Solved

Exchange 2003 - Firewall logs Port 6004 Outbound

Posted on 2014-01-08
7
262 Views
Last Modified: 2016-05-17
Hi Experts,

We have an Exchange 2003 environment and we have firewall logs filling up with denies from some of the Exchange 2003 servers showing connection attempts to remote servers in the LAN on UDP 6004.

Over the last month or so, another team has introduced an Exchange 2010 servers, to allow them to move to Office 365.

There's no correlation between the destination IP of the connection and the Exchange 2010 servers either.

Any ideas why these servers have started to attempt to connect to other devices on 6004?
0
Comment
Question by:MarkMichael
  • 3
  • 3
7 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
That port is used for RPC (RPC via HTTPS or Outlook Anywhere as it is known in Exchange 2007 and up).

Are you using a Front-End / Back-End environment with multiple back-end servers?
0
 
LVL 15

Author Comment

by:MarkMichael
Comment Utility
Yep, thats right.

We have several back ends and several front ends for Exchange 2003.

This has been set up like this for a few years and the firewall logs have only recently started getting huge, with all these additional denies in it. I'm curious to figure out what could have changed to start this...

This is an example of the firewall log:

08/01/2014 10:42:15:FWSM-4-106023: Deny udp src exchange:10.45.140.22/24474 dst inter:10.181.16.20/6004 by access-group "acl-exchange" [0x70dc7886, 0x0]
08/01/2014 10:42:15:FWSM-4-106023: Deny udp src exchange:10.45.140.22/24473 dst inter:10.172.232.20/6004 by access-group "acl-exchange" [0x70dc7886, 0x0]
08/01/2014 10:42:15:FWSM-4-106023: Deny udp src exchange:10.45.140.22/24472 dst inter:10.45.157.252/6004 by access-group "acl-exchange" [0x70dc7886, 0x0]
08/01/2014 10:42:15:FWSM-4-106023: Deny udp src exchange:10.45.140.22/24469 dst inter:10.173.50.248/6004 by access-group "acl-exchange" [0x70dc7886, 0x0]
08/01/2014 10:42:15:FWSM-4-106023: Deny udp src exchange:10.45.140.22/24468 dst inter:10.243.34.35/6004 by access-group "acl-exchange" [0x70dc7886, 0x0]
08/01/2014 10:42:15:FWSM-4-106023: Deny udp src exchange:10.45.140.22/24467 dst inter:10.45.156.20/6004 by access-group "acl-exchange" [0x70dc7886, 0x0]

Open in new window

0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 500 total points
Comment Utility
So presumably your front end server is 10.445.140.22 and the backends are 10.181.16.20 / 10.172.232.20 / 10.45.157.252 / 10.173.50.248 / 10.243.34.35.

If that is the case, I would allow the port as it is internal and needed for RPC to work happily.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 15

Author Comment

by:MarkMichael
Comment Utility
The 10.45.140.22 is one of the backend servers.


The addresses: 10.181.16.20 / 10.172.232.20 / 10.45.157.252 / 10.173.50.248 / 10.243.34.35 - are all Workstations of users from around the globe in different offices.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
Comment Utility
Ah - okay.  Are the client computers configured using RPC over HTTPS?

If they are, then they will need to communicate with the server.

Have a read of the technical description on this page for info:

http://www.pc-library.com/ports/tcp-udp-port/6004/
0
 
LVL 15

Author Comment

by:MarkMichael
Comment Utility
Cheers for the link.

I understand both ways would be required to allow the connection to have 2 way communications between a frontend and backend server (between RPC Proxy and DSProxy).

Although the connection appears to be being initiated from the Exchange server, to these workstations, which I find concerning, as Outlook surely wouldn't be listening on UDP 6004 anyway?

Thanks for your help Alan,

Cheers, Mark

Ps. I'm getting confirmation whether these machines are configured for RPC over HTTP.
0

Featured Post

Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
how to add IIS SMTP to handle application/Scanner relays into office 365.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now