• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 803
  • Last Modified:

what ports on Exchange 2010 are required to communicate with Outlook through a firewall via a VPN?

What ports on Exchange 2010 does it use to communicate with Outlook through a firewall via a VPN?

To put it simply here is the scenario:

user connects to  Firepass VPN....once on the VPN they open up a local copy of Outlook on their PC.  We were having an issue with the firewall blocking access.  had my admin look at teh logs and we determined that the firewall was blocking access on ports 12745 and 12838.  Once he opened those ports Outlook opened fine.


It has worked great for a week but today we ran into the same issue where Outlook could not connect to Exchange 2010 over the VPN.  Looked at logs and discovered that ports 44883 and 44984 were now being denied by the firewall.


Seems like these ports requested  by Exchange 2010 are being denied by the firewall and they change...

Any ideas on what ports need to be open on the firewall on a consistent basis?  Sure we can keep adding these ports to be open on the firewall but looks like they may keep changing


Any help appreciated
0
BlueGoose
Asked:
BlueGoose
  • 6
  • 5
1 Solution
 
steinmtoCommented:
0
 
steinmtoCommented:
I would use outlook anywhere with a cert then you do not have to work about the vpn and ports.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
BlueGooseAuthor Commented:
Thanks for the quick answer however Outlook Anywhere is not an option at this point.  We do use OWA and that works fine but certain people with more stripes prefer to use local copy of Outlook and not OWA, hence I have to find out what ports are used and how I can keep that port that Exchange 2010 needs consistent (if that makes sense)
0
 
steinmtoCommented:
Outlook connects via MAPI which in turn uses RPC, you need port 135 and all ports over 1024 open for RPC which is why it's such a horrible security hole.

0
 
BlueGooseAuthor Commented:
iirc on our Exchange 2003 server we have 3 specific ports open to allow Outlook to communicate  via the VPN thru the firewall...I was hoping that a similar setup could be done with Exchange 2010?
0
 
BlueGooseAuthor Commented:
I guess I need to figure out how to configure static RPC ports on Exchange 2010 Client access server?  I found an article how to do it but it involves changing the registry.....not sure how that will affect internal users who don't use the VPN?  

Did a netstat on my exchange server and looks like every connection established from outlook is either 44883 or 44984....not sure when or if that will change
0
 
steinmtoCommented:
It looks like it will unless you do the static rpc ports.
0
 
BlueGooseAuthor Commented:
Is the only place to make changes on the Server itself for static ports?  Or do clients need to make changes as well?
0
 
BlueGooseAuthor Commented:
Explained it perfectly

Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now