The following tables list the ports that are used during the client installation process.
 Important |
|---|
| If there is a firewall between the site system servers and the client computer, confirm whether the firewall permits traffic for the ports that are required for the client installation method that you choose. For example, firewalls often prevent client push installation from succeeding because they block Server Message Block (SMB) and Remote Procedure Calls (RPC). In this scenario, use a different client installation method, such as manual installation (running CCMSetup.exe) or Group Policy-based client installation. These alternative client installation methods do not require SMB or RPC. |
For information about how to configure Windows Firewall on the client computer, see Windows Firewall Settings for Configuration Manager Clients.
Ports that Are Used for all Installation Methods
| Description | UDP | TCP |
|---|---|---|
|
Hypertext Transfer Protocol (HTTP) from the client to a server locator point. A server locator point is required in the following scenarios:
For more information about whether a server locator is required for client installation, see Determine If You Need a Server Locator Point for Configuration Manager Clients. |
-- |
80 (See note 1, Alternate Port Available) |
|
Hypertext Transfer Protocol (HTTP) from the client computer to a fallback status point, when a fallback status point is assigned to the client. |
-- |
80 (See note 1, Alternate Port Available) |
Ports that are Used with Client Push Installation
In addition to the ports listed in the following table, client push installation also uses Internet Control Message Protocol (ICMP) echo request messages from the site server to the client computer to confirm whether the client computer is available on the network. ICMP is sometimes referred to as TCP/IP ping commands. ICMP does not have a UDP or TCP protocol number, and so it is not listed in the following table. However, any intervening network devices, such as firewalls, must permit ICMP traffic for client push installation to succeed.
| Description | UDP | TCP |
|---|---|---|
|
Server Message Block (SMB) between the site server and client computer. |
-- |
445 |
|
RPC endpoint mapper between the site server and the client computer. |
135 |
135 |
|
RPC dynamic ports between the site server and the client computer. |
-- |
DYNAMIC |
|
Hypertext Transfer Protocol (HTTP) from the client computer to a mixed mode management point. |
-- |
80 (See note 1, Alternate Port Available) |
|
Secure Hypertext Transfer Protocol (HTTPS) from the client computer to a native mode management point. |
-- |
443 (See note 1, Alternate Port Available) |
Ports that are Used with Software Update Point-Based Installation
| Description | UDP | TCP |
|---|---|---|
|
Hypertext Transfer Protocol (HTTP) from the client computer to the software update point. |
-- |
80 or 8530 (See note 2, Windows Server Update Services) |
|
Secure Hypertext Transfer Protocol (HTTPS) from the client computer to the software update point. |
-- |
443 or 8531 (See note 2, Windows Server Update Services) |
|
Server Message Block (SMB) between the source server and the client computer when you specify the CCMSetup command-line property /source:<Path>. |
-- |
445 |
Ports that are Used with Group Policy-Based Installation
| Description | UDP | TCP |
|---|---|---|
|
Secure Hypertext Transfer Protocol (HTTP) from the client computer to a native mode management point. |
-- |
80 (See note 1, Alternate Port Available) |
|
Secure Hypertext Transfer Protocol (HTTPS) from the client computer to a native mode management point. |
-- |
443 (See note 1, Alternate Port Available) |
|
Server Message Block (SMB) between the source server and the client computer when you specify the CCMSetup command-line property /source:<Path>. |
-- |
445 |
Ports that are Used with Manual Installation and Logon Script-Based Installation
| Description | UDP | TCP | ||
|---|---|---|---|---|
|
Server Message Block (SMB) between the client computer and a network share from which you run CCMSetup.exe.
|
-- |
445 |
||
|
Hypertext Transfer Protocol (HTTP) from the client computer to a mixed mode management point, and you do not specify the CCMSetup command-line property /source:<Path>. |
-- |
80 (See note 1, Alternate Port Available) |
||
|
Secure Hypertext Transfer Protocol (HTTPS) from the client computer to a native mode management point, and you do not specify the CCMSetup command-line property /source:<Path>. |
-- |
443 (See note 1, Alternate Port Available) |
||
|
Server Message Block (SMB) between the source server and the client computer when you specify the CCMSetup command-line property /source:<Path>. |
-- |
445 |
NotePorts that are Used with Software Distribution-Based Installation
| Description | UDP | TCP | ||
|---|---|---|---|---|
|
Server Message Block (SMB) between the distribution point and the client computer.
|
-- |
445 |
||
|
Hypertext Transfer Protocol (HTTP) from the client to a mixed mode distribution point. |
-- |
80 (See note 1, Alternate Port Available) |
||
|
Secure Hypertext Transfer Protocol (HTTPS) from the client to a native mode distribution point. |
-- |
443 (See note 1, Alternate Port Available) |
Notes
1 Alternate Port Available In Configuration Manager, you can define an alternate port for this value. If a custom port has been defined, substitute that custom port when you define the IP filter information for IPsec policies or for configuring firewalls.
2 Windows Server Update Services You can install WSUS either on the default Web site (port 80) or a custom Web site (port 8530).
After installation, you can change the port. You do not have to use the same port number throughout the site hierarchy.
If the HTTP port is 80, the HTTPS port must be 443.
If the HTTP port is anything else, the HTTPS port must be 1 higher—for example, 8530 and 8531.