Ports to open for Outlook to Exchange

I have created a new VLAN on our network for some PCs which need to be segregated from the main network. The two networks are connected by a Cisco layer 3 switch, and I'm using ACLs to restrict traffic between them.

The PCs on VLAN2 still need to run Outlook and therefore connect to the Exchange server across the switch. I've investigated which ports to open via the ACL, but it seems that Outlook uses RPC to connect to Exchange, and as such the ports used vary.

Is there a way to allow Outlook on these PCs to connect to the Exchange server without opening up the whole port range?
Who is Participating?
Do NOT do this, you are going down trouble lane.

Believe me the last thing you want is to separate outlook clients from your exchange servers and then try to open some ports. By the time it works you will have all critical ports opened.

is this VLAN part of you network ? are these computers joined to your domain ? if so you will need to provide them with DC connectivity also and much more ports to open.

the workaround is to open only port 443 and let them connect using outlook anywhere instead
Check this article, where it talks about defining static ports for outlook connection.


Hope this helps
This document provides list of various Services Ports for Windows Server System including Exchange

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

This article describes how to create a Microsoft Outlook profile file that you can use to configure static communication ports in Microsoft Office Outlook 2007 and in Microsoft Office Outlook 2003. The static ports are used to connect to a Microsoft Exchange server. This procedure can be used to work around the problem that prevents Outlook from communicating through port 135 to prompt the End Point Mapper where to find the Exchange server.

Akhater -  Good call!!  That is exactly what you should do and is the best practice.

Outlook Anywhere requires only port 443!
Michael986Author Commented:
I did try opening port 443 to use Outlook Anywhere but it didn't work. However, it sounds as though that's the direction I need to go.

I've now opened up TCP/443 (is UDP/443 required - have added it but didn't make it work).
How do I force Outlook to use OA instead of using RPC. I've ticked the 'On fast networks, connect using HTTP' and 'On slow networks ...' settings in 'Exchange Proxy Settings' in Outlook - do I need to do anything else?

When trying to connect, it puts up a 'login' box and accepts the 'domain\username' and password combination, but still doesn't connect.

I've tried setting the 'URL to connect to my proxy server' to the default (mail.domain.com - works for other, external laptops), to the Exchange server name (both just the name and the fully qualified name) and also the IP address, but it doesn't connect.

Any ideas as to what else to try, or how to troubleshoot further? Should add that it's Exchange 2007 and Outlook 2007
Does your autodiscover service up and runing?  

This protected VLAN, these users will have NO internet access?

One way to test Outlook Settings to see what URL's are being used to to hold down the Right Control button on your keyboard and then left click the Outlook icon in the System Tray, and then click "Test E-Mail AutoConfiguration".

Since you have decided to go the right way of Outlook Anywhere.. Hope you have enabled Outlook Anywhere on the Exchange Server as well.

You would need to carry out following steps:
1. Install a valid Secure Sockets Layer (SSL) certificate from a certification authority (CA) that the client trusts.
2. Install the Microsoft Windows RPC over HTTP Proxy component if it wasn't already installed by default in Windows Server 2008. For detailed steps, see Install the Windows RPC Over HTTP Proxy Component.
3. Enable Outlook Anywhere on the Client Access server using any of the following methods:
- Use the EMC to enable Outlook Anywhere
- Use the Shell to enable Outlook Anywhere
4. Once you have enabled Outlook Anywhere you can configure the same using EMC or Shell
5. Once you are done with your configuration, its time to test your Outlook Anywhere Connectivity using Shell or Exchange Remote Connectivity Analyzer
6. You can also Test Outlook Autodiscover Connectivity using Shell. Here is syntax for OutlookWebservices Test cmdlet.

Detailed guide on Understanding Outlook Anywhere is also available.

Hope this helps.

Did you enable outlook anywhere to start with ?

Here is how to enable outlook anywhere on exchange 2007 sp1 http://www.exchange-genie.com/2008/02/configuring-outlook-anywhere-for-exchange-2007-sp1/

However the answer to your original question is to make it through outlook anywhere and open just 443, if you have problems with enabling outlook anywhere I suggest you open another question for that just to keep this one focused on one topic.

Michael986Author Commented:
As I mentioned, Outlook Anywhere is already working for other external devices, so that shoudn't be the problem.

I'll open another question if I can't get to the bottom of it
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.