?
Solved

Exchange 2k

Posted on 2003-03-03
9
Medium Priority
?
145 Views
Last Modified: 2010-04-13
I have exchange server setup on a remote Win2k Advanced server which is also acting as the DC.  I have tcp/ip filtering setup on the server.  What ports do I need to allow for exchange to work correctly?
Do i need to open ldap, rpc etc?

Any help would be appreciated.
0
Comment
Question by:__Abort
9 Comments
 
LVL 9

Expert Comment

by:MSGeek
ID: 8059035
No.  What are you trying to get remote access to, just mail?? Then it's SMTP port 25.

You can also do a text search of this page for any port number you want: http://www.ietf.org/rfc/rfc1700.txt?number=1700
0
 
LVL 1

Expert Comment

by:cuba_joe
ID: 8059273
Securing Exchange Server 2K

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/exchange/exchange2000/maintain/security/secexsrv.asp

Lists dangerous ports and other important security best practices for securing Exchange 2000.
0
 

Author Comment

by:__Abort
ID: 8059426
Let me be a little more clear....
Exchange 2000 on Windows 2000 Advanced Server
Server is Domain Controller and Global Catalog server.
Server is not DNS.
Port 25 (smtp) and port 110 (pop3) are both open.
What other ports need to be open for Exchange to work?
I know that other ports need to be opened because if I turn off tcp/ip Port filtering everything works fine! Its only when I filter that problems occur.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:__Abort
ID: 8059429
Let me be a little more clear....
Exchange 2000 on Windows 2000 Advanced Server
Server is Domain Controller and Global Catalog server.
Server is not DNS.
Port 25 (smtp) and port 110 (pop3) are both open.
What other ports need to be open for Exchange to work?
I know that other ports need to be opened because if I turn off tcp/ip Port filtering everything works fine! Its only when I filter that problems occur.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8059752
I would open ports 110, 143, 25, 80 and 389.
0
 

Author Comment

by:__Abort
ID: 8061798
MSGeek-
I tried 110, 143, 25, 80 and 389 but the Microsoft Exchange System Attendant will not start with only these ports open.
Any other ideas?
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8061854
Is that the same problem you had when you turned port filtering off, I don't recall you saying anything about the System Attendant?
0
 
LVL 26

Expert Comment

by:Vahik
ID: 8062263
there are some more ports that u have to open.

try this
http://support.microsoft.com/default.aspx?scid=kb;en-us;278339

0
 
LVL 4

Accepted Solution

by:
Jivko earned 400 total points
ID: 8063025
Required for DC Working:
Service Port/protocol
RPC endpoint mapper 135/tcp, 135/udp
NetBIOS name service 137/tcp, 137/udp
NetBIOS datagram service 138/udp
NetBIOS session service 139/tcp
SMB over IP (Microsoft-DS) 445/tcp, 445/udp
LDAP 389/tcp
LDAP over SSL 636/tcp
Global catalog LDAP 3268/tcp
Global catalog LDAP over SSL 3269/tcp
Kerberos 88/tcp, 88/udp
DNS 53/tcp, 53/udp
WINS resolution (if required) 1512/tcp, 1512/udp
WINS replication (if required) 42/tcp, 42/udp
Network time protocol (NTP) 123/udp

Where <fixed port> is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\

Add a new DWORD value called TCP/IP Port (include the space). Set the value's data to the port number you want to use—remember to change the displayed base to decimal before you enter the data. Do this on all your Active Directory servers. You need to restart them for the change to take effect.


So .. the best solution is to use a separate machine for firewall , instead of simple built in TCP filtering. And to filter only external internet connection.

Take a look here:
http://www.microsoft.com/serviceproviders/columns/config_ipsec_P63623.asp

I recomend for you Microsoft ISA server.

Regards

0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Herein one will find an aggregate of some of my experience building and deploying virtualization stacks both in standalone, clustered Hyper-V, clustered Hyper-V with a Scale-Out File Server (SOFS) backend, and Storage Spaces Direct (S2D).
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question