Anthony Costeseque
Arnaud DUTEIL
Frédéric Laubel
Teruin laurent
David ANDRE
David PEKMEZ
Yohan Boullier
Liste des ports utilisés par Exchange Server 2010
Publié par David PEKMEZ le novembre 10, 2009
Cette liste peut s’avérer bien pratique lors de déploiements d’Exchange Server, ports utilisés, authentification supportée et cryptage supporté ou non.
Voici la liste suivant les rôles
Les serveurs de transport :
|
Data path |
Required ports |
Default authentication |
Supported authentication |
Encryption supported? |
Encrypted by default? |
|
Hub Transport server to Hub Transport server |
25/TCP (Transport Layer Security [TLS]) |
Kerberos |
Kerberos |
Yes (TLS) |
Yes |
|
Hub Transport server to Edge Transport server |
25/TCP (TLS) |
Direct trust |
Direct trust |
Yes (TLS) |
Yes |
|
Edge Transport server to Hub Transport server |
25/TCP (TLS) |
Direct trust |
Direct trust |
Yes (TLS) |
Yes |
|
Edge Transport server to Edge Transport server |
25/TCP (SSL) |
Anonymous, Certificate |
Anonymous, Certificate |
Yes (TLS) |
Yes |
|
Mailbox server to Hub Transport server via the Microsoft Exchange Mail Submission Service |
135/TCP (RPC) |
NTLM. If the Hub Tranpsort and the Mailbox server roles are on the same server, Kerberos is used. |
NTLM/Kerberos |
Yes (RPC encryption) |
Yes |
|
Hub Transport to Mailbox server via MAPI |
135/TCP (RPC) |
NTLM. If the Hub Tranpsort and the Mailbox server roles are on the same server, Kerberos is used.. |
NTLM/Kerberos |
Yes (RPC encryption) |
Yes |
|
Unified Messaging server to Hub Transport server |
25/TCP (TLS) |
Kerberos |
Kerberos |
Yes (TLS) |
Yes |
|
Microsoft Exchange EdgeSync service from Hub Transport server to Edge Transport server |
50636/TCP (SSL) |
Basic |
Basic |
Yes (LDAPS) |
Yes |
|
Active Directory directory service access from Hub Transport server |
389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon) |
Kerberos |
Kerberos |
Yes (Kerberos encryption) |
Yes |
|
Active Directory Rights Management Services (AD RMS) access from Hub Transport server |
443/TCP (HTTPS) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (SSL) |
Yes* |
|
SMTP clients to Hub Transport server (for example, end-users using Outlook Express) |
587 (TLS) 25/TCP (TLS) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (TLS) |
Yes |
Serveur de boîte aux lettres :
|
Data path |
Required ports |
Default authentication |
Supported authentication |
Encryption supported? |
Encrypted by default? |
|
Active Directory access |
389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon) |
Kerberos |
Kerberos |
Yes (Kerberos encryption) |
Yes |
|
Admin remote access (Remote Registry) |
135/TCP (RPC) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (IPsec) |
No |
|
Admin remote access (SMB/File) |
445/TCP (SMB) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (IPsec) |
No |
|
Availability Web service (Client Access to Mailbox) |
135/TCP (RPC) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (RPC encryption) |
Yes |
|
Clustering |
135/TCP (RPC) See "Notes on Mailbox Servers" after this table. |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (IPsec) |
No |
|
Content indexing |
135/TCP (RPC) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (RPC encryption) |
Yes |
|
DSAccess to Active Directory |
389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon) |
Kerberos |
Kerberos |
Yes (Kerberos encryption) |
Yes |
|
Log shipping |
64327 (customizable) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes |
No |
|
Seeding |
64327 (customizable) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes |
No |
|
Volume shadow copy service (VSS) backup |
Local Message Block (SMB)l |
NTLM/Kerberos |
NTLM/Kerberos |
No |
No |
|
Mailbox Assistants |
135/TCP (RPC) |
NTLM/Kerberos |
NTLM/Kerberos |
No |
No |
|
MAPI access |
135/TCP (RPC) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (RPC encryption) |
Yes |
|
Microsoft Exchange Active Directory Topology service access |
135/TCP (RPC) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (RPC encryption) |
Yes |
|
Microsoft Exchange System Attendant service legacy access (Listen to requests) |
135/TCP (RPC) |
NTLM/Kerberos |
NTLM/Kerberos |
No |
No |
|
Microsoft Exchange System Attendant service legacy access to Active Directory |
389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon) |
Kerberos |
Kerberos |
Yes (Kerberos encryption) |
Yes |
|
Microsoft Exchange System Attendant service legacy access (As MAPI client) |
135/TCP (RPC) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (RPC encryption) |
Yes |
|
Offline Address Book (OAB) accessing Active Directory |
135/TCP (RPC) |
Kerberos |
Kerberos |
Yes (RPC encryption) |
Yes |
|
Outlook accessing Offline Address Book (OAB) |
80/TCP, 443/TCP (SSL) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (HTTPS) |
No |
|
Recipient Update Service RPC access |
135/TCP (RPC) |
Kerberos |
Kerberos |
Yes (RPC encryption) |
Yes |
|
Recipient update to Active Directory |
389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon) |
Kerberos |
Kerberos |
Yes (Kerberos encryption) |
Yes |
|
WebDav |
80/TCP, 443/TCP (SSL) |
Basic, NTLM, Negotiate |
Basic, NTLM, Negotiate |
Yes (HTTPS) |
Yes |
Le client Access Servers :
|
Data path |
Required ports |
Default authentication |
Supported authentication |
Encryption supported? |
Encrypted by default? |
|
Autodiscover service |
80/TCP, 443/TCP (SSL) |
Basic/Integrated Windows authentication (Negotiate) |
Basic, Digest, NTLM, Negotiate (Kerberos) |
Yes (HTTPS) |
Yes |
|
Availability service |
80/TCP, 443/TCP (SSL) |
NTLM/Kerberos |
NTLM, Kerberos |
Yes (HTTPS) |
Yes |
|
Outlook Web Access |
80/TCP, 443/TCP (SSL) |
Forms Based Authentication |
Basic, Digest, Forms Based Authentication, NTLM (v2 only), Kerberos, Certificate |
Yes (HTTPS) |
Yes using self-signed certificate |
|
POP3 |
110/TCP (TLS), 995/TCP (SSL) |
Basic, NTLM, Kerberos |
Basic, NTLM, Kerberos |
Yes (SSL, TLS) |
Yes |
|
IMAP4 |
143/TCP (TLS), 993/TCP (SSL) |
Basic, NTLM, Kerberos |
Basic, NTLM, Kerberos |
Yes (SSL, TLS) |
Yes |
|
Outlook Anywhere (formerly known as RPC over HTTP ) |
80/TCP, 443/TCP (SSL) |
Basic |
Basic or NTLM |
Yes (HTTPS) |
Yes |
|
Exchange ActiveSync application |
80/TCP, 443/TCP (SSL) |
Basic |
Basic, Certificate |
Yes (HTTPS) |
Yes |
|
Client Access server to Unified Messaging server |
5060/TCP, 5061/TCP, 5062/TCP, a dynamic port |
By IP address |
By IP address |
Yes (Session Initiation Protocol [SIP] over TLS) |
Yes |
|
Client Access server to a Mailbox server that is running an earlier version of Exchange Server |
80/TCP, 443/TCP (SSL) |
NTLM/Kerberos |
Negotiate (Kerberos with fallback to NTLM or optionally Basic,) POP/IMAP plain text |
Yes (IPsec) |
No |
|
Client Access server to Exchange 2010 Mailbox server |
RPC. See "Notes on Client Access Servers" after this table. |
Kerberos |
NTLM/Kerberos |
Yes (RPC encryption) |
Yes |
|
Client Access server to Client Access server (Exchange ActiveSync) |
80/TCP, 443/TCP (SSL) |
Kerberos |
Kerberos, Certificate |
Yes (HTTPS) |
Yes using self-signed certificate |
|
Client Access server to Client Access server (Outlook Web Access) |
80/TCP, 443/TCP (SSL) |
Kerberos |
Kerberos |
Yes (HTTPS) |
Yes |
|
WebDAV |
80/TCP, 443/TCP (SSL) |
HTTP Basic or Outlook Web Access forms-based authentication |
Basic, Outlook Web Access forms-based authentication |
Yes (HTTPS) |
Yes |
Le serveur de messagerie unifiée :
|
Data path |
Required ports |
Default authentication |
Supported authentication |
Encryption supported? |
Encrypted by default? |
|
Unified Messaging Phone interaction (PBX) |
5060/TCP, 5061/TCP, 5062/TCP, a dynamic port |
By IP address |
By IP address |
SIP over TLS, but Media is not encrypted |
Yes for SIP |
|
Unified Messaging Web Service |
80/TCP, 443/TCP (SSL) |
Integrated Windows authentication (Negotiate) |
Basic, Digest, NTLM, Negotiate (Kerberos) |
Yes (SSL) |
Yes |
|
Unified Messaging server to Client Access server |
5075, 5076, 5075 (TCP) |
Integrated Windows authentication (Negotiate) |
Basic, Digest, NTLM, Negotiate (Kerberos) |
Yes (SSL) |
Yes |
|
Unified Messaging to Hub Transport |
25/TCP (TLS) |
Kerberos |
Kerberos |
Yes (TLS) |
Yes |
|
Unified Messaging server to Mailbox server |
135/TCP (RPC) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (RPC encryption) |
Yes |
Vous trouverez des informations supplémentaires sur le TechNet Microsoft !
http://technet.microsoft.com/en-us/library/bb331973(EXCHG.140).aspx
Bonne lecture !
