Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exchange 2003 - Firewall logs Port 6004 Outbound

Posted on 2014-01-08
7
Medium Priority
?
396 Views
Last Modified: 2016-05-17
Hi Experts,

We have an Exchange 2003 environment and we have firewall logs filling up with denies from some of the Exchange 2003 servers showing connection attempts to remote servers in the LAN on UDP 6004.

Over the last month or so, another team has introduced an Exchange 2010 servers, to allow them to move to Office 365.

There's no correlation between the destination IP of the connection and the Exchange 2010 servers either.

Any ideas why these servers have started to attempt to connect to other devices on 6004?
0
Comment
Question by:MarkMichael
  • 3
  • 3
7 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39764772
That port is used for RPC (RPC via HTTPS or Outlook Anywhere as it is known in Exchange 2007 and up).

Are you using a Front-End / Back-End environment with multiple back-end servers?
0
 
LVL 15

Author Comment

by:MarkMichael
ID: 39764778
Yep, thats right.

We have several back ends and several front ends for Exchange 2003.

This has been set up like this for a few years and the firewall logs have only recently started getting huge, with all these additional denies in it. I'm curious to figure out what could have changed to start this...

This is an example of the firewall log:

08/01/2014 10:42:15:FWSM-4-106023: Deny udp src exchange:10.45.140.22/24474 dst inter:10.181.16.20/6004 by access-group "acl-exchange" [0x70dc7886, 0x0]
08/01/2014 10:42:15:FWSM-4-106023: Deny udp src exchange:10.45.140.22/24473 dst inter:10.172.232.20/6004 by access-group "acl-exchange" [0x70dc7886, 0x0]
08/01/2014 10:42:15:FWSM-4-106023: Deny udp src exchange:10.45.140.22/24472 dst inter:10.45.157.252/6004 by access-group "acl-exchange" [0x70dc7886, 0x0]
08/01/2014 10:42:15:FWSM-4-106023: Deny udp src exchange:10.45.140.22/24469 dst inter:10.173.50.248/6004 by access-group "acl-exchange" [0x70dc7886, 0x0]
08/01/2014 10:42:15:FWSM-4-106023: Deny udp src exchange:10.45.140.22/24468 dst inter:10.243.34.35/6004 by access-group "acl-exchange" [0x70dc7886, 0x0]
08/01/2014 10:42:15:FWSM-4-106023: Deny udp src exchange:10.45.140.22/24467 dst inter:10.45.156.20/6004 by access-group "acl-exchange" [0x70dc7886, 0x0]

Open in new window

0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 2000 total points
ID: 39764832
So presumably your front end server is 10.445.140.22 and the backends are 10.181.16.20 / 10.172.232.20 / 10.45.157.252 / 10.173.50.248 / 10.243.34.35.

If that is the case, I would allow the port as it is internal and needed for RPC to work happily.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 15

Author Comment

by:MarkMichael
ID: 39764861
The 10.45.140.22 is one of the backend servers.


The addresses: 10.181.16.20 / 10.172.232.20 / 10.45.157.252 / 10.173.50.248 / 10.243.34.35 - are all Workstations of users from around the globe in different offices.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 39764864
Ah - okay.  Are the client computers configured using RPC over HTTPS?

If they are, then they will need to communicate with the server.

Have a read of the technical description on this page for info:

http://www.pc-library.com/ports/tcp-udp-port/6004/
0
 
LVL 15

Author Comment

by:MarkMichael
ID: 39765459
Cheers for the link.

I understand both ways would be required to allow the connection to have 2 way communications between a frontend and backend server (between RPC Proxy and DSProxy).

Although the connection appears to be being initiated from the Exchange server, to these workstations, which I find concerning, as Outlook surely wouldn't be listening on UDP 6004 anyway?

Thanks for your help Alan,

Cheers, Mark

Ps. I'm getting confirmation whether these machines are configured for RPC over HTTP.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
How to effectively resolve the number one email related issue received by helpdesks.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question