?
Solved

Exchange 2k

Posted on 2003-03-03
9
Medium Priority
?
142 Views
Last Modified: 2010-04-13
I have exchange server setup on a remote Win2k Advanced server which is also acting as the DC.  I have tcp/ip filtering setup on the server.  What ports do I need to allow for exchange to work correctly?
Do i need to open ldap, rpc etc?

Any help would be appreciated.
0
Comment
Question by:__Abort
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 9

Expert Comment

by:MSGeek
ID: 8059035
No.  What are you trying to get remote access to, just mail?? Then it's SMTP port 25.

You can also do a text search of this page for any port number you want: http://www.ietf.org/rfc/rfc1700.txt?number=1700
0
 
LVL 1

Expert Comment

by:cuba_joe
ID: 8059273
Securing Exchange Server 2K

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/exchange/exchange2000/maintain/security/secexsrv.asp

Lists dangerous ports and other important security best practices for securing Exchange 2000.
0
 

Author Comment

by:__Abort
ID: 8059426
Let me be a little more clear....
Exchange 2000 on Windows 2000 Advanced Server
Server is Domain Controller and Global Catalog server.
Server is not DNS.
Port 25 (smtp) and port 110 (pop3) are both open.
What other ports need to be open for Exchange to work?
I know that other ports need to be opened because if I turn off tcp/ip Port filtering everything works fine! Its only when I filter that problems occur.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Author Comment

by:__Abort
ID: 8059429
Let me be a little more clear....
Exchange 2000 on Windows 2000 Advanced Server
Server is Domain Controller and Global Catalog server.
Server is not DNS.
Port 25 (smtp) and port 110 (pop3) are both open.
What other ports need to be open for Exchange to work?
I know that other ports need to be opened because if I turn off tcp/ip Port filtering everything works fine! Its only when I filter that problems occur.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8059752
I would open ports 110, 143, 25, 80 and 389.
0
 

Author Comment

by:__Abort
ID: 8061798
MSGeek-
I tried 110, 143, 25, 80 and 389 but the Microsoft Exchange System Attendant will not start with only these ports open.
Any other ideas?
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8061854
Is that the same problem you had when you turned port filtering off, I don't recall you saying anything about the System Attendant?
0
 
LVL 26

Expert Comment

by:Vahik
ID: 8062263
there are some more ports that u have to open.

try this
http://support.microsoft.com/default.aspx?scid=kb;en-us;278339

0
 
LVL 4

Accepted Solution

by:
Jivko earned 400 total points
ID: 8063025
Required for DC Working:
Service Port/protocol
RPC endpoint mapper 135/tcp, 135/udp
NetBIOS name service 137/tcp, 137/udp
NetBIOS datagram service 138/udp
NetBIOS session service 139/tcp
SMB over IP (Microsoft-DS) 445/tcp, 445/udp
LDAP 389/tcp
LDAP over SSL 636/tcp
Global catalog LDAP 3268/tcp
Global catalog LDAP over SSL 3269/tcp
Kerberos 88/tcp, 88/udp
DNS 53/tcp, 53/udp
WINS resolution (if required) 1512/tcp, 1512/udp
WINS replication (if required) 42/tcp, 42/udp
Network time protocol (NTP) 123/udp

Where <fixed port> is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\

Add a new DWORD value called TCP/IP Port (include the space). Set the value's data to the port number you want to use—remember to change the displayed base to decimal before you enter the data. Do this on all your Active Directory servers. You need to restart them for the change to take effect.


So .. the best solution is to use a separate machine for firewall , instead of simple built in TCP filtering. And to filter only external internet connection.

Take a look here:
http://www.microsoft.com/serviceproviders/columns/config_ipsec_P63623.asp

I recomend for you Microsoft ISA server.

Regards

0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In today's business world, data is more important than ever for informing marketing campaigns. Accessing and using data, however, may not come naturally to some creative marketing professionals. Here are four tips for adapting to wield data for insi…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses
Course of the Month13 days, 23 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question