Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Exchange 2003 - Firewall logs Port 6004 Outbound

Posted on 2014-01-08
7
298 Views
Last Modified: 2016-05-17
Hi Experts,

We have an Exchange 2003 environment and we have firewall logs filling up with denies from some of the Exchange 2003 servers showing connection attempts to remote servers in the LAN on UDP 6004.

Over the last month or so, another team has introduced an Exchange 2010 servers, to allow them to move to Office 365.

There's no correlation between the destination IP of the connection and the Exchange 2010 servers either.

Any ideas why these servers have started to attempt to connect to other devices on 6004?
0
Comment
Question by:MarkMichael
  • 3
  • 3
7 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39764772
That port is used for RPC (RPC via HTTPS or Outlook Anywhere as it is known in Exchange 2007 and up).

Are you using a Front-End / Back-End environment with multiple back-end servers?
0
 
LVL 15

Author Comment

by:MarkMichael
ID: 39764778
Yep, thats right.

We have several back ends and several front ends for Exchange 2003.

This has been set up like this for a few years and the firewall logs have only recently started getting huge, with all these additional denies in it. I'm curious to figure out what could have changed to start this...

This is an example of the firewall log:

08/01/2014 10:42:15:FWSM-4-106023: Deny udp src exchange:10.45.140.22/24474 dst inter:10.181.16.20/6004 by access-group "acl-exchange" [0x70dc7886, 0x0]
08/01/2014 10:42:15:FWSM-4-106023: Deny udp src exchange:10.45.140.22/24473 dst inter:10.172.232.20/6004 by access-group "acl-exchange" [0x70dc7886, 0x0]
08/01/2014 10:42:15:FWSM-4-106023: Deny udp src exchange:10.45.140.22/24472 dst inter:10.45.157.252/6004 by access-group "acl-exchange" [0x70dc7886, 0x0]
08/01/2014 10:42:15:FWSM-4-106023: Deny udp src exchange:10.45.140.22/24469 dst inter:10.173.50.248/6004 by access-group "acl-exchange" [0x70dc7886, 0x0]
08/01/2014 10:42:15:FWSM-4-106023: Deny udp src exchange:10.45.140.22/24468 dst inter:10.243.34.35/6004 by access-group "acl-exchange" [0x70dc7886, 0x0]
08/01/2014 10:42:15:FWSM-4-106023: Deny udp src exchange:10.45.140.22/24467 dst inter:10.45.156.20/6004 by access-group "acl-exchange" [0x70dc7886, 0x0]

Open in new window

0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 500 total points
ID: 39764832
So presumably your front end server is 10.445.140.22 and the backends are 10.181.16.20 / 10.172.232.20 / 10.45.157.252 / 10.173.50.248 / 10.243.34.35.

If that is the case, I would allow the port as it is internal and needed for RPC to work happily.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 15

Author Comment

by:MarkMichael
ID: 39764861
The 10.45.140.22 is one of the backend servers.


The addresses: 10.181.16.20 / 10.172.232.20 / 10.45.157.252 / 10.173.50.248 / 10.243.34.35 - are all Workstations of users from around the globe in different offices.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 39764864
Ah - okay.  Are the client computers configured using RPC over HTTPS?

If they are, then they will need to communicate with the server.

Have a read of the technical description on this page for info:

http://www.pc-library.com/ports/tcp-udp-port/6004/
0
 
LVL 15

Author Comment

by:MarkMichael
ID: 39765459
Cheers for the link.

I understand both ways would be required to allow the connection to have 2 way communications between a frontend and backend server (between RPC Proxy and DSProxy).

Although the connection appears to be being initiated from the Exchange server, to these workstations, which I find concerning, as Outlook surely wouldn't be listening on UDP 6004 anyway?

Thanks for your help Alan,

Cheers, Mark

Ps. I'm getting confirmation whether these machines are configured for RPC over HTTP.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question