Exchange your Mind

"La connaissance ne vaut que si elle est partagée" / "An effective Knowledge is a shared one"

Liste des ports utilisés par Exchange Server 2010

Posted by David PEKMEZ le novembre 10, 2009


Cette liste peut s’avérer bien pratique lors de déploiements d’Exchange Server, ports utilisés, authentification supportée et cryptage supporté ou non.

Voici la liste suivant les rôles

Les serveurs de transport :

Data path

Required ports

Default authentication

Supported authentication

Encryption supported?

Encrypted by default?

Hub Transport server to Hub Transport server

25/TCP (Transport Layer Security [TLS])

Kerberos

Kerberos

Yes (TLS)

Yes

Hub Transport server to Edge Transport server

25/TCP (TLS)

Direct trust

Direct trust

Yes (TLS)

Yes

Edge Transport server to Hub Transport server

25/TCP (TLS)

Direct trust

Direct trust

Yes (TLS)

Yes

Edge Transport server to Edge Transport server

25/TCP (SSL)

Anonymous, Certificate

Anonymous, Certificate

Yes (TLS)

Yes

Mailbox server to Hub Transport server via the Microsoft Exchange Mail Submission Service

135/TCP (RPC)

NTLM. If the Hub Tranpsort and the Mailbox server roles are on the same server, Kerberos is used.

NTLM/Kerberos

Yes (RPC encryption)

Yes

Hub Transport to Mailbox server via MAPI

135/TCP (RPC)

NTLM. If the Hub Tranpsort and the Mailbox server roles are on the same server, Kerberos is used..

NTLM/Kerberos

Yes (RPC encryption)

Yes

Unified Messaging server to Hub Transport server

25/TCP (TLS)

Kerberos

Kerberos

Yes (TLS)

Yes

Microsoft Exchange EdgeSync service from Hub Transport server to Edge Transport server

50636/TCP (SSL)

Basic

Basic

Yes (LDAPS)

Yes

Active Directory directory service access from Hub Transport server

389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon)

Kerberos

Kerberos

Yes (Kerberos encryption)

Yes

Active Directory Rights Management Services (AD RMS) access from Hub Transport server

443/TCP (HTTPS)

NTLM/Kerberos

NTLM/Kerberos

Yes (SSL)

Yes*

SMTP clients to Hub Transport server (for example, end-users using Outlook Express)

587 (TLS)

25/TCP (TLS)

NTLM/Kerberos

NTLM/Kerberos

Yes (TLS)

Yes

 

Serveur de boîte aux lettres :

Data path

Required ports

Default authentication

Supported authentication

Encryption supported?

Encrypted by default?

Active Directory access

389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon)

Kerberos

Kerberos

Yes (Kerberos encryption)

Yes

Admin remote access (Remote Registry)

135/TCP (RPC)

NTLM/Kerberos

NTLM/Kerberos

Yes (IPsec)

No

Admin remote access (SMB/File)

445/TCP (SMB)

NTLM/Kerberos

NTLM/Kerberos

Yes (IPsec)

No

Availability Web service (Client Access to Mailbox)

135/TCP (RPC)

NTLM/Kerberos

NTLM/Kerberos

Yes (RPC encryption)

Yes

Clustering

135/TCP (RPC) See "Notes on Mailbox Servers" after this table.

NTLM/Kerberos

NTLM/Kerberos

Yes (IPsec)

No

Content indexing

135/TCP (RPC)

NTLM/Kerberos

NTLM/Kerberos

Yes (RPC encryption)

Yes

DSAccess to Active Directory

389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon)

Kerberos

Kerberos

Yes (Kerberos encryption)

Yes

Log shipping

64327 (customizable)

NTLM/Kerberos

NTLM/Kerberos

Yes

No

Seeding

64327 (customizable)

NTLM/Kerberos

NTLM/Kerberos

Yes

No

Volume shadow copy service (VSS) backup

Local Message Block (SMB)l

NTLM/Kerberos

NTLM/Kerberos

No

No

Mailbox Assistants

135/TCP (RPC)

NTLM/Kerberos

NTLM/Kerberos

No

No

MAPI access

135/TCP (RPC)

NTLM/Kerberos

NTLM/Kerberos

Yes (RPC encryption)

Yes

Microsoft Exchange Active Directory Topology service access

135/TCP (RPC)

NTLM/Kerberos

NTLM/Kerberos

Yes (RPC encryption)

Yes

Microsoft Exchange System Attendant service legacy access (Listen to requests)

135/TCP (RPC)

NTLM/Kerberos

NTLM/Kerberos

No

No

Microsoft Exchange System Attendant service legacy access to Active Directory

389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon)

Kerberos

Kerberos

Yes (Kerberos encryption)

Yes

Microsoft Exchange System Attendant service legacy access (As MAPI client)

135/TCP (RPC)

NTLM/Kerberos

NTLM/Kerberos

Yes (RPC encryption)

Yes

Offline Address Book (OAB) accessing Active Directory

135/TCP (RPC)

Kerberos

Kerberos

Yes (RPC encryption)

Yes

Outlook accessing Offline Address Book (OAB)

80/TCP, 443/TCP (SSL)

NTLM/Kerberos

NTLM/Kerberos

Yes (HTTPS)

No

Recipient Update Service RPC access

135/TCP (RPC)

Kerberos

Kerberos

Yes (RPC encryption)

Yes

Recipient update to Active Directory

389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon)

Kerberos

Kerberos

Yes (Kerberos encryption)

Yes

WebDav

80/TCP, 443/TCP (SSL)

Basic, NTLM, Negotiate

Basic, NTLM, Negotiate

Yes (HTTPS)

Yes

 

Le client Access Servers :

Data path

Required ports

Default authentication

Supported authentication

Encryption supported?

Encrypted by default?

Autodiscover service

80/TCP, 443/TCP (SSL)

Basic/Integrated Windows authentication (Negotiate)

Basic, Digest, NTLM, Negotiate (Kerberos)

Yes (HTTPS)

Yes

Availability service

80/TCP, 443/TCP (SSL)

NTLM/Kerberos

NTLM, Kerberos

Yes (HTTPS)

Yes

Outlook Web Access

80/TCP, 443/TCP (SSL)

Forms Based Authentication

Basic, Digest, Forms Based Authentication, NTLM (v2 only), Kerberos, Certificate

Yes (HTTPS)

Yes using self-signed certificate

POP3

110/TCP (TLS), 995/TCP (SSL)

Basic, NTLM, Kerberos

Basic, NTLM, Kerberos

Yes (SSL, TLS)

Yes

IMAP4

143/TCP (TLS), 993/TCP (SSL)

Basic, NTLM, Kerberos

Basic, NTLM, Kerberos

Yes (SSL, TLS)

Yes

Outlook Anywhere (formerly known as RPC over HTTP )

80/TCP, 443/TCP (SSL)

Basic

Basic or NTLM

Yes (HTTPS)

Yes

Exchange ActiveSync application

80/TCP, 443/TCP (SSL)

Basic

Basic, Certificate

Yes (HTTPS)

Yes

Client Access server to Unified Messaging server

5060/TCP, 5061/TCP, 5062/TCP, a dynamic port

By IP address

By IP address

Yes (Session Initiation Protocol [SIP] over TLS)

Yes

Client Access server to a Mailbox server that is running an earlier version of Exchange Server

80/TCP, 443/TCP (SSL)

NTLM/Kerberos

Negotiate (Kerberos with fallback to NTLM or optionally Basic,) POP/IMAP plain text

Yes (IPsec)

No

Client Access server to Exchange 2010 Mailbox server

RPC. See "Notes on Client Access Servers" after this table.

Kerberos

NTLM/Kerberos

Yes (RPC encryption)

Yes

Client Access server to Client Access server (Exchange ActiveSync)

80/TCP, 443/TCP (SSL)

Kerberos

Kerberos, Certificate

Yes (HTTPS)

Yes using self-signed certificate

Client Access server to Client Access server (Outlook Web Access)

80/TCP, 443/TCP (SSL)

Kerberos

Kerberos

Yes (HTTPS)

Yes

WebDAV

80/TCP, 443/TCP (SSL)

HTTP Basic or Outlook Web Access forms-based authentication

Basic, Outlook Web Access forms-based authentication

Yes (HTTPS)

Yes

 

Le serveur de messagerie unifiée :

Data path

Required ports

Default authentication

Supported authentication

Encryption supported?

Encrypted by default?

Unified Messaging Phone interaction (PBX)

5060/TCP, 5061/TCP, 5062/TCP, a dynamic port

By IP address

By IP address

SIP over TLS, but Media is not encrypted

Yes for SIP

Unified Messaging Web Service

80/TCP, 443/TCP (SSL)

Integrated Windows authentication (Negotiate)

Basic, Digest, NTLM, Negotiate (Kerberos)

Yes (SSL)

Yes

Unified Messaging server to Client Access server

5075, 5076, 5075 (TCP)

Integrated Windows authentication (Negotiate)

Basic, Digest, NTLM, Negotiate (Kerberos)

Yes (SSL)

Yes

Unified Messaging to Hub Transport

25/TCP (TLS)

Kerberos

Kerberos

Yes (TLS)

Yes

Unified Messaging server to Mailbox server

135/TCP (RPC)

NTLM/Kerberos

NTLM/Kerberos

Yes (RPC encryption)

Yes

 

Vous trouverez des informations supplémentaires sur le TechNet Microsoft !

http://technet.microsoft.com/en-us/library/bb331973(EXCHG.140).aspx

Bonne lecture !

About these ads

Laisser un commentaire

Choisissez une méthode de connexion pour poster votre commentaire:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion / Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion / Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion / Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion / Changer )

Connexion à %s

 
Suivre

Recevez les nouvelles publications par mail.

Rejoignez 224 autres abonnés

%d bloggers like this: