Systems Management Server 2003: Ports that Systems Management Server 2003 uses to communicate through a firewall or through a proxy server

SUPPORT SOLUTION:
This article lists the ports that Microsoft Systems
Management Server (SMS) 2003 uses to communicate through a firewall or through
a proxy server. .After the SMS schema is extended, SMS 2003 uses new ports to
access the Active Directory directory service. The following list includes the
ports that SMS uses for communication..Port Requirements: SMS site server to Active Directory

SMS 2003 site servers require access to the Active Directory
global catalog server in order to do the following:
Publish site systems to Active Directory Publish and query for Active Directory site boundaries
Run Active Directory discovery methods Collapse this tableExpand this tableService NameUDPTCPLDAP389389LDAP SSLN/A636RPC Endpoint Mapper135135Global Catalog LDAPN/A3268Global Catalog LDAP SSLN/A3269Kerberos8888.Port requirements: SMS 2003 site server to the child site, to the secondary site, or to the SMS SQL Server

Collapse this tableExpand this tablePort 445Server Message Block (SMB).Port requirements: SMS 2003 site server to remote SMS SQL Server database. Proxy management points, management point, server locator points, and reporting points to the SMS SQL Server database

Collapse this tableExpand this tablePort 1433TCP (SMS site server to SQL server)Note For more information about SQL server ports, see the section
“Microsoft SQL Server ports” section..Port requirements: SMS 2003 Advanced Client to Active Directory

In an Active Directory environment, the Advanced client makes a
Lightweight Directory Access Protocol (LDAP) query to the global catalog server
to find a management point that matches the client’s IP address. The following
ports are required in Active Directory to allow the client to contact the
global catalog server.
Collapse this tableExpand this tablePort 389 UDP (User Datagram Protocol) LDAP Ping
Port 389 TCP LDAP Port 636TCP LDAP (SSL Connection) Port 3268TCP (explicit connection to Global Catalog)
Port 3269TCP (explicit SSL connection to Global
Catalog).Port requirements: SMS 2003 Advanced Client to Management Point or to distribution point

Collapse this tableExpand this tablePort 80 Hypertext Transfer Protocol (HTTP) Port 139Client sessions (for non BITS-enabled DPs)
Port 445Server Message Block (for non BITS-enabled
DPs) Note When you use a Background Intelligent Transfer Service
(BITS)-enabled distribution point through a firewall, only port 80 needs to
opened both the management point and BITS-enabled distribution point. All
communications will be initiated from the client. If you are only opening port
80, you will need to specify the management point by using the following
script: dim oSMSClient
set oSMSClient = CreateObject (”Microsoft.SMS.Client”)
oSMSClient.SetCurrentManagementPoint “MP NetBIOS name”,0
set oSMSClient=nothing For more information, visit the following Web site: http://msdn2.microsoft.com/en-us/library/aa509005.aspx
(http://msdn2.microsoft.com/en-us/library/aa509005.aspx)
Without access to the active directory or WINS in the environment,
the advanced client will need an lmhosts file on the client computers. You will
need entries for one or more MPs. For example, the following MP has an IP
address of 10.0.0.1 and a site code of
AAA: 10.0.0.1
“MP_AAA \0×1A” #PRE.
For more information about how to write an LMHOSTS file,
click the following article number to view the article in the Microsoft
Knowledge Base: 180094 

(http://support.microsoft.com/kb/180094/
)

How to write an Lmhosts file for domain validation and other name resolution issues

.Port requirements: SMS Remote Control System service: Wuser32

Collapse this tableExpand this tableApplication protocolProtocolPortsSMS Remote ChatTCP2703SMS Remote ChatUDP 2703SMS Remote Control (control)TCP2701 SMS Remote Control (control) UDP2701 SMS Remote Control (data) TCP2702 SMS Remote Control (data) UDP2702SMS Remote File TransferTCP2704 SMS Remote File TransferUDP 2704.SMS Remote Control UDP

When you use NetBIOS over TCP/IP for SMS Remote Control, the
following ports are used:
Collapse this tableExpand this tablePort 137 Name resolutionPort 138MessagingPort 139 Client sessionsNote When you use NetBIOS over Novell NWLink, you must configure the
router to forward type 20 packets. Type 20 packets provide NetBIOS support..Microsoft Windows NT UDP

The following list includes the core UDP ports that Windows NT
uses, and it also lists their respective functions:
Collapse this tableExpand this tableDomain Name System (DNS)UDP53Dynamic Host Configuration Protocol
(DHCP)UDP67Remote procedure call (RPC)TCP135Windows Internet Name Service
(WINS)UDP138NetBIOS datagramsUDP138NetBIOS datagramsTCP139Note The SMS Administrator console must have TCP port 135 open for
communication. Otherwise, the console cannot display all the items in the
console tree..Microsoft SQL Server ports

If you use the TCP/IP Net-Library, enable port 1433 on the
firewall. Use the Hosts file or an advanced connection string for host name
resolution. If you use named pipes over TCP/IP, enable port 139 for
NetBIOS functions. Microsoft does not recommend that you enable UDP
ports 137 and 138 for NetBIOS name resolution by using B-node broadcasts.
Instead, you can use a WINS server or an Lmhosts file for name resolution.
By default, SQL Server uses TCP (not UDP) port 1433 to listen on
TCP/IP. To change the port, run SQL Server Setup on the server and then click
Change Network Support. If SQL Server uses port 1433, the
client Net-Library works. If SQL Server uses a custom port number, the client
must specify that port in the Data Source Name (DSN). .SMS RAS Sender

SMS can also use the SMS RAS Sender with Point to Point Tunneling
Protocol (PPTP) to send and to receive SMS site, client, and administrative
information through a firewall. Under these circumstances, the following port
is used:
Collapse this tableExpand this tablePPTPTCP1723.Security

To help improve the security of your computer, you can configure
your firewall to use Internet Protocol (IP) filters that permit only registered
addresses to pass through the firewall. If you enable specific ports
on a proxy server or on a firewall, this may affect the security of your
computer. For additional information about security issues, visit the following
Microsoft Web site: http://www.microsoft.com/security
(http://www.microsoft.com/security)
For more
information about how to restrict TCP/IP ports for DCOM, click the following
article number to view the article in the Microsoft Knowledge Base: 300083 

(http://support.microsoft.com/kb/300083/
)

How to restrict TCP/IP ports on Windows 2000 and Windows XP

The third-party products that this
article discusses are manufactured by companies that are independent of
Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the
performance or reliability of these products.
.

For File Repair and Data Recovery, visit File Repair / Data Recovery