[This is pre-release documentation and subject to change in future releases. This topic's current status is: Milestone-Ready]

Topic Last Modified: 2010-07-18

This section summarizes the ports and protocols used by servers and clients in a Microsoft Communications Server 2010 deployment.

Note:
Windows Firewall must be running before you start the Communications Server 2010 services on a server, because that is when Communications Server opens the required ports in the firewall.

For details about firewall configuration for edge components, see Determining Firewall and 50k Port Range Requirements.

The following table lists the ports that need to be open on each server role.

Additionally, for each port, the Does this port need to be open on the load balancer? and column indicates whether this port must be open on the load balancer as well, if this server is part of a pool. If you are using DNS load balancing for this pool, then for those ports with a value of Yes in this column, the DNS load balancing will automatically ensure that this port is open. Values of Yes (must be open on the hardware load balancer even if you are using DNS load balancing) indicate that load balancing for this port must be done on the pool’s hardware load balancer, even if DNS load balancing is used for SIP traffic on this pool. (If you are using only a hardware load balancer for a pool, then all ports with a value of “Yes” must be open on the hardware load balancer.)

Required Ports (by Server Role)

Component (Server Role or Client) Service name Port Protocol Does this port need to be open on the load balancer? Notes

Front End Servers

Front End service

5060

TCP

Yes

Used by Standard Edition servers and Enterprise pools for listening to client connections from Communicator (TCP).

Front End Servers

Front End service

5061

TCP(TLS)

Yes

Used by Standard Edition servers and Enterprise pools for all internal SIP communications between servers (MTLS), for SIP communications between Server and Client (TLS) and for SIP communications between Front End Servers and Mediation Servers (MTLS).

Front End Servers

Front End service

444

HTTPS

Yes

Used for communication between the Focus (the Communications Server component that manages conference state) and the conferencing servers.

Front End Servers

Front End service

135

DCOM and remote procedure call (RPC)

Yes (must be open on the hardware load balancer even if you are using DNS load balancing)

Used for DCOM based operations such as Moving Users, User Replicator Synchronization, and Address Book Synchronization.

Front End Servers

IM Conferencing service

5062

TCP

No

Used for incoming SIP requests for IM conferencing.

Front End Servers

Web Conferencing service

8057

TCP (TLS)

No

Used to listen for Persistent Shared Object Model (PSOM) connections from client.

Front End Servers

A/V Conferencing service

5063

TCP

No

Used for incoming SIP requests for audio/video (A/V) conferencing.

Front End Servers

A/V Conferencing service

57501-65335

TCP/UDP

No

Media port range used for video conferencing.

Front End Servers

Web Components (IIS) service

80

HTTP

Yes (must be open on the hardware load balancer even if you are using DNS load balancing)

Used for communication from Front End Servers to the Web farm FQDNs (the URLs used by Web Components) when HTTPS is not used.

Front End Servers

Web Components (IIS) service

443

HTTPS

Yes (must be open on the hardware load balancer even if you are using DNS load balancing)

Used for communication from Front End Servers to the Web farm FQDNs (the URLs used by Web Components).

Front End Servers

Web Components (IIS) service

8080

TCP

Yes (must be open on the hardware load balancer even if you are using DNS load balancing)

Used for IIS Web components for external access.

Front End Servers

Conferencing Auto Attendant service (dial-in Conferencing)

5064

TCP

No

Used for incoming SIP requests for dial-in conferencing.

Front End Servers

Conferencing Auto Attendant service (dial-in Conferencing)

5072

TCP

Yes

Used for incoming SIP requests for Conferencing Attendant (dial in conferencing).

Front End Servers that also run a Collocated Mediation Server

Mediation service

5070

TCP

Yes

Used by the Mediation Server for incoming requests from the Front End Server to the Mediation Server.

Front End Servers that also run a Collocated Mediation Server

Mediation service

5067

TCP (TLS)

Yes

Used for incoming SIP requests from the PSTN gateway to the Mediation Server.

Front End Servers that also run a Collocated Mediation Server

Mediation service

5068

TCP

Yes

Used for incoming SIP requests from the PSTN gateway to the Mediation Server.

Front End Servers

Application sharing service

5065

TCP

No

Used for incoming SIP listening requests for application sharing for conferencing.

Front End Servers

Application sharing service

49152-65335

TCP

No

Media port range used for application sharing.

Front End Servers

Conferencing Announcement service

5073

TCP

Yes

Used for incoming SIP requests for Conferencing Announcement service (dial in conferencing).

Front End Servers

Call Park service

5075

TCP

Yes

Used for incoming SIP requests for the Call Park service.

Front End Servers

Audio Test service

5076

TCP

Yes

Used for incoming SIP requests for the Audio Test service.

Front End Servers

5066

TCP

No

Used for outbound E.911 gateway.

Front End Servers

QoE Agent service

5069

TCP

Yes

Used by quality of experience Agent on the Front End Server.

Front End Servers

Response Group Service

5071

TCP

Yes

Used for incoming SIP requests for the Response Group Service.

Front End Servers

Response Group Service

8404

TCP (MTLS)

No

Used for incoming SIP requests for the Response Group Service.

Front End Servers

Bandwidth Policy service

5080

TCP

Yes

Used for call admission control (CAC) by the Bandwidth Policy service for A/V Edge TURN traffic.

Front End Servers

Bandwidth Policy service

448

TCP

Yes

Used by the Communications Server Bandwidth Policy service for call admission control (CAC).

Front End Servers where the Central Management database resides

CMS Replication service

445

TCP

No

Used to push configuration data from the Central Management database to servers running Communications Server.

All internal servers

Various

49152-57500

TCP/UDP

N/A

Media port range used for audio conferencing on all internal servers. Used by all servers that terminate audio: Front End Servers (for CAA CAS, and A/V), Mediation Server).

Directors

Front End service

5060

TCP

Yes

Used by Standard Edition servers and Enterprise pools for listening to client connections from Communicator (TCP).

Directors

Front End service

5061

TCP

Yes

Used for internal communications between servers and for client connections.

Mediation Servers

Mediation service

5070

TCP

Yes

Used by the Mediation Server for incoming requests from the Front End Server.

Mediation Servers

Mediation service

5067

TCP (TLS)

Yes

Used for incoming SIP requests from the PSTN gateway.

Mediation Servers

Mediation service

5068

TCP

Yes

Used for incoming SIP requests from the PSTN gateway.

Mediation Servers

Mediation service

5070

TCP (MTLS)

Yes

Used for SIP requests from the Front End Servers.

Monitoring Servers

Monitoring service

135

Message Queuing and RPC

N/A

Used for message queuing and RPC operations.

Archiving Servers

Archiving service

135

Message Queuing and RPC

N/A

Used for message queuing and RPC operations.

Reverse proxy servers

80

TCP

N/A

Used by the reverse proxy to listen on the external interface for incoming requests from external users.

Reverse proxy servers

443

TCP

N/A

Used by the reverse proxy to listen on the external interface for incoming requests from external users for Web components information and file downloads, distribution group expansion as well as Address Book information.

Reverse proxy servers

8080

TCP

N/A

Used for SIP/TLS communication with the internal network to the Web services cluster. Traffic from port 80 on the external interface is redirected to this port

Reverse proxy servers

4443

TCP

N/A

Used by the reverse proxy to listen on the internal interface. Traffic from port 443 on the external interface is redirected to this port.

Edge Servers

All edge services (external interface)

443

TCP

Yes

Used for SIP/TLS communication for external users accessing internal Web conferences, and STUN/TCP inbound and outbound media communications for accessing internal media and A/V sessions.

Edge Servers

Access Edge Service (internal and external interface)

5061

TCP

Yes

Used for SIP/MTLS communication for remote user access or federation and public Internet connectivity.

Edge Servers

Web Conferencing Edge service (internal interface)

8057

TCP

No

Used to listen for PSOM/MTLS communications from the Web Conferencing Server on the internal interface of the Web Conferencing Edge Server.

Edge Servers

A/V Edge Authentication Service (internal interface)

5062

TCP

Yes

Used for SIP/MTLS authentication of A/V users. Communications flow outbound through the internal firewall.

Edge Servers

A/V Edge service (internal and external interfaces)

3478

UDP

Yes

Used for STUN/UDP inbound and outbound media exchange.

Edge Servers

A/V Edge service port range

50,000-59,999

RTP/TCP, RTP/UDP

No

Used for inbound and outbound media transfer through the external firewall. This port range always needs to be opened outbound for TCP. If you federate with an organization running Office Communications Server 2007, you must open this range both outbound and inbound, and for both TCP and UDP.

Edge Servers

Edge services (internal interface)

4443

TCP

No

Used to push configuration data from the Central Management Server to the Edge Server. This port must be opened on every individual Edge Server, not on the load balancer.

Clients

67/68

DHCP

N/A

Used by Communicator to find the Registrar FQDN (if DNS SRV fails and manual settings are not configured).

Clients

6891-6901

TCP

N/A

Used for file transfer between clients in this release and previous clients (clients of Office Communications Server 2007, Office Communications Server 2007 R2, and Live Communications Server 2005).

Clients

1024-65535

TCP/UDP

N/A

Used by clients for audio port range (minimum of 20 ports required).

Clients

1024-65535

TCP/UDP

N/A

Used by clients for video port range (minimum of 20 ports required).

Clients

1024-65535

TCP

N/A

Used by clients for peer-to-peer file transfer. (for conferencing file transfer, it uses PSOM.

Clients

1024-65535

TCP

N/A

Used by clients for application sharing.

Microsoft Communicator “14” Phone Edition for Aastra 6721ip common area phone, Microsoft Communicator “14” Phone Edition for Aastra 6725ip desk phone, Microsoft Communicator “14” Phone Edition for Polycom CX500 common area phone, and Microsoft Communicator “14” Phone Edition for Polycom CX600 desk phone

67/68

DHCP

N/A

Used by these phones to find the Communications Server certificate, provisioning FQDN, and Registrar FQDN.