XCCC: TCP/IP Ports Used by Microsoft Mobile Information Server (294297)


The information in this article applies to:

  • Microsoft Mobile Information 2001 Server
This article was previously published under Q294297

SUMMARY

This article describes the Transmission Control Protocol/Internet Protocol (TCP/IP) ports that are used by Mobile Information Server. This article also describes scenarios where you may need to open these ports on a firewall to allow access for mobile users.

MORE INFORMATION

When you run Mobile Information Server in a perimeter network (also known as DMZ, demilitarized zone, and screened subnet), open the following ports on the router between the perimeter network and the internal network:
  • 80 - Hypertext Transfer Protocol (HTTP)
  • 53 - Domain name system (DNS)
  • 88 - Kerberos (if you are using NTLM)
  • 135 - Remote procedure call (RPC)
  • 137 - NetBIOS Name Service
  • 138 - NetBIOS Datagram Service
  • 139 - NetBIOS Session
  • 389 - Lightweight Directory Access Protocol (LDAP) (TCP/User Datagram Protocol [UDP])
  • 1026 - RPC
  • 3268 - Global Catalog with LDAP
However, if you are using IPSec to secure traffic between Mobile Information Server and the internal network, allow only the following through the firewall for inbound and outbound traffic:
  • IP Protocol 50 - Encapsulating Security Protocol (ESP)
  • IP Protocol 51 - Authentication Header (AH)
  • UDP port 500 - ISAKMP
Additional TCP and UDP ports may be required to allow Kerberos. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

233256 How to Enable IPSec Traffic Through a Firewall

On the external firewall between the perimeter network and the public network, the following ports must be available:
  • For Exchange 2000 notifications:
    • 25 - SMTP (if you are using SMTP carriers)
    • 80 - HTTP (if you are using HTTP carriers with Mobile Information Server Carrier Edition)
    • 50, 51, UDP 500 - IPSec (if you are using an HTTP carrier with the IPSec policy)
  • For Exchange 2000 browse:
    • 80 - HTTP (if you are not using secure HTTP)
    • 443 - HTTPS (if you are using secure HTTP over Secure Sockets Layer [SSL])
  • For Exchange Server 5.5 browse:
    • 80 - HTTP (if you are not using secure HTTP)
    • 443 - HTTPS (if you are using secure HTTP over SSL)
In addition, Exchange Server 5.5 browse requires the following additional ports to be opened on the internal firewall:
  • 1024 and higher - Dynamic RPC
When you set Exchange Server 5.5 RPC ports statically, you can avoid the need for all ports higher than 1024 for dynamic RPC.
Modification Type:MinorLast Reviewed:9/7/2005
Keywords:kbinfo KB294297
©2004 Microsoft Corporation. All rights reserved.