Ports to open for Outlook to Exchange

Posted on 2011-10-12
Medium Priority
Last Modified: 2012-05-12
I have created a new VLAN on our network for some PCs which need to be segregated from the main network. The two networks are connected by a Cisco layer 3 switch, and I'm using ACLs to restrict traffic between them.

The PCs on VLAN2 still need to run Outlook and therefore connect to the Exchange server across the switch. I've investigated which ports to open via the ACL, but it seems that Outlook uses RPC to connect to Exchange, and as such the ports used vary.

Is there a way to allow Outlook on these PCs to connect to the Exchange server without opening up the whole port range?
Question by:Michael986
  • 4
  • 2
  • 2
  • +1

Expert Comment

ID: 36960175
Check this article, where it talks about defining static ports for outlook connection.


Hope this helps

Expert Comment

ID: 36960185
This document provides list of various Services Ports for Windows Server System including Exchange


Expert Comment

ID: 36960187
This article describes how to create a Microsoft Outlook profile file that you can use to configure static communication ports in Microsoft Office Outlook 2007 and in Microsoft Office Outlook 2003. The static ports are used to connect to a Microsoft Exchange server. This procedure can be used to work around the problem that prevents Outlook from communicating through port 135 to prompt the End Point Mapper where to find the Exchange server.

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 49

Accepted Solution

Akhater earned 1000 total points
ID: 36960219
Do NOT do this, you are going down trouble lane.

Believe me the last thing you want is to separate outlook clients from your exchange servers and then try to open some ports. By the time it works you will have all critical ports opened.

is this VLAN part of you network ? are these computers joined to your domain ? if so you will need to provide them with DC connectivity also and much more ports to open.

the workaround is to open only port 443 and let them connect using outlook anywhere instead

Expert Comment

ID: 36960459
Akhater -  Good call!!  That is exactly what you should do and is the best practice.

Outlook Anywhere requires only port 443!

Author Comment

ID: 36966437
I did try opening port 443 to use Outlook Anywhere but it didn't work. However, it sounds as though that's the direction I need to go.

I've now opened up TCP/443 (is UDP/443 required - have added it but didn't make it work).
How do I force Outlook to use OA instead of using RPC. I've ticked the 'On fast networks, connect using HTTP' and 'On slow networks ...' settings in 'Exchange Proxy Settings' in Outlook - do I need to do anything else?

When trying to connect, it puts up a 'login' box and accepts the 'domain\username' and password combination, but still doesn't connect.

I've tried setting the 'URL to connect to my proxy server' to the default (mail.domain.com - works for other, external laptops), to the Exchange server name (both just the name and the fully qualified name) and also the IP address, but it doesn't connect.

Any ideas as to what else to try, or how to troubleshoot further? Should add that it's Exchange 2007 and Outlook 2007

Expert Comment

ID: 36966448
Does your autodiscover service up and runing?  

This protected VLAN, these users will have NO internet access?

One way to test Outlook Settings to see what URL's are being used to to hold down the Right Control button on your keyboard and then left click the Outlook icon in the System Tray, and then click "Test E-Mail AutoConfiguration".

Assisted Solution

pritamdutt earned 1000 total points
ID: 36966488

Since you have decided to go the right way of Outlook Anywhere.. Hope you have enabled Outlook Anywhere on the Exchange Server as well.

You would need to carry out following steps:
1. Install a valid Secure Sockets Layer (SSL) certificate from a certification authority (CA) that the client trusts.
2. Install the Microsoft Windows RPC over HTTP Proxy component if it wasn't already installed by default in Windows Server 2008. For detailed steps, see Install the Windows RPC Over HTTP Proxy Component.
3. Enable Outlook Anywhere on the Client Access server using any of the following methods:
- Use the EMC to enable Outlook Anywhere
- Use the Shell to enable Outlook Anywhere
4. Once you have enabled Outlook Anywhere you can configure the same using EMC or Shell
5. Once you are done with your configuration, its time to test your Outlook Anywhere Connectivity using Shell or Exchange Remote Connectivity Analyzer
6. You can also Test Outlook Autodiscover Connectivity using Shell. Here is syntax for OutlookWebservices Test cmdlet.

Detailed guide on Understanding Outlook Anywhere is also available.

Hope this helps.

LVL 49

Expert Comment

ID: 36966788
Did you enable outlook anywhere to start with ?

Here is how to enable outlook anywhere on exchange 2007 sp1 http://www.exchange-genie.com/2008/02/configuring-outlook-anywhere-for-exchange-2007-sp1/

However the answer to your original question is to make it through outlook anywhere and open just 443, if you have problems with enabling outlook anywhere I suggest you open another question for that just to keep this one focused on one topic.


Author Closing Comment

ID: 36977350
As I mentioned, Outlook Anywhere is already working for other external devices, so that shoudn't be the problem.

I'll open another question if I can't get to the bottom of it

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
As a matter of fact, Outlook OST files are of much importance in relation to Exchange mailbox. OST files are independent as they are simply copy of data of a user’s mailbox on Exchange Server. Though, if the server’s status is changed or it is dama…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question