: In order to administer an Exchange Server across a firewall, the
> Microsoft Exchange System Attendant should be configured to use a
> specific RPC port as well. 1. Start Registry Editor (Regedt32.exe).
> 2. Find the following subkey:
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeSA\Parameters
> 3. Add the following registry value
> TCP/IP port
> as DWORD value, specifying the port to be used. The radix should
> be set to decimal when entering the value.
> 4. Quit Registry Editor.
> NOTE: The DWORD value should be in decimal.
>
> NOTE: You have to change this registry setting only on the computer
> that runs Microsoft Exchange Server. Clients always connect to port 135,
> the RPC endpoint mapper, and then ask what ports they should use for the
> Directory and Information Store Services.
>
> WARNING: Do not assign ports immediately above the 1023 range. For
> additional information about the ramifications and guidelines for
> static port assignment of Exchange services, click the article number
> below
> to view the article in the Microsoft Knowledge Base:
> 180795 XADM: Intrasite Directory Replication Fails with Error 1720
> For additional information Exchange Services for Internet Firewalls
> and port considerations, click the article numbers below to view the
> articles in the Microsoft Knowledge Base:
> 155831 XADM: Setting TCP/IP Ports for Exchange and Outlook Client
> Connections Through a Firewall
> 194952 XADM: Statically Mapped Port Limitations for Exchange Server
> Back to the top
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> "Lanwench [MVP - Exchange]"
> <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
> message news:O21JNTceFHA.2736@xxxxxxxxxxxxxxxxxxxxxxx
>>
>>
>> In news:%23Eu0udbeFHA.2244@xxxxxxxxxxxxxxxxxxxx,
>> Simon Glencross <simon.glencross@xxxxxxxxxxxxxxxxxxxx> typed:
>>> The reason why I am doing this is due to the fact we have a
>>> sonicwall firewall and as per the article 14873 it is required as
>>> these poerts will need to be configured on the sonicwall intself, I
>>> have configured the rpc/httpp and https.
>>> Do you know why I should not have MsExchangeDS in the registry as
>>> explained below?
>>
>> That KB article doesn't seem to be currently available.
>> I can't tell you the specifics, but again, if you are doing this in
>> an effort to permit Outlook users to connect 'bareback' over the
>> Internet to your server, you should not pursue this route at all. If
>> you're using RPC over HTTP(s), a) good to mention that in the
>> first post and b) I'm not sure
>> you need to be doing this at all... ?
>>>
>>>
>>>
>>> "Lanwench [MVP - Exchange]"
>>> <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
>>> message news:ujlSjLbeFHA.2288@xxxxxxxxxxxxxxxxxxxxxxx
>>>>
>>>>
>>>> In news:OBppGmZeFHA.1448@xxxxxxxxxxxxxxxxxxxx,
>>>> Simon Glencross <simon.glencross@xxxxxxxxxxxxxxxxxxxx> typed:
>>>>> I am currently configuring static tcp ports as per article
>>>>> 155831, I have set in the registry the port for MSexchangeIS but
>>>>> I am unable to find MSexchangeDS in the registry I can find
>>>>> MSexchangeDSAccess but it does not have a sub folder of
>>>>> Parameters?? Anyone have any ideas what I should do??
>>>>>
>>>>> Cheers
>>>>
>>>> Not sure. If you're doing this because you want to allow unsecured
>>>> Outlook connections from the Internet to the Exchange server,
>>>> rethink it. VPN or RPC/HTTP ...don't do it any other way. OWA is
>>>> always an option (but force/use SSL on that).
.
- References:
- Setting TCP/ip ports for exchange and firewalls
- From: Simon Glencross
- Re: Setting TCP/ip ports for exchange and firewalls
- From: Lanwench [MVP - Exchange]
- Re: Setting TCP/ip ports for exchange and firewalls
- From: Simon Glencross
- Re: Setting TCP/ip ports for exchange and firewalls
- From: Lanwench [MVP - Exchange]
- Re: Setting TCP/ip ports for exchange and firewalls
- From: Simon Glencross
- Setting TCP/ip ports for exchange and firewalls
- Prev by Date: Re: Exchange 2000 to Exchange 2003 Migration Question
- Next by Date: Re: MX Records
- Previous by thread: Re: Setting TCP/ip ports for exchange and firewalls
- Next by thread: Internal / external email different
- Index(es):
Relevant Pages
|
