Skip to main content

Ports that Systems Management Server 2003 uses to communicate through a firewall or through a proxy server

http://support.microsoft.com/kb/826852

Port Requirements: SMS site server to Active Directory


SMS 2003 site servers require access to the Active Directory global catalog server in order to do the following:

  • Publish site systems to Active Directory

  • Publish and query for Active Directory site boundaries

  • Run Active Directory discovery methods











































Service NameUDPTCP
LDAP389389
LDAP SSLN/A636
RPC Endpoint Mapper135135
Global Catalog LDAPN/A3268
Global Catalog LDAP SSLN/A3269
Kerberos8888


Port requirements: SMS 2003 site server to the child site, to the secondary site, or to the SMS SQL Server












Port 445Server Message Block (SMB)


Port requirements: SMS 2003 site server to remote SMS SQL Server database. Proxy management points, management point, server locator points, and reporting points to the SMS SQL Server database












Port 1433TCP (SMS site server to SQL server)


Note For more information about SQL server ports, see the section “Microsoft SQL Server ports” section.

Port requirements: SMS 2003 Advanced Client to Active Directory


In an Active Directory environment, the Advanced client makes a Lightweight Directory Access Protocol (LDAP) query to the global catalog server to find a management point that matches the client’s IP address. The following ports are required in Active Directory to allow the client to contact the global catalog server.


























Port 389UDP (User Datagram Protocol) LDAP Ping
Port 389TCP LDAP
Port 636TCP LDAP (SSL Connection)
Port 3268TCP (explicit connection to Global Catalog)
Port 3269TCP (explicit SSL connection to Global Catalog)


Port requirements: SMS 2003 Advanced Client to Management Point or to distribution point




















Port 80Hypertext Transfer Protocol (HTTP)
Port 139Client sessions (for non BITS-enabled DPs)
Port 445Server Message Block (for non BITS-enabled DPs)


Note When you use a Background Intelligent Transfer Service (BITS)-enabled distribution point through a firewall, only port 80 needs to opened both the management point and BITS-enabled distribution point. All communications will be initiated from the client. If you are only opening port 80, you will need to specify the management point by using the following script:


dim oSMSClient 
set oSMSClient = CreateObject ("Microsoft.SMS.Client")
oSMSClient.SetCurrentManagementPoint "MP NetBIOS name",0
set oSMSClient=nothing



Without access to the active directory or WINS in the environment, the advanced client will need an lmhosts file on the client computers. You will need entries for one or more MPs. For example, the following MP has an IP address of 10.0.0.1and a site code of AAA10.0.0.1 "MP_AAA x1A" #PRE. For more information about how to write an LMHOSTS file, click the following article number to view the article in the Microsoft Knowledge Base:
180094 How to write an Lmhosts file for domain validation and other name resolution issues

Port requirements: SMS Remote Control System service: Wuser32





















































Application protocolProtocolPorts
SMS Remote ChatTCP2703
SMS Remote ChatUDP2703
SMS Remote Control (control)TCP2701
SMS Remote Control (control)UDP2701
SMS Remote Control (data)TCP2702
SMS Remote Control (data)UDP2702
SMS Remote File TransferTCP2704
SMS Remote File TransferUDP2704


SMS Remote Control UDP


When you use NetBIOS over TCP/IP for SMS Remote Control, the following ports are used:


















Port 137Name resolution
Port 138Messaging
Port 139Client sessions


Note When you use NetBIOS over Novell NWLink, you must configure the router to forward type 20 packets. Type 20 packets provide NetBIOS support.

Microsoft Windows NT UDP


The following list includes the core UDP ports that Windows NT uses, and it also lists their respective functions:




































Domain Name System (DNS)UDP53
Dynamic Host Configuration Protocol (DHCP)UDP67
Remote procedure call (RPC)TCP135
Windows Internet Name Service (WINS)UDP138
NetBIOS datagramsUDP138
NetBIOS datagramsTCP139


Note The SMS Administrator console must have TCP port 135 open for communication. Otherwise, the console cannot display all the items in the console tree.

Microsoft SQL Server ports


If you use the TCP/IP Net-Library, enable port 1433 on the firewall. Use the Hosts file or an advanced connection string for host name resolution.

If you use named pipes over TCP/IP, enable port 139 for NetBIOS functions.

Microsoft does not recommend that you enable UDP ports 137 and 138 for NetBIOS name resolution by using B-node broadcasts. Instead, you can use a WINS server or an Lmhosts file for name resolution.

By default, SQL Server uses TCP (not UDP) port 1433 to listen on TCP/IP. To change the port, run SQL Server Setup on the server and then click Change Network Support. If SQL Server uses port 1433, the client Net-Library works. If SQL Server uses a custom port number, the client must specify that port in the Data Source Name (DSN).

SMS RAS Sender


SMS can also use the SMS RAS Sender with Point to Point Tunneling Protocol (PPTP) to send and to receive SMS site, client, and administrative information through a firewall. Under these circumstances, the following port is used:











PPTPTCP1723


Security


To help improve the security of your computer, you can configure your firewall to use Internet Protocol (IP) filters that permit only registered addresses to pass through the firewall.

If you enable specific ports on a proxy server or on a firewall, this may affect the security of your computer. For additional information about security issues, visit the following Microsoft Web site:

For more information about how to restrict TCP/IP ports for DCOM, click the following article number to view the article in the Microsoft Knowledge Base:
300083 How to restrict TCP/IP ports on Windows 2000 and Windows XP

Comments

Popular posts from this blog

Windows 7 Offline files will not go Online when connected to network

Issue Several laptop users move between networks, domain, home, etc and when they attempt to access DFS shares explorer status is working offline.  The issue only resolves it self after a reboot. Connecting directly to the share works and i am able to ping network resources.  This behavior occurs for VPN users as well. Possible Causes "slow-link mode". In win7 (with default settings) a client will enter slow-link mode if the latency to the server is above 80ms. In slow-link mode all writes are made to the local cache and a background sync only happens every 6 hours.  Depending on your connection the default slow link detection speed is 64,000 bps On client computers running Windows 7 or Windows Server 2008 R2, a shared folder automatically transitions to the slow-link mode if the round-trip latency of the network is greater than 80 milliseconds, or as configured by the "Configure slow-link mode" policy. After transitioning a folder to the slow-link mode, Offline Fil

SCCM Client Certificate (PKI) Value is None

SCCM Client Certificate (PKI) Value is None Stopping WMI service Stopping CCMExec SC Delete any sccm services (ccmexec, smstsmgr, cmecservice, ccmsetup) Delete C:\windows\ccm, C:\windows\ccmsetup, C:\windows\ccmcache, C:\Windows\SMSCFG.ini Go into regedit and remove: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCMSetup HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS Then restart WMI, and reinstall the client. You shouldn't need a reboot to complete this. Once this has been done the client will install and pick up the cert. https://www.windows-noob.com/forums/topic/12644-sccm-2012-client-certificate-pki-value-is-none/

SCCM Unknown computer not able to see Task Sequences after installing Current Branch 1702

Soon after installing SCCM CB 1702 we were unable to see Task Sequences deployed to the unknown collection. This issue was identified as a random system taking the GUID of the 'x64 Unknown Computer (x64 Unknown Computer)' record. As a result it was now a known GUID; as we were only deploying Task Sequences to the Unknown collection none were made available. 'x64 Unknown Computer (x64 Unknown Computer)' record 'x86 Unknown Computer (x86 Unknown Computer)' record To get the GUID of your unknown systems open SQL management studio and run the following command: --Sql Command to list the name and GUID for UnknownSystems record data select ItemKey, Name0,SMS_Unique_Identifier0 from UnknownSystem_DISC Using the returned GUID (SMS_Unique_Identifier0) we can find the hostname that has been assigned the 'x64 Unknown Computer (x64 Unknown Computer)' GUID by running the query below. --x64 Unknown Computers select Name0,SMS_Unique_Identifier0,Decommissioned0 from Sys