15 October 2008

Sccm 2007 DCM Web resources from Microsoft

 

Desired Configuraion Manager Web resources from Microsoft.com

Configuration Manager Configuration Pack Catalog

https://www.microsoft.com/technet/prodtechnol/scp/configmgr07.aspx

Technical Reference for Desired Configuration Management

http://technet.microsoft.com/en-us/library/bb680894.aspx

Configuration Pack Authoring Guide

http://technet.microsoft.com/en-us/library/bb680894.aspx

Configuration Manager Documentation Library

http://technet.microsoft.com/en-au/library/bb680651.aspx

Configuring Desired Configuration Management

http://technet.microsoft.com/en-au/library/bb680669.aspx

Desired Configuration Management on TechNet Forums

http://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=1817&SiteID=17

 

-------------------
Thanks,
http://paddymaddy.blogspot.com/
at Wednesday, October 15, 2008 0 comments
Labels: ,

Sccm 2007 DCM Web resources from Microsoft

 

Desired Configuraion Manager Web resources from Microsoft.com

Configuration Manager Configuration Pack Catalog

https://www.microsoft.com/technet/prodtechnol/scp/configmgr07.aspx

Technical Reference for Desired Configuration Management

http://technet.microsoft.com/en-us/library/bb680894.aspx

Configuration Pack Authoring Guide

http://technet.microsoft.com/en-us/library/bb680894.aspx

Configuration Manager Documentation Library

http://technet.microsoft.com/en-au/library/bb680651.aspx

Configuring Desired Configuration Management

http://technet.microsoft.com/en-au/library/bb680669.aspx

Desired Configuration Management on TechNet Forums

http://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=1817&SiteID=17

 

-------------------
Thanks,
http://paddymaddy.blogspot.com/
at Wednesday, October 15, 2008 0 comments
Labels:

DCM with SCCM 2007

Configuration Manager 2007 Toolkit for DCM Kit

The configuration Manager 2007 toolkit contains the following tools for DCM

DCM Model Verification - A tool used by desired configuration

management content administrators for the validation and testing of

configuration items and baselines authored externally from the

Configuration Manager console.

DCM Digest Conversion - A tool used by desired configuration

management content administrators to convert existing SMS 2003

Desired Configuration Management Solution templates to Desired

Configuration Management 2007 configuration items.

DCM Substitution Variables - A tool used by desired configuration

management content administrators for authoring desired

configuration management configuration items that use chained

setting and object discovery.


-------------------
Thanks,
http://paddymaddy.blogspot.com/
at Wednesday, October 15, 2008 0 comments
Labels: ,

DCM with SCCM 2007

Configuration Manager 2007 Toolkit for DCM Kit

The configuration Manager 2007 toolkit contains the following tools for DCM

DCM Model Verification - A tool used by desired configuration

management content administrators for the validation and testing of

configuration items and baselines authored externally from the

Configuration Manager console.

DCM Digest Conversion - A tool used by desired configuration

management content administrators to convert existing SMS 2003

Desired Configuration Management Solution templates to Desired

Configuration Management 2007 configuration items.

DCM Substitution Variables - A tool used by desired configuration

management content administrators for authoring desired

configuration management configuration items that use chained

setting and object discovery.


-------------------
Thanks,
http://paddymaddy.blogspot.com/
at Wednesday, October 15, 2008 0 comments
Labels:

SCCM 2007 R2 Application Virtualization

There is good artical on SCCM R2 New Virtual Application
http://weblog.bassq.nl/?p=157#more-157

Enjoy,
Paddy
at Wednesday, October 15, 2008 0 comments
Labels:

SCCM 2007 R2 Application Virtualization

There is good artical on SCCM R2 New Virtual Application
http://weblog.bassq.nl/?p=157#more-157

Enjoy,
Paddy
at Wednesday, October 15, 2008 0 comments
Labels:

14 October 2008

SCCM 2007 Virtual Application all Packages Tools Pdf files and Scripts how to use them

Using the Virtual Application Package Tools

The following list of procedures describes how to use the tools that are available to help manage virtual application packages in your Configuration Manager 2007 environment. By default, the files are located in the following directory: <ConfigMgrInstallationPath> \ SMS \ Tools \ VirtualApp.

AppVirtMgmtClient.sms

Use the AppVirtMgmtClient.sms file to create a Configuration Manager 2007 package to distribute the Microsoft Application Virtualization (App-V) Client. For more information about installing the App-V client, see How to Install the Microsoft Application Virtualization Client.

Note 

By default, the program created by AppVirtMgmtClient.sms file will restart the target computer because the App-V client setup needs to update files used by the operating system. When you upgrade from previous versions of the App-V client, you must use the setting ConfigMgr restarts computer. For new App-V client deployments, you can change this program setting to No action required. However, you should install the App-V client setup manually in a test environment to ensure the computer does not need to be restarted as part of the installation.

After the App-V client has been installed, software metering for virtual application packages will not be available until after you have restarted the target computer. You should choose the setting ConfigMgr restarts computer if you plan to run software metering for virtual application packages.

AppVirtMgmtSequencer.sms

Use the AppVirtMgmtSequencer.sms file to install the App-V sequencer into your Configuration Manager 2007 environment. For more information about installing an application using a program definition file, see How to Create a Package from a Package Definition File.

Using the ManageVAppPackage.vbs Script

You can use the ManageVAppPackage.vbs file to import new virtual applications and update existing virtual application packages in Configuration Manager 2007.

Use the following procedure to manage virtual application packages

To manage virtual application packages

Open a command prompt. Navigate to the directory containing the ManageVAppPackage.vbs. The default location is <ConfigMgrInstallationPath> \ SMS \ Tools \ VirtualApp \ ManageVAppPackage.vbs.

To update an existing virtual application package, or to import a new virtual application, type the applicable command.

 

To import a new virtual application, type the following command using your values:

cscript ManageVAppPackage.vbs /Action ADD /SGVAppSource VirtualApplicationSourceDirectory /SMSVAppSource \\Server\VappsourceDirectory\VirtualApplicationName [/DPList \\Server\Share] [/PackageName YourPackageName] [/PackageComment YourPackageComment] [/Manufacturer YourManufacturer] [/Language YourLanguage]

To update an existing virtual application package, type the following command using your values:

cscript ManageVAppPackage.vbs /Action UPDATE /PackageID YourPackageID /SGVAppSource VirtualApplicationSourceDirectory /PackageName YourPackageName [/PackageComment YourPackageComment] [/Manufacturer YourManufacturer] [/Language YourLanguage]

Use the value descriptions in the following table to help you determine the actual text you will use with the preceding commands.

Value  Description 

/Action

 Specifies if a new virtual application will be imported or an existing package will be upgraded. To import a new virtual application, use the ADD parameter. To update an existing virtual application package, use the UPDATE parameter. If you are importing a new virtual application, do not specify an associated PackageID. If you are updating an existing virtual application package, do not use the /DPList parameter.

/SGVAppSource

 Specifies the source location for the App-V virtual application. Configuration Manager 2007 will copy the contents from the specified directory. The directory specified can be a local folder or a folder specified by using UNC format.

/SMSVAppSource

 Specifies the Configuration Manager 2007 source folder. You must specify this location using UNC format.

/Packagename

 Specifies the package name for the virtual application package. If no name is specified, Configuration Manager 2007 will assign the name specified in the associated manifest file.

/DPList

 Specifies the distribution points that the virtual application package will be added to. If you want to add the package to all distribution points, use an asterisk (*).

/PackageComment

 Specifies the comment that will be associated with the virtual application package.

/PackageID

 Specifies the Configuration Manager 2007 package associated with the virtual application.

/Manufacturer

 Specifies the manufacturer that will be associated with the virtual application package.

/Language

 Specifies the language that will be associated with the virtual application package.

Using the SetRetensionRules.vbs Script

You can configure retention rules for virtual application packages by using the SetRetentionRules.vbs file. This script can be used only on a primary Configuration Manager 2007 site.

Use the following procedure to set the retention rules for virtual application packages located on Configuration Manager 2007 distribution points.

To set virtual application package retention rules

Open a command prompt. Navigate to the directory containing SetRetentionRules.vbs. The default location is <ConfigMgrInstallationPath> \ SMS \ Tools \ VirtualApp \ SetRetentionRules.vbs.

To set the retention rules, type the following command, replacing the text in brackets with your values:

cscript SetRetentionRules.vbs [TransitionDays] [Max Versions]

Use the value descriptions in the following table to help you determine the actual text you will use in the preceding command.

Value  Description 

TransitionDays

 Specifies the number of days virtual application packages will be saved.

Max Versions

 Specifies the maximum number of versions that will be saved.

Enjoy,
Paddy
at Tuesday, October 14, 2008 0 comments
Labels: ,

SCCM 2007 Virtual Application all Packages Tools Pdf files and Scripts how to use them

Using the Virtual Application Package Tools

The following list of procedures describes how to use the tools that are available to help manage virtual application packages in your Configuration Manager 2007 environment. By default, the files are located in the following directory: <ConfigMgrInstallationPath> \ SMS \ Tools \ VirtualApp.

AppVirtMgmtClient.sms

Use the AppVirtMgmtClient.sms file to create a Configuration Manager 2007 package to distribute the Microsoft Application Virtualization (App-V) Client. For more information about installing the App-V client, see How to Install the Microsoft Application Virtualization Client.

Note 

By default, the program created by AppVirtMgmtClient.sms file will restart the target computer because the App-V client setup needs to update files used by the operating system. When you upgrade from previous versions of the App-V client, you must use the setting ConfigMgr restarts computer. For new App-V client deployments, you can change this program setting to No action required. However, you should install the App-V client setup manually in a test environment to ensure the computer does not need to be restarted as part of the installation.

After the App-V client has been installed, software metering for virtual application packages will not be available until after you have restarted the target computer. You should choose the setting ConfigMgr restarts computer if you plan to run software metering for virtual application packages.

AppVirtMgmtSequencer.sms

Use the AppVirtMgmtSequencer.sms file to install the App-V sequencer into your Configuration Manager 2007 environment. For more information about installing an application using a program definition file, see How to Create a Package from a Package Definition File.

Using the ManageVAppPackage.vbs Script

You can use the ManageVAppPackage.vbs file to import new virtual applications and update existing virtual application packages in Configuration Manager 2007.

Use the following procedure to manage virtual application packages

To manage virtual application packages

Open a command prompt. Navigate to the directory containing the ManageVAppPackage.vbs. The default location is <ConfigMgrInstallationPath> \ SMS \ Tools \ VirtualApp \ ManageVAppPackage.vbs.

To update an existing virtual application package, or to import a new virtual application, type the applicable command.

 

To import a new virtual application, type the following command using your values:

cscript ManageVAppPackage.vbs /Action ADD /SGVAppSource VirtualApplicationSourceDirectory /SMSVAppSource \\Server\VappsourceDirectory\VirtualApplicationName [/DPList \\Server\Share] [/PackageName YourPackageName] [/PackageComment YourPackageComment] [/Manufacturer YourManufacturer] [/Language YourLanguage]

To update an existing virtual application package, type the following command using your values:

cscript ManageVAppPackage.vbs /Action UPDATE /PackageID YourPackageID /SGVAppSource VirtualApplicationSourceDirectory /PackageName YourPackageName [/PackageComment YourPackageComment] [/Manufacturer YourManufacturer] [/Language YourLanguage]

Use the value descriptions in the following table to help you determine the actual text you will use with the preceding commands.

Value  Description 

/Action

 Specifies if a new virtual application will be imported or an existing package will be upgraded. To import a new virtual application, use the ADD parameter. To update an existing virtual application package, use the UPDATE parameter. If you are importing a new virtual application, do not specify an associated PackageID. If you are updating an existing virtual application package, do not use the /DPList parameter.

/SGVAppSource

 Specifies the source location for the App-V virtual application. Configuration Manager 2007 will copy the contents from the specified directory. The directory specified can be a local folder or a folder specified by using UNC format.

/SMSVAppSource

 Specifies the Configuration Manager 2007 source folder. You must specify this location using UNC format.

/Packagename

 Specifies the package name for the virtual application package. If no name is specified, Configuration Manager 2007 will assign the name specified in the associated manifest file.

/DPList

 Specifies the distribution points that the virtual application package will be added to. If you want to add the package to all distribution points, use an asterisk (*).

/PackageComment

 Specifies the comment that will be associated with the virtual application package.

/PackageID

 Specifies the Configuration Manager 2007 package associated with the virtual application.

/Manufacturer

 Specifies the manufacturer that will be associated with the virtual application package.

/Language

 Specifies the language that will be associated with the virtual application package.

Using the SetRetensionRules.vbs Script

You can configure retention rules for virtual application packages by using the SetRetentionRules.vbs file. This script can be used only on a primary Configuration Manager 2007 site.

Use the following procedure to set the retention rules for virtual application packages located on Configuration Manager 2007 distribution points.

To set virtual application package retention rules

Open a command prompt. Navigate to the directory containing SetRetentionRules.vbs. The default location is <ConfigMgrInstallationPath> \ SMS \ Tools \ VirtualApp \ SetRetentionRules.vbs.

To set the retention rules, type the following command, replacing the text in brackets with your values:

cscript SetRetentionRules.vbs [TransitionDays] [Max Versions]

Use the value descriptions in the following table to help you determine the actual text you will use in the preceding command.

Value  Description 

TransitionDays

 Specifies the number of days virtual application packages will be saved.

Max Versions

 Specifies the maximum number of versions that will be saved.

Enjoy,
Paddy
at Tuesday, October 14, 2008 0 comments
Labels: ,

13 October 2008

Simple steps for Configure Virtual Application Components in SCCM 2007 R2

 
Simple steps to Configure Virtual Application Components in SCCM 2007 R2
  1. Configure the Client Agent Settings to Advertised Programs, and Run Virtual Applications
  2. On DP Enable Streaming for Virtual Application Packages
  3. Install the Microsoft Application Virtualization Client
 
I will come-up with more once i have tested more on this :P
 
-------------------
Thanks,
at Monday, October 13, 2008 0 comments
Labels: ,

Simple steps for Configure Virtual Application Components in SCCM 2007 R2

 
Simple steps to Configure Virtual Application Components in SCCM 2007 R2
  1. Configure the Client Agent Settings to Advertised Programs, and Run Virtual Applications
  2. On DP Enable Streaming for Virtual Application Packages
  3. Install the Microsoft Application Virtualization Client
 
I will come-up with more once i have tested more on this :P
 
-------------------
Thanks,
at Monday, October 13, 2008 0 comments
Labels: ,

Create Package for Microsoft Virtual Application Virtualization Desktop Client

 

Microsoft Virtual Application Virtualization Desktop Client

  1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Computer Management / Software Distribution.

  2. If necessary, expand the Software Distribution node and select Packages. To open the Create Package from Definition Wizard, right-click Packages, and then click New / Package From Definition.

  3. On the welcome page, click Next.

  4. On the Package Definition page, to specify the publisher and definition for the new package, click Browse. Locate and select the AppVirtMgmtClient.sms file. The default location for the AppVirtMgmtClient.sms file is <ConfigMgrInstallationPath> \ SMS \ Tools \ VirtualApp \ AppVirtMgmtClient.sms. The Name, Version, and Language associated with the specified .sms file are displayed in the Package definition pane. Click Next.

  5. On the Source Files page, select Always obtain files from a source directory to help ensure the latest version of the client software will be available, and then click Next.

  6. On the Source Directory page, specify the directory that contains the source files for the package. This is the directory that contains the Microsoft Application Virtualization Desktop Client or the Microsoft Application Virtualization for Terminal Services installation file depending on the version of the client you are planning to install. Specify the source location by providing the UNC path. Alternatively, click Browse to specify the location that contains the setup files for the type of client you want to install. Click Next.

  7. On the Summary page, review the Details for the package definition file. To create the package definition file and close the wizard, click Finish. To access the new package select the Packages node and the package will be available in the results pane.

  8. If you installed the Microsoft Application Virtualization for Terminal Services client, after the package has been created, you should select the Packages node, right-click the package in the in the Results pane and select Properties. On the General tab, update the Name of the package so that it reflects that it is the terminal services version of the client.

 

-------------------
Thanks,
http://paddymaddy.blogspot.com/
at Monday, October 13, 2008 0 comments
Labels: ,

Create Package for Microsoft Virtual Application Virtualization Desktop Client

 

Microsoft Virtual Application Virtualization Desktop Client

  1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Computer Management / Software Distribution.

  2. If necessary, expand the Software Distribution node and select Packages. To open the Create Package from Definition Wizard, right-click Packages, and then click New / Package From Definition.

  3. On the welcome page, click Next.

  4. On the Package Definition page, to specify the publisher and definition for the new package, click Browse. Locate and select the AppVirtMgmtClient.sms file. The default location for the AppVirtMgmtClient.sms file is <ConfigMgrInstallationPath> \ SMS \ Tools \ VirtualApp \ AppVirtMgmtClient.sms. The Name, Version, and Language associated with the specified .sms file are displayed in the Package definition pane. Click Next.

  5. On the Source Files page, select Always obtain files from a source directory to help ensure the latest version of the client software will be available, and then click Next.

  6. On the Source Directory page, specify the directory that contains the source files for the package. This is the directory that contains the Microsoft Application Virtualization Desktop Client or the Microsoft Application Virtualization for Terminal Services installation file depending on the version of the client you are planning to install. Specify the source location by providing the UNC path. Alternatively, click Browse to specify the location that contains the setup files for the type of client you want to install. Click Next.

  7. On the Summary page, review the Details for the package definition file. To create the package definition file and close the wizard, click Finish. To access the new package select the Packages node and the package will be available in the results pane.

  8. If you installed the Microsoft Application Virtualization for Terminal Services client, after the package has been created, you should select the Packages node, right-click the package in the in the Results pane and select Properties. On the General tab, update the Name of the package so that it reflects that it is the terminal services version of the client.

 

-------------------
Thanks,
http://paddymaddy.blogspot.com/
at Monday, October 13, 2008 0 comments
Labels: ,

Once SMS 2003 Upgraded you must delete these accounts ; SMS 2003 accounts delete

Always Delete

The following accounts should always be deleted because they are never used for Configuration Manager 2007.

  • SMS Service account
  • CCM Boot Loader (DC) (SMS#_dc)
  • CCM Boot Loader (Non-DC)( SMSCCMBootAcct&)
  • Client Services (DC) (SMS&_dc)
  • Client Services (Non-DC) (SMSCliSvcAcct&)
  • Client User Token (DC) (SMSCliToknAcct&)
  • Client User Token (Non-DC) (SMSCliToknLocalAcct&)
  • Client Connection (SMSClient_sitecode)
  • Legacy Client Software Installation
  • Internal client group (SMSInternalCliGrp)
  • Site System Database (SMS_SQL_RX_sitecode)
  • Server Connection (SMSServer_sitecode)

The Site System to SQL Server Connection (SMS_SiteSystemToSQLConnection_sitecode) group is not used after upgrade and can be deleted for Configuration Manager 2007 sites, but is still used for SMS 2003 site servers and site systems to connect to their site database servers.

Do Not Delete

Do not delete the following groups; even though they have SMS in their names, they are still used for Configuration Manager 2007.

  • SMS Administrators (SMS Admins)
  • Reporting Users (SMS Reporting Users)
  • Site System to Site Server Connection (SMS_SiteSystemToSiteServerConnection_sitecode)
  • Site to Site Connection (SMS_SiteToSiteConnection_sitecode)

Do not delete the Client Push Installation account or the Site Address account, if used in your environment. These accounts are still used in Configuration Manager 2007. The Advanced Client Network Access account can still be used in Configuration Manager 2007, but is called simply the Network Access account.

 
 
 

-------------------
Thanks,
http://paddymaddy.blogspot.com/
at Monday, October 13, 2008 0 comments
Labels: , , ,

Once SMS 2003 Upgraded you must delete these accounts ; SMS 2003 accounts delete

Always Delete

The following accounts should always be deleted because they are never used for Configuration Manager 2007.

  • SMS Service account
  • CCM Boot Loader (DC) (SMS#_dc)
  • CCM Boot Loader (Non-DC)( SMSCCMBootAcct&)
  • Client Services (DC) (SMS&_dc)
  • Client Services (Non-DC) (SMSCliSvcAcct&)
  • Client User Token (DC) (SMSCliToknAcct&)
  • Client User Token (Non-DC) (SMSCliToknLocalAcct&)
  • Client Connection (SMSClient_sitecode)
  • Legacy Client Software Installation
  • Internal client group (SMSInternalCliGrp)
  • Site System Database (SMS_SQL_RX_sitecode)
  • Server Connection (SMSServer_sitecode)

The Site System to SQL Server Connection (SMS_SiteSystemToSQLConnection_sitecode) group is not used after upgrade and can be deleted for Configuration Manager 2007 sites, but is still used for SMS 2003 site servers and site systems to connect to their site database servers.

Do Not Delete

Do not delete the following groups; even though they have SMS in their names, they are still used for Configuration Manager 2007.

  • SMS Administrators (SMS Admins)
  • Reporting Users (SMS Reporting Users)
  • Site System to Site Server Connection (SMS_SiteSystemToSiteServerConnection_sitecode)
  • Site to Site Connection (SMS_SiteToSiteConnection_sitecode)

Do not delete the Client Push Installation account or the Site Address account, if used in your environment. These accounts are still used in Configuration Manager 2007. The Advanced Client Network Access account can still be used in Configuration Manager 2007, but is called simply the Network Access account.

 
 
 

-------------------
Thanks,
http://paddymaddy.blogspot.com/
at Monday, October 13, 2008 0 comments
Labels: , , ,

Windows Ports and protocols

 
 

Ports and protocols

The following table summarizes the information from the "System services ports" section. This table is sorted by port number instead of by the service name.
Port Protocol Application protocol System service name
n/a GRE GRE (IP protocol 47) Routing and Remote Access
n/a ESP IPsec ESP (IP protocol 50) Routing and Remote Access
n/a AH IPsec AH (IP protocol 51) Routing and Remote Access
7 TCP Echo Simple TCP/IP Services
7 UDP Echo Simple TCP/IP Services
9 TCP Discard Simple TCP/IP Services
9 UDP Discard Simple TCP/IP Services
13 TCP Daytime Simple TCP/IP Services
13 UDP Daytime Simple TCP/IP Services
17 TCP Quotd Simple TCP/IP Services
17 UDP Quotd Simple TCP/IP Services
19 TCP Chargen Simple TCP/IP Services
19 UDP Chargen Simple TCP/IP Services
20 TCP FTP default data FTP Publishing Service
21 TCP FTP control FTP Publishing Service
21 TCP FTP control Application Layer Gateway Service
23 TCP Telnet Telnet
25 TCP SMTP Simple Mail Transfer Protocol
25 TCP SMTP Exchange Server
42 TCP WINS Replication Windows Internet Name Service
42 UDP WINS Replication Windows Internet Name Service
53 TCP DNS DNS Server
53 UDP DNS DNS Server
53 TCP DNS Internet Connection Firewall/Internet Connection Sharing
53 UDP DNS Internet Connection Firewall/Internet Connection Sharing
67 UDP DHCP Server DHCP Server
67 UDP DHCP Server Internet Connection Firewall/Internet Connection Sharing
69 UDP TFTP Trivial FTP Daemon Service
80 TCP HTTP Windows Media Services
80 TCP HTTP World Wide Web Publishing Service
80 TCP HTTP SharePoint Portal Server
88 TCP Kerberos Kerberos Key Distribution Center
88 UDP Kerberos Kerberos Key Distribution Center
102 TCP X.400 Microsoft Exchange MTA Stacks
110 TCP POP3 Microsoft POP3 Service
110 TCP POP3 Exchange Server
119 TCP NNTP Network News Transfer Protocol
123 UDP NTP Windows Time
123 UDP SNTP Windows Time
135 TCP RPC Message Queuing
135 TCP RPC Remote Procedure Call
135 TCP RPC Exchange Server
135 TCP RPC Certificate Services
135 TCP RPC Cluster Service
135 TCP RPC Distributed File System
135 TCP RPC Distributed Link Tracking
135 TCP RPC Distributed Transaction Coordinator
135 TCP RPC Distributed File Replication Service
135 TCP RPC Fax Service
135 TCP RPC Microsoft Exchange Server
135 TCP RPC File Replication Service
135 TCP RPC Group Policy
135 TCP RPC Local Security Authority
135 TCP RPC Remote Storage Notification
135 TCP RPC Remote Storage Server
135 TCP RPC Systems Management Server 2.0
135 TCP RPC Terminal Services Licensing
135 TCP RPC Terminal Services Session Directory
137 UDP NetBIOS Name Resolution Computer Browser
137 UDP NetBIOS Name Resolution Server
137 UDP NetBIOS Name Resolution Windows Internet Name Service
137 UDP NetBIOS Name Resolution Net Logon
137 UDP NetBIOS Name Resolution Systems Management Server 2.0
138 UDP NetBIOS Datagram Service Computer Browser
138 UDP NetBIOS Datagram Service Messenger
138 UDP NetBIOS Datagram Service Server
138 UDP NetBIOS Datagram Service Net Logon
138 UDP NetBIOS Datagram Service Distributed File System
138 UDP NetBIOS Datagram Service Systems Management Server 2.0
138 UDP NetBIOS Datagram Service License Logging Service
139 TCP NetBIOS Session Service Computer Browser
139 TCP NetBIOS Session Service Fax Service
139 TCP NetBIOS Session Service Performance Logs and Alerts
139 TCP NetBIOS Session Service Print Spooler
139 TCP NetBIOS Session Service Server
139 TCP NetBIOS Session Service Net Logon
139 TCP NetBIOS Session Service Remote Procedure Call Locator
139 TCP NetBIOS Session Service Distributed File System
139 TCP NetBIOS Session Service Systems Management Server 2.0
139 TCP NetBIOS Session Service License Logging Service
143 TCP IMAP Exchange Server
161 UDP SNMP SNMP Service
162 UDP SNMP Traps Outbound SNMP Trap Service
389 TCP LDAP Server Local Security Authority
389 UDP LDAP Server Local Security Authority
389 TCP LDAP Server Distributed File System
389 UDP LDAP Server Distributed File System
443 TCP HTTPS HTTP SSL
443 TCP HTTPS World Wide Web Publishing Service
443 TCP HTTPS SharePoint Portal Server
443 TCP RPC over HTTPS Exchange Server 2003
445 TCP SMB Fax Service
445 TCP SMB Print Spooler
445 TCP SMB Server
445 TCP SMB Remote Procedure Call Locator
445 TCP SMB Distributed File System
445 TCP SMB License Logging Service
445 TCP SMB Net Logon
464 TCP Kerberos Password V5 Net Logon
500 UDP IPsec ISAKMP Local Security Authority
515 TCP LPD TCP/IP Print Server
548 TCP File Server for Macintosh File Server for Macintosh
554 TCP RTSP Windows Media Services
563 TCP NNTP over SSL Network News Transfer Protocol
593 TCP RPC over HTTPS endpoint mapper Remote Procedure Call
593 TCP RPC over HTTPS Exchange Server
636 TCP LDAP SSL Local Security Authority
636 UDP LDAP SSL Local Security Authority
993 TCP IMAP over SSL Exchange Server
995 TCP POP3 over SSL Exchange Server
1067 TCP Installation Bootstrap Service Installation Bootstrap protocol server
1068 TCP Installation Bootstrap Service Installation Bootstrap protocol client
1270 TCP MOM-Encrypted Microsoft Operations Manager 2000
1433 TCP SQL over TCP Microsoft SQL Server
1433 TCP SQL over TCP MSSQL$UDDI
1434 UDP SQL Probe Microsoft SQL Server
1434 UDP SQL Probe MSSQL$UDDI
1645 UDP Legacy RADIUS Internet Authentication Service
1646 UDP Legacy RADIUS Internet Authentication Service
1701 UDP L2TP Routing and Remote Access
1723 TCP PPTP Routing and Remote Access
1755 TCP MMS Windows Media Services
1755 UDP MMS Windows Media Services
1801 TCP MSMQ Message Queuing
1801 UDP MSMQ Message Queuing
1812 UDP RADIUS Authentication Internet Authentication Service
1813 UDP RADIUS Accounting Internet Authentication Service
1900 UDP SSDP SSDP Discovery Service
2101 TCP MSMQ-DCs Message Queuing
2103 TCP MSMQ-RPC Message Queuing
2105 TCP MSMQ-RPC Message Queuing
2107 TCP MSMQ-Mgmt Message Queuing
2393 TCP OLAP Services 7.0 SQL Server: Downlevel OLAP Client Support
2394 TCP OLAP Services 7.0 SQL Server: Downlevel OLAP Client Support
2460 UDP MS Theater Windows Media Services
2535 UDP MADCAP DHCP Server
2701 TCP SMS Remote Control (control) SMS Remote Control Agent
2701 UDP SMS Remote Control (control) SMS Remote Control Agent
2702 TCP SMS Remote Control (data) SMS Remote Control Agent
2702 UDP SMS Remote Control (data) SMS Remote Control Agent
2703 TCP SMS Remote Chat SMS Remote Control Agent
2703 UPD SMS Remote Chat SMS Remote Control Agent
2704 TCP SMS Remote File Transfer SMS Remote Control Agent
2704 UDP SMS Remote File Transfer SMS Remote Control Agent
2725 TCP SQL Analysis Services SQL Analysis Server
2869 TCP UPNP Universal Plug and Play Device Host
2869 TCP SSDP event notification SSDP Discovery Service
3268 TCP Global Catalog Server Local Security Authority
3269 TCP Global Catalog Server Local Security Authority
3343 UDP Cluster Services Cluster Service
3389 TCP Terminal Services NetMeeting Remote Desktop Sharing
3389 TCP Terminal Services Terminal Services
3527 UDP MSMQ-Ping Message Queuing
4011 UDP BINL Remote Installation
4500 UDP NAT-T Local Security Authority
5000 TCP SSDP legacy event notification SSDP Discovery Service
5004 UDP RTP Windows Media Services
5005 UDP RTCP Windows Media Services
6001 TCP Information Store Exchange Server 2003
6002 TCP Directory Referral Exchange Server 2003
6004 TCP DSProxy/NSPI Exchange Server 2003
42424 TCP ASP.Net Session State ASP.NET State Service
51515 TCP MOM-Clear Microsoft Operations Manager 2000
1024-65535 TCP RPC Randomly allocated high TCP ports
Microsoft provides the information in this table in a Microsoft Excel worksheet. This worksheet is available for download from the Microsoft Download Center:

DownloadDownload the Port_Requirements_for_Microsoft_Windows_Server_System.xls package now. (http://download.microsoft.com/download/1/5/c/15c5287d-7a49-4c83-8ce0-aea7641b1835/Port_Requirements_for_Microsoft_Windows_Server_System.xls)

Active Directory port and protocol requirements

Application servers, client computers and domain controllers that are located in common or external forests have service dependencies so that user and computer initiated operations like domain join, logon authentication, remote administration, and Active Directory replication work correctly. Such services and operations require network connectivity over specific port and networking protocols.

A summarized list of services, ports and protocols required for member computers and domain controllers to inter-operate with each other or for application servers to access Active Directory include but are not limited to the following.
Services on which Active Directory depends
Active Directory / LSA
Computer Browser
Distributed File System
File Replication Service
Kerberos Key Distribution Center
Net Logon
Remote Procedure Call (RPC)
Server
Simple Mail Transfer Protocol (SMTP) (if so configured)
WINS (in Windows Server 2003 SP1 and later versions for backup Active Directory replication operations, if DNS is not working)
Windows Time
World Wide Web Publishing Service
Services that require Active Directory services
Certificate Services (required for specific configurations)
DHCP Server (if so configured)
Distributed File System
Distributed Link Tracking Server (optional but on by default on Windows 2000 computers)
Distributed Transaction Coordinator
DNS Server (if so configured)
Fax Service (if so configured)
File Replication Service
File Server for Macintosh (if so configured)
Internet Authentication Service (if so configured)
License Logging (on by default)
Net Logon
Print Spooler
Remote Installation (if so configured)
Remote Procedure Call (RPC) Locator
Remote Storage Notification
Remote Storage Server
Routing and Remote Access
Server
Simple Mail Transfer Protocol (SMTP) (if so configured)
Terminal Services
Terminal Services Licensing
Terminal Services Session Directory

-------------------
Thanks,
http://paddymaddy.blogspot.com/
at Monday, October 13, 2008 0 comments
Labels: , , , ,

Windows Ports and protocols

 
 

Ports and protocols

The following table summarizes the information from the "System services ports" section. This table is sorted by port number instead of by the service name.
Port Protocol Application protocol System service name
n/a GRE GRE (IP protocol 47) Routing and Remote Access
n/a ESP IPsec ESP (IP protocol 50) Routing and Remote Access
n/a AH IPsec AH (IP protocol 51) Routing and Remote Access
7 TCP Echo Simple TCP/IP Services
7 UDP Echo Simple TCP/IP Services
9 TCP Discard Simple TCP/IP Services
9 UDP Discard Simple TCP/IP Services
13 TCP Daytime Simple TCP/IP Services
13 UDP Daytime Simple TCP/IP Services
17 TCP Quotd Simple TCP/IP Services
17 UDP Quotd Simple TCP/IP Services
19 TCP Chargen Simple TCP/IP Services
19 UDP Chargen Simple TCP/IP Services
20 TCP FTP default data FTP Publishing Service
21 TCP FTP control FTP Publishing Service
21 TCP FTP control Application Layer Gateway Service
23 TCP Telnet Telnet
25 TCP SMTP Simple Mail Transfer Protocol
25 TCP SMTP Exchange Server
42 TCP WINS Replication Windows Internet Name Service
42 UDP WINS Replication Windows Internet Name Service
53 TCP DNS DNS Server
53 UDP DNS DNS Server
53 TCP DNS Internet Connection Firewall/Internet Connection Sharing
53 UDP DNS Internet Connection Firewall/Internet Connection Sharing
67 UDP DHCP Server DHCP Server
67 UDP DHCP Server Internet Connection Firewall/Internet Connection Sharing
69 UDP TFTP Trivial FTP Daemon Service
80 TCP HTTP Windows Media Services
80 TCP HTTP World Wide Web Publishing Service
80 TCP HTTP SharePoint Portal Server
88 TCP Kerberos Kerberos Key Distribution Center
88 UDP Kerberos Kerberos Key Distribution Center
102 TCP X.400 Microsoft Exchange MTA Stacks
110 TCP POP3 Microsoft POP3 Service
110 TCP POP3 Exchange Server
119 TCP NNTP Network News Transfer Protocol
123 UDP NTP Windows Time
123 UDP SNTP Windows Time
135 TCP RPC Message Queuing
135 TCP RPC Remote Procedure Call
135 TCP RPC Exchange Server
135 TCP RPC Certificate Services
135 TCP RPC Cluster Service
135 TCP RPC Distributed File System
135 TCP RPC Distributed Link Tracking
135 TCP RPC Distributed Transaction Coordinator
135 TCP RPC Distributed File Replication Service
135 TCP RPC Fax Service
135 TCP RPC Microsoft Exchange Server
135 TCP RPC File Replication Service
135 TCP RPC Group Policy
135 TCP RPC Local Security Authority
135 TCP RPC Remote Storage Notification
135 TCP RPC Remote Storage Server
135 TCP RPC Systems Management Server 2.0
135 TCP RPC Terminal Services Licensing
135 TCP RPC Terminal Services Session Directory
137 UDP NetBIOS Name Resolution Computer Browser
137 UDP NetBIOS Name Resolution Server
137 UDP NetBIOS Name Resolution Windows Internet Name Service
137 UDP NetBIOS Name Resolution Net Logon
137 UDP NetBIOS Name Resolution Systems Management Server 2.0
138 UDP NetBIOS Datagram Service Computer Browser
138 UDP NetBIOS Datagram Service Messenger
138 UDP NetBIOS Datagram Service Server
138 UDP NetBIOS Datagram Service Net Logon
138 UDP NetBIOS Datagram Service Distributed File System
138 UDP NetBIOS Datagram Service Systems Management Server 2.0
138 UDP NetBIOS Datagram Service License Logging Service
139 TCP NetBIOS Session Service Computer Browser
139 TCP NetBIOS Session Service Fax Service
139 TCP NetBIOS Session Service Performance Logs and Alerts
139 TCP NetBIOS Session Service Print Spooler
139 TCP NetBIOS Session Service Server
139 TCP NetBIOS Session Service Net Logon
139 TCP NetBIOS Session Service Remote Procedure Call Locator
139 TCP NetBIOS Session Service Distributed File System
139 TCP NetBIOS Session Service Systems Management Server 2.0
139 TCP NetBIOS Session Service License Logging Service
143 TCP IMAP Exchange Server
161 UDP SNMP SNMP Service
162 UDP SNMP Traps Outbound SNMP Trap Service
389 TCP LDAP Server Local Security Authority
389 UDP LDAP Server Local Security Authority
389 TCP LDAP Server Distributed File System
389 UDP LDAP Server Distributed File System
443 TCP HTTPS HTTP SSL
443 TCP HTTPS World Wide Web Publishing Service
443 TCP HTTPS SharePoint Portal Server
443 TCP RPC over HTTPS Exchange Server 2003
445 TCP SMB Fax Service
445 TCP SMB Print Spooler
445 TCP SMB Server
445 TCP SMB Remote Procedure Call Locator
445 TCP SMB Distributed File System
445 TCP SMB License Logging Service
445 TCP SMB Net Logon
464 TCP Kerberos Password V5 Net Logon
500 UDP IPsec ISAKMP Local Security Authority
515 TCP LPD TCP/IP Print Server
548 TCP File Server for Macintosh File Server for Macintosh
554 TCP RTSP Windows Media Services
563 TCP NNTP over SSL Network News Transfer Protocol
593 TCP RPC over HTTPS endpoint mapper Remote Procedure Call
593 TCP RPC over HTTPS Exchange Server
636 TCP LDAP SSL Local Security Authority
636 UDP LDAP SSL Local Security Authority
993 TCP IMAP over SSL Exchange Server
995 TCP POP3 over SSL Exchange Server
1067 TCP Installation Bootstrap Service Installation Bootstrap protocol server
1068 TCP Installation Bootstrap Service Installation Bootstrap protocol client
1270 TCP MOM-Encrypted Microsoft Operations Manager 2000
1433 TCP SQL over TCP Microsoft SQL Server
1433 TCP SQL over TCP MSSQL$UDDI
1434 UDP SQL Probe Microsoft SQL Server
1434 UDP SQL Probe MSSQL$UDDI
1645 UDP Legacy RADIUS Internet Authentication Service
1646 UDP Legacy RADIUS Internet Authentication Service
1701 UDP L2TP Routing and Remote Access
1723 TCP PPTP Routing and Remote Access
1755 TCP MMS Windows Media Services
1755 UDP MMS Windows Media Services
1801 TCP MSMQ Message Queuing
1801 UDP MSMQ Message Queuing
1812 UDP RADIUS Authentication Internet Authentication Service
1813 UDP RADIUS Accounting Internet Authentication Service
1900 UDP SSDP SSDP Discovery Service
2101 TCP MSMQ-DCs Message Queuing
2103 TCP MSMQ-RPC Message Queuing
2105 TCP MSMQ-RPC Message Queuing
2107 TCP MSMQ-Mgmt Message Queuing
2393 TCP OLAP Services 7.0 SQL Server: Downlevel OLAP Client Support
2394 TCP OLAP Services 7.0 SQL Server: Downlevel OLAP Client Support
2460 UDP MS Theater Windows Media Services
2535 UDP MADCAP DHCP Server
2701 TCP SMS Remote Control (control) SMS Remote Control Agent
2701 UDP SMS Remote Control (control) SMS Remote Control Agent
2702 TCP SMS Remote Control (data) SMS Remote Control Agent
2702 UDP SMS Remote Control (data) SMS Remote Control Agent
2703 TCP SMS Remote Chat SMS Remote Control Agent
2703 UPD SMS Remote Chat SMS Remote Control Agent
2704 TCP SMS Remote File Transfer SMS Remote Control Agent
2704 UDP SMS Remote File Transfer SMS Remote Control Agent
2725 TCP SQL Analysis Services SQL Analysis Server
2869 TCP UPNP Universal Plug and Play Device Host
2869 TCP SSDP event notification SSDP Discovery Service
3268 TCP Global Catalog Server Local Security Authority
3269 TCP Global Catalog Server Local Security Authority
3343 UDP Cluster Services Cluster Service
3389 TCP Terminal Services NetMeeting Remote Desktop Sharing
3389 TCP Terminal Services Terminal Services
3527 UDP MSMQ-Ping Message Queuing
4011 UDP BINL Remote Installation
4500 UDP NAT-T Local Security Authority
5000 TCP SSDP legacy event notification SSDP Discovery Service
5004 UDP RTP Windows Media Services
5005 UDP RTCP Windows Media Services
6001 TCP Information Store Exchange Server 2003
6002 TCP Directory Referral Exchange Server 2003
6004 TCP DSProxy/NSPI Exchange Server 2003
42424 TCP ASP.Net Session State ASP.NET State Service
51515 TCP MOM-Clear Microsoft Operations Manager 2000
1024-65535 TCP RPC Randomly allocated high TCP ports
Microsoft provides the information in this table in a Microsoft Excel worksheet. This worksheet is available for download from the Microsoft Download Center:

DownloadDownload the Port_Requirements_for_Microsoft_Windows_Server_System.xls package now. (http://download.microsoft.com/download/1/5/c/15c5287d-7a49-4c83-8ce0-aea7641b1835/Port_Requirements_for_Microsoft_Windows_Server_System.xls)

Active Directory port and protocol requirements

Application servers, client computers and domain controllers that are located in common or external forests have service dependencies so that user and computer initiated operations like domain join, logon authentication, remote administration, and Active Directory replication work correctly. Such services and operations require network connectivity over specific port and networking protocols.

A summarized list of services, ports and protocols required for member computers and domain controllers to inter-operate with each other or for application servers to access Active Directory include but are not limited to the following.
Services on which Active Directory depends
Active Directory / LSA
Computer Browser
Distributed File System
File Replication Service
Kerberos Key Distribution Center
Net Logon
Remote Procedure Call (RPC)
Server
Simple Mail Transfer Protocol (SMTP) (if so configured)
WINS (in Windows Server 2003 SP1 and later versions for backup Active Directory replication operations, if DNS is not working)
Windows Time
World Wide Web Publishing Service
Services that require Active Directory services
Certificate Services (required for specific configurations)
DHCP Server (if so configured)
Distributed File System
Distributed Link Tracking Server (optional but on by default on Windows 2000 computers)
Distributed Transaction Coordinator
DNS Server (if so configured)
Fax Service (if so configured)
File Replication Service
File Server for Macintosh (if so configured)
Internet Authentication Service (if so configured)
License Logging (on by default)
Net Logon
Print Spooler
Remote Installation (if so configured)
Remote Procedure Call (RPC) Locator
Remote Storage Notification
Remote Storage Server
Routing and Remote Access
Server
Simple Mail Transfer Protocol (SMTP) (if so configured)
Terminal Services
Terminal Services Licensing
Terminal Services Session Directory

-------------------
Thanks,
http://paddymaddy.blogspot.com/
at Monday, October 13, 2008 0 comments
Labels: , , , ,

SCCM It's Ports ; SCCM using Ports

 

Configurable Ports

Configuration Manager 2007 allows you to configure the ports for the following types of communication:

  • Client to site system
  • Client to Internet (as proxy server settings)
  • Software update point to Internet (as proxy server settings)
  • Software update point to WSUS server
  • Client to reporting point

By default, the HTTP port used for client to site system communication is port 80 and the default HTTPS port is 443. Ports for client-to-site system communication over HTTP or HTTPS can be changed during Setup or in the Site Properties for your Configuration Manager site.

Reporting point site system roles have configurable port settings for HTTP and HTTPS communication defined on the reporting point site system role property page. By default, users connect to the reporting point using the HTTP port 80 and HTTPS port 443. These ports are defined during installation only. To redefine the reporting point communication port, the reporting point site system must be deleted and reinstalled.

Non-Configurable Ports

Configuration Manager does not allow you to configure ports for the following types of communication:

  • Site to site (primary-to-primary or primary-to-secondary)
  • Site server to site system
  • Site server to site database server
  • Site system to site database server
  • Configuration Manager 2007 console to SMS Provider
  • Configuration Manager 2007 console to the Internet

Port Details

The port listings that follow are used by Configuration Manager 2007 and do not include information for standard Windows services, such as Active Directory group policy and Kerberos authentication. For information about Windows Server services and ports, see http://go.microsoft.com/fwlink/?LinkID=123652.

The following diagram indicates connections between Configuration Manager 2007 computers. The number for the link corresponds to the table that lists the ports for that link. The arrows between the computers represent the direction of the communication.

  • -- > indicates one computer initiates and the other computer always responds
  • < -- > indicates that either computer can initiate

1. Site Server < -- > Site Server

Description UDP TCP

Server Message Block (SMB)

--

445

Point to Point Tunneling Protocol (PPTP)

--

1723 (See note 3, RAS Sender)

2. Primary Site Server -- > Domain Controller

Description UDP TCP

Lightweight Directory Access Protocol (LDAP)

--

389

LDAP (Secure Sockets Layer [SSL] connection)

636

636

Global Catalog LDAP

--

3268

Global Catalog LDAP SSL

--

3269

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

3. Site Server < -- > Software Update Point

(See note 6, Communication between the site server and site systems)

Description UDP TCP

Server Message Block (SMB)

--

445

Hypertext Transfer Protocol (HTTP)

--

80 or 8530 (See note 4, Windows Server Update Services)

Secure Hypertext Transfer Protocol (HTTPS)

--

443 or 8531 (See note 4, Windows Server Update Services)

4. Software Update Point -- > Internet

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 (See note 1, Proxy Server port)

5. Site Server < -- > State Migration Point

(See note 6, Communication between the site server and site systems)

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

6. Client -- > Software Update Point

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 or 8530 (See note 4, Windows Server Update Services)

Secure Hypertext Transfer Protocol (HTTPS)

--

443 or 8531 (See note 4, Windows Server Update Services)

7. Client -- > State Migration Point

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 (See note 2, Alternate Port Available)

Secure Hypertext Transfer Protocol (HTTPS)

--

443 (See note 2, Alternate Port Available)

Server Message Block (SMB)

--

445

8. Client -- > PXE Service Point

Description UDP TCP

Dynamic Host Configuration Protocol (DHCP)

67 and 68

--

Trivial File Transfer Protocol (TFTP)

69 (See note 5, Trivial FTP (TFTP) Daemon)

--

Boot Information Negotiation Layer (BINL)

4011

--

9. Site Server < -- > PXE Service Point

(See note 6, Communication between the site server and site systems)

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

10. Site Server < -- > System Health Validator

(See note 6, Communication between the site server and site systems)

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

11. Client -- > System Health Validator

The client requires the ports established by the Windows Network Access Protection client, which is dependent upon the enforcement client being used. For example, DHCP enforcement will use ports UDP 67 and 68. IPSec enforcement will use ports TCP 80 or 443 to the Health Registration Authority, port UDP 500 for IPsec negotiation and the additional ports needed for the IPsec filters. For more information, see the Windows Network Access Protection documentation. For help with configuring firewalls for IPsec, see http://go.microsoft.com/fwlink/?LinkId=109499.

12. Site Server < -- > Fallback Status Point

(See note 6, Communication between the site server and site systems)

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

13. Client -- > Fallback Status Point

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 (See note 2, Alternate Port Available)

14. Site Server -- > Distribution Point

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

15. Client -- > Distribution Point

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 (See note 2, Alternate Port Available)

Secure Hypertext Transfer Protocol (HTTPS)

--

443 (See note 2, Alternate Port Available)

Server Message Block (SMB)

--

445

Multicast Protocol

63000-64000

--

16. Client -- > Branch Distribution Point

Description UDP TCP

Server Message Block (SMB)

--

445

17. Client -- > Management Point

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 (See note 2, Alternate Port Available)

Secure Hypertext Transfer Protocol (HTTPS)

--

443 (See note 2, Alternate Port Available)

18. Client -- > Server Locator Point

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 (See note 2, Alternate Port Available)

19. Branch Distribution Point -- > Distribution Point

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 (See note 2, Alternate Port Available)

Secure Hypertext Transfer Protocol (HTTPS)

--

443 (See note 2, Alternate Port Available)

20. Site Server -- > Provider

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

21. Server Locator Point -- > Microsoft SQL Server

Description UDP TCP

SQL over TCP

--

1433

22. Management Point -- > Microsoft SQL Server

Description UDP TCP

SQL over TCP

--

1433

23. Provider -- > SQL Server

Description UDP TCP

SQL over TCP

--

1433

24. Reporting Point -- > SQL Server / Reporting Services Point -- > SQL Server

The reporting point and the Reporting Services point use the same ports. The Reporting Services point is applicable to Configuration Manager 2007 R2 only.

Description UDP TCP

SQL over TCP

--

1433

25. Configuration Manager Console -- > Reporting Point

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 (See note 2, Alternate Port Available)

Secure Hypertext Transfer Protocol (HTTPS)

--

443 (See note 2, Alternate Port Available)

26. Configuration Manager Console -- > Provider

Description UDP TCP

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

27. Configuration Manager Console -- > Internet

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80

28. Primary Site Server -- > Microsoft SQL Server

Description UDP TCP

SQL over TCP

--

1433

29. Management Point -- > Domain Controller

Description UDP TCP

Lightweight Directory Access Protocol (LDAP)

--

389

LDAP (Secure Sockets Layer [SSL] connection)

636

636

Global Catalog LDAP

--

3268

Global Catalog LDAP SSL

--

3269

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

30. Site Server -- > Reporting Point / Site Server -- > Reporting Services Point

The reporting point and the Reporting Services point use the same ports. The Reporting Services point is in Configuration Manager 2007 R2 only.

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

31. Site Server -- > Server Locator Point

(See note 6, Communication between the site server and site systems)

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

32. Configuration Manager Console -- > Site Server

Description UDP TCP

RPC (initial connection to WMI to locate provider system)

--

135

33. Software Update Point -- > WSUS Synchronization Server

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 or 8530 (See note 4, Windows Server Update Services)

Secure Hypertext Transfer Protocol (HTTPS)

--

443 or 8531 (See note 4, Windows Server Update Services)

34. Configuration Manager Console -- > Client

Description UDP TCP

Remote Control (control)

2701

2701

Remote Control (data)

2702

2702

Remote Control (RPC Endpoint Mapper)

--

135

Remote Assistance (RDP and RTC)

--

3389

35. Management Point < -- > Site Server

(See note 6, Communication between the site server and site systems)

Description UDP TCP

RPC Endpoint mapper

--

135

RPC

--

DYNAMIC

Server Message Block (SMB)

--

445

36. Site Server -- > Client

Description UDP TCP

Wake on LAN

9 (See note 2, Alternate Port Available)

--

37. Configuration Manager client -- > Global Catalog Domain Controller

A Configuration Manager client does not contact a global catalog server when it is a workgroup computer or when it is configured for Internet-only communication.

Description UDP TCP

Global Catalog LDAP

--

3268

Global Catalog LDAP SSL

--

3269

38. PXE Service Point -- > Microsoft SQL Server

Description UDP TCP

SQL over TCP

--

1433

39. Site Server < -- > Asset Intelligence Synchronization Point (Configuration Manager 2007 SP1)

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

40. Asset Intelligence Synchronization Point < -- > System Center Online (Configuration Manager 2007 SP1)

Description UDP TCP

Secure Hypertext Transfer Protocol (HTTPS)

--

443

41. Multicast Distribution Point -- > Microsoft SQL Server(Configuration Manager 2007 R2)

Description UDP TCP

SQL over TCP

--

1433

42. Client status reporting host --> Client (Configuration Manager 2007 R2)

Description UDP TCP

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

ICMPv4 Type 8 (Echo) or

ICMPv6 Type 128 (Echo Request)

n/a

n/a

43. Client status reporting host --> Management Point (Configuration Manager 2007 R2)

Description UDP TCP

Server Message Block (SMB)

--

445

NetBIOS Session Service

--

139

44. Client status reporting host --> Microsoft SQL Server (Configuration Manager 2007 R2)

Description UDP TCP

SQL over TCP

--

1433

45. Site Server < -- > Reporting Services Point (Configuration Manager 2007 R2)

(See note 6, Communication between the site server and site systems)

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

46. Configuration Manager Console -- > Reporting Services Point (Configuration Manager 2007 R2)

Description UDP TCP

Hypertext Transfer Protocol (HTTP)

--

80 (See note 2, Alternate Port Available)

Secure Hypertext Transfer Protocol (HTTPS)

--

443 (See note 2, Alternate Port Available)

47. Reporting Services Point -- > Microsoft SQL Server (Configuration Manager 2007 R2)

Description UDP TCP

SQL over TCP

--

1433

Notes

1 Proxy Server port    This port cannot be configured but can be routed through a configured proxy server.

2 Alternate Port Available    An alternate port can be defined within Configuration Manager for this value. If a custom port has been defined, substitute that custom port when defining the IP filter information for the IPsec policies.

3 RAS Sender    Configuration Manager 2007 can also use the RAS Sender with Point to Point Tunneling Protocol (PPTP) to send and receive Configuration Manager 2007 site, client, and administrative information through a firewall. Under these circumstances, the PPTP TCP 1723 port is used.

4 Windows Server Update Services    WSUS can be installed either on the default Web site (port 80) or a custom Web site (port 8530).

After installation, the port can be changed.

If the HTTP port is 80, the HTTPS port must be 443.

If the HTTP port is anything else, the HTTPS port must be 1 higher—for example 8530 and 8531.

5 Trivial FTP (TFTP) Daemon    The Trivial FTP (TFTP) Daemon system service does not require a user name or password and is an integral part of the Windows Deployment Services (WDS). The Trivial FTP Daemon service implements support for the TFTP protocol defined by the following RFCs:

  • • RFC 350—TFTP
  • • RFC 2347—Option extension
  • • RFC 2348—Block size option
  • • RFC 2349—Time-out interval, and transfer size options

Trivial File Transfer Protocol is designed to support diskless boot environments. TFTP Daemons listen on UDP port 69 but respond from a dynamically allocated high port. Therefore, enabling this port will allow the TFTP service to receive incoming TFTP requests but will not allow the selected server to respond to those requests. Allowing the selected server to respond to inbound TFTP requests cannot be accomplished unless the TFTP server is configured to respond from port 69.

6 Communication between the site server and site systems    By default, communication between the site server and site systems is bi-directional. The site server initiates communication to configure the site system, and then most site systems connect back to the site server to send back status information. Reporting points and distribution points do not send back status information. If you select Allow only site server initiated data transfers from this site system on the site system properties, the site system will never initiate communication back to the site server.

7 Ports used by distribution points for application virtualization streaming    A distribution point enabled to support application virtualization can be configured to use either HTTP or HTTPS. This feature is available in Configuration Manager 2007 R2 only.

Configuration Manager Remote Control Ports

When you use NetBIOS over TCP/IP for Configuration Manager 2007 Remote Control, the ports described in the following table are used.

Description UDP TCP

RPC Endpoint Mapping

--

135

Name resolution

137

--

Messaging

138

--

Client Sessions

--

139

AMT Out of Band Management Ports (Configuration Manager 2007 SP1)

When you use the out of band management feature in Configuration Manager 2007 SP1, the following ports are used.

A. Site Server <--> Out of Band Service Point

Description UDP TCP

Server Message Block (SMB)

--

445

RPC Endpoint Mapper

135

135

RPC

--

DYNAMIC

B. AMT Management Controller --> Out of Band Service Point

Description UDP TCP

Provisioning

--

9971 (configurable)

C. Out of Band Service Point --> AMT Management Controller

Description UDP TCP

Discovery

--

16992

Power control, provisioning, and discovery

--

16993

D. Out of Band Management Console --> AMT Management Controller

Description UDP TCP

General management tasks

--

16993

Serial over LAN and IDE redirection

--

16995

Ports Used by Windows Servers 

The following table lists some of the key ports that Windows Server uses and their respective functions. For a more complete list of Windows Server services and network ports requirements, see http://go.microsoft.com/fwlink/?LinkID=123652.

Description UDP TCP

Domain Name System (DNS)

53

--

Dynamic Host Configuration Protocol (DHCP)

67 and 68

--

Windows Internet Name Service (WINS)

138

--

NetBIOS datagrams

138

--

NetBIOS datagrams

--

139

Connecting with Microsoft SQL Server

If you use the TCP/IP Net-Library, enable port 1433 on the firewall. Use the Hosts file or an advanced connection string for host name resolution.

If you use named pipes over TCP/IP, enable port 139 for NetBIOS functions. NetBIOS should be used only for troubleshooting Kerberos issues.

Note
TCP/IP is required for network communications to allow Kerberos authentication. Named pipes communication is not required for Configuration Manager 2007 site database operations and should be used only to troubleshoot Kerberos authentication issues.

By default, SQL Server uses TCP (not UDP) port 1433 to listen on TCP/IP. To change the port, run SQL Server Setup on the server, and then click Change Network Support. If SQL Server uses port 1433, the client Net-Library works. If SQL Server uses a custom port number, the client must specify that port in the Data Source Name (DSN).

Microsoft does not recommend that you enable UDP ports 137 and 138 for NetBIOS name resolution by using B-node broadcasts. Instead, you can use a WINS server or an LMHOSTS file for name resolution.

Installation Requirements for Internet-Based Site Systems

The Internet-based management point, software update point, and fallback status point use the following ports for installation and repair:

  • Site server --> site system: RPC endpoint mapper using UDP and TCP port 135.
  • Site server --> site system: RPC dynamic TCP ports.
  • Site server < --> site system: Server message blocks (SMB) using TCP port 445.

Distribution points do not install until the first package is targeted to them. Package installations on distribution points require the following RPC ports:

  • Site server --> distribution point: RPC endpoint mapper using UDP and TCP port 135.
  • Site server --> distribution point: RPC dynamic TCP ports.
 

-------------------
Thanks,
http://paddymaddy.blogspot.com/
at Monday, October 13, 2008 0 comments
Labels: , , , , , ,
Subscribe to: Posts (Atom)