XML requests sent from an application such as the ASP.NET Web Service (using the MPS .NET Client Wrapper) must be able to pass into Microsoft Provisioning System (MPS). To enable this to occur, certain ports in the data center perimeter firewall must be opened. In addition, MPS components use specific TCP/IP ports for connecting to Active Directory, Microsoft Exchange Server 2007 service pack 1, Web, Microsoft SQL Server, and Microsoft Windows SharePoint Services servers.
When implementing firewalls or other security technologies within your environment, it is important that you choose a design that keeps the appropriate ports open between MPS components and other servers in your hosting environment. The following tables provide the port requirements for communication between the components of your provisioning environment.
Table: Port List for MPS Client to Provisioning Engine Communication
| MPF Client | Provisioning Engine | Protocol | Remarks |
|---|---|---|---|
|
Random 4xxx |
135 |
TCP |
Remote Procedure Call (RPC) Bind |
|
135 |
Random 4xxx |
TCP |
RPC Bind |
|
Random 4xxx |
1025 |
TCP |
RPC Session |
|
1025 |
Random 4xxx |
TCP |
RPC Session |
|
1117 |
135 |
TCP |
Encrypted RPC Session |
|
1118 |
Random 4xxx |
TCP |
Encrypted RPC Session |
|
Random 4xxx |
1119 |
TCP |
Encrypted RPC Session |
|
1116 |
135 |
TCP |
Session Setup |
Table: Port List for MPF Client to Domain Controller (Active Directory) Communication
| MPF Client | Domain Controller | Protocol | Remarks |
|---|---|---|---|
|
Random 4xxx |
135 |
TCP |
RPC Bind |
|
135 |
Random 4xxx |
TCP |
RPC Bind |
|
Random 4xxx |
1025 |
TCP |
RPC Session |
|
1025 |
Random 4xxx |
TCP |
RPC Session |
|
ICMP Echo |
ICMP Response |
Internet Control Message Protocol (ICMP) |
Echo Request |
|
Random 4xxx |
139 |
User Datagram Protocol (UDP) |
NetBIOS over TCP (NBT) Session |
|
139 |
Random 4xxx |
UDP |
NBT Session |
|
137 |
- |
UDP |
NBT Name Query |
|
Random 4xxx |
445 |
TCP |
MS-DS/SMB |
|
445 |
Random 4xxx |
TCP |
MS-DS/SMB |
Table: Port List for Provisioning Engine to Domain Controller (Active Directory) Communication
| Provisioning Engine | Domain Controller | Protocol | Remarks |
|---|---|---|---|
|
ICMP ECHO |
ICMP Response |
ICMP |
Echo Request |
|
Random 4xxx |
445 |
TCP |
MS-DS/SMB |
|
445 |
Random 4xxx |
TCP |
MS-DS/SMB |
|
Random 4xxx |
123 |
UDP |
Network Time Protocol |
Table: Port List for Provisioning Engine to SQL Server Communication
| Provisioning Engine | SQL Server | Protocol | Remarks |
|---|---|---|---|
|
Random 4xxx |
1433 |
TCP |
SQL Traffic |
Table: Port List for Provisioning Engine to Web Server Communication*
| Provisioning Engine | Web Server | Protocol | Remarks |
|---|---|---|---|
|
Random 4xxx |
135 |
TCP |
RPC Bind |
|
135 |
Random 4xxx |
TCP |
RPC Bind |
|
Random 4xxx |
1025 |
TCP |
RPC Session |
|
1025 |
Random 4xxx |
TCP |
RPC Session |
|
1116 |
135 |
TCP |
Session Setup |
* Uses Remote Procedure Call (RPC) for Active Directory Service Interfaces (ADSI) and Windows Management Interface (WMI) traffic.
Table: Port List for Provisioning Engine to Windows SharePoint Services Communication
| Provisioning Engine | Windows SharePoint Services | Protocol | Remarks |
|---|---|---|---|
|
Random 4xxx |
80 |
TCP |
HTTP |
|
Random 4xxx |
443 |
TCP |
HTTPS |
Table: Port List for Provisioning Engine to Exchange Server Communication
| Provisioning Engine | Exchange Server | Protocol | Remarks |
|---|---|---|---|
|
ICMP ECHO |
Dynamic Port |
ICMP |
Echo Request |
|
Random 4xxx |
Dynamic Port |
TCP |
MS-DS/SMB |
|
445 |
Dynamic Port |
TCP |
MS-DS/SMB |
|
Random 4xxx |
Dynamic Port |
UDP |
Network Time Protocol |