Topic Last Modified: 2010-07-18
This section summarizes the ports and protocols used by servers and clients in a Microsoft Communications Server 2010 deployment.
 Note: |
|---|
| Windows Firewall must be running before you start the Communications Server 2010 services on a server, because that is when Communications Server opens the required ports in the firewall. |
For details about firewall configuration for edge components, see Determining Firewall and 50k Port Range Requirements.
The following table lists the ports that need to be open on each server role.
Additionally, for each port, the Does this port need to be open on the load balancer? and column indicates whether this port must be open on the load balancer as well, if this server is part of a pool. If you are using DNS load balancing for this pool, then for those ports with a value of Yes in this column, the DNS load balancing will automatically ensure that this port is open. Values of Yes (must be open on the hardware load balancer even if you are using DNS load balancing) indicate that load balancing for this port must be done on the pool’s hardware load balancer, even if DNS load balancing is used for SIP traffic on this pool. (If you are using only a hardware load balancer for a pool, then all ports with a value of “Yes” must be open on the hardware load balancer.)
Required Ports (by Server Role)
| Component (Server Role or Client) | Service name | Port | Protocol | Does this port need to be open on the load balancer? | Notes |
|---|---|---|---|---|---|
|
Front End Servers |
Front End service |
5060 |
TCP |
Yes |
Used by Standard Edition servers and Enterprise pools for listening to client connections from Communicator (TCP). |
|
Front End Servers |
Front End service |
5061 |
TCP(TLS) |
Yes |
Used by Standard Edition servers and Enterprise pools for all internal SIP communications between servers (MTLS), for SIP communications between Server and Client (TLS) and for SIP communications between Front End Servers and Mediation Servers (MTLS). |
|
Front End Servers |
Front End service |
444 |
HTTPS |
Yes |
Used for communication between the Focus (the Communications Server component that manages conference state) and the conferencing servers. |
|
Front End Servers |
Front End service |
135 |
DCOM and remote procedure call (RPC) |
Yes (must be open on the hardware load balancer even if you are using DNS load balancing) |
Used for DCOM based operations such as Moving Users, User Replicator Synchronization, and Address Book Synchronization. |
|
Front End Servers |
IM Conferencing service |
5062 |
TCP |
No |
Used for incoming SIP requests for IM conferencing. |
|
Front End Servers |
Web Conferencing service |
8057 |
TCP (TLS) |
No |
Used to listen for Persistent Shared Object Model (PSOM) connections from client. |
|
Front End Servers |
A/V Conferencing service |
5063 |
TCP |
No |
Used for incoming SIP requests for audio/video (A/V) conferencing. |
|
Front End Servers |
A/V Conferencing service |
57501-65335 |
TCP/UDP |
No |
Media port range used for video conferencing. |
|
Front End Servers |
Web Components (IIS) service |
80 |
HTTP |
Yes (must be open on the hardware load balancer even if you are using DNS load balancing) |
Used for communication from Front End Servers to the Web farm FQDNs (the URLs used by Web Components) when HTTPS is not used. |
|
Front End Servers |
Web Components (IIS) service |
443 |
HTTPS |
Yes (must be open on the hardware load balancer even if you are using DNS load balancing) |
Used for communication from Front End Servers to the Web farm FQDNs (the URLs used by Web Components). |
|
Front End Servers |
Web Components (IIS) service |
8080 |
TCP |
Yes (must be open on the hardware load balancer even if you are using DNS load balancing) |
Used for IIS Web components for external access. |
|
Front End Servers |
Conferencing Auto Attendant service (dial-in Conferencing) |
5064 |
TCP |
No |
Used for incoming SIP requests for dial-in conferencing. |
|
Front End Servers |
Conferencing Auto Attendant service (dial-in Conferencing) |
5072 |
TCP |
Yes |
Used for incoming SIP requests for Conferencing Attendant (dial in conferencing). |
|
Front End Servers that also run a Collocated Mediation Server |
Mediation service |
5070 |
TCP |
Yes |
Used by the Mediation Server for incoming requests from the Front End Server to the Mediation Server. |
|
Front End Servers that also run a Collocated Mediation Server |
Mediation service |
5067 |
TCP (TLS) |
Yes |
Used for incoming SIP requests from the PSTN gateway to the Mediation Server. |
|
Front End Servers that also run a Collocated Mediation Server |
Mediation service |
5068 |
TCP |
Yes |
Used for incoming SIP requests from the PSTN gateway to the Mediation Server. |
|
Front End Servers |
Application sharing service |
5065 |
TCP |
No |
Used for incoming SIP listening requests for application sharing for conferencing. |
|
Front End Servers |
Application sharing service |
49152-65335 |
TCP |
No |
Media port range used for application sharing. |
|
Front End Servers |
Conferencing Announcement service |
5073 |
TCP |
Yes |
Used for incoming SIP requests for Conferencing Announcement service (dial in conferencing). |
|
Front End Servers |
Call Park service |
5075 |
TCP |
Yes |
Used for incoming SIP requests for the Call Park service. |
|
Front End Servers |
Audio Test service |
5076 |
TCP |
Yes |
Used for incoming SIP requests for the Audio Test service. |
|
Front End Servers |
5066 |
TCP |
No |
Used for outbound E.911 gateway. |
|
|
Front End Servers |
QoE Agent service |
5069 |
TCP |
Yes |
Used by quality of experience Agent on the Front End Server. |
|
Front End Servers |
Response Group Service |
5071 |
TCP |
Yes |
Used for incoming SIP requests for the Response Group Service. |
|
Front End Servers |
Response Group Service |
8404 |
TCP (MTLS) |
No |
Used for incoming SIP requests for the Response Group Service. |
|
Front End Servers |
Bandwidth Policy service |
5080 |
TCP |
Yes |
Used for call admission control (CAC) by the Bandwidth Policy service for A/V Edge TURN traffic. |
|
Front End Servers |
Bandwidth Policy service |
448 |
TCP |
Yes |
Used by the Communications Server Bandwidth Policy service for call admission control (CAC). |
|
Front End Servers where the Central Management database resides |
CMS Replication service |
445 |
TCP |
No |
Used to push configuration data from the Central Management database to servers running Communications Server. |
|
All internal servers |
Various |
49152-57500 |
TCP/UDP |
N/A |
Media port range used for audio conferencing on all internal servers. Used by all servers that terminate audio: Front End Servers (for CAA CAS, and A/V), Mediation Server). |
|
Directors |
Front End service |
5060 |
TCP |
Yes |
Used by Standard Edition servers and Enterprise pools for listening to client connections from Communicator (TCP). |
|
Directors |
Front End service |
5061 |
TCP |
Yes |
Used for internal communications between servers and for client connections. |
|
Mediation Servers |
Mediation service |
5070 |
TCP |
Yes |
Used by the Mediation Server for incoming requests from the Front End Server. |
|
Mediation Servers |
Mediation service |
5067 |
TCP (TLS) |
Yes |
Used for incoming SIP requests from the PSTN gateway. |
|
Mediation Servers |
Mediation service |
5068 |
TCP |
Yes |
Used for incoming SIP requests from the PSTN gateway. |
|
Mediation Servers |
Mediation service |
5070 |
TCP (MTLS) |
Yes |
Used for SIP requests from the Front End Servers. |
|
Monitoring Servers |
Monitoring service |
135 |
Message Queuing and RPC |
N/A |
Used for message queuing and RPC operations. |
|
Archiving Servers |
Archiving service |
135 |
Message Queuing and RPC |
N/A |
Used for message queuing and RPC operations. |
|
Reverse proxy servers |
80 |
TCP |
N/A |
Used by the reverse proxy to listen on the external interface for incoming requests from external users. |
|
|
Reverse proxy servers |
443 |
TCP |
N/A |
Used by the reverse proxy to listen on the external interface for incoming requests from external users for Web components information and file downloads, distribution group expansion as well as Address Book information. |
|
|
Reverse proxy servers |
8080 |
TCP |
N/A |
Used for SIP/TLS communication with the internal network to the Web services cluster. Traffic from port 80 on the external interface is redirected to this port |
|
|
Reverse proxy servers |
4443 |
TCP |
N/A |
Used by the reverse proxy to listen on the internal interface. Traffic from port 443 on the external interface is redirected to this port. |
|
|
Edge Servers |
All edge services (external interface) |
443 |
TCP |
Yes |
Used for SIP/TLS communication for external users accessing internal Web conferences, and STUN/TCP inbound and outbound media communications for accessing internal media and A/V sessions. |
|
Edge Servers |
Access Edge Service (internal and external interface) |
5061 |
TCP |
Yes |
Used for SIP/MTLS communication for remote user access or federation and public Internet connectivity. |
|
Edge Servers |
Web Conferencing Edge service (internal interface) |
8057 |
TCP |
No |
Used to listen for PSOM/MTLS communications from the Web Conferencing Server on the internal interface of the Web Conferencing Edge Server. |
|
Edge Servers |
A/V Edge Authentication Service (internal interface) |
5062 |
TCP |
Yes |
Used for SIP/MTLS authentication of A/V users. Communications flow outbound through the internal firewall. |
|
Edge Servers |
A/V Edge service (internal and external interfaces) |
3478 |
UDP |
Yes |
Used for STUN/UDP inbound and outbound media exchange. |
|
Edge Servers |
A/V Edge service port range |
50,000-59,999 |
RTP/TCP, RTP/UDP |
No |
Used for inbound and outbound media transfer through the external firewall. This port range always needs to be opened outbound for TCP. If you federate with an organization running Office Communications Server 2007, you must open this range both outbound and inbound, and for both TCP and UDP. |
|
Edge Servers |
Edge services (internal interface) |
4443 |
TCP |
No |
Used to push configuration data from the Central Management Server to the Edge Server. This port must be opened on every individual Edge Server, not on the load balancer. |
|
Clients |
67/68 |
DHCP |
N/A |
Used by Communicator to find the Registrar FQDN (if DNS SRV fails and manual settings are not configured). |
|
|
Clients |
6891-6901 |
TCP |
N/A |
Used for file transfer between clients in this release and previous clients (clients of Office Communications Server 2007, Office Communications Server 2007 R2, and Live Communications Server 2005). |
|
|
Clients |
1024-65535 |
TCP/UDP |
N/A |
Used by clients for audio port range (minimum of 20 ports required). |
|
|
Clients |
1024-65535 |
TCP/UDP |
N/A |
Used by clients for video port range (minimum of 20 ports required). |
|
|
Clients |
1024-65535 |
TCP |
N/A |
Used by clients for peer-to-peer file transfer. (for conferencing file transfer, it uses PSOM. |
|
|
Clients |
1024-65535 |
TCP |
N/A |
Used by clients for application sharing. |
|
|
Microsoft Communicator “14” Phone Edition for Aastra 6721ip common area phone, Microsoft Communicator “14” Phone Edition for Aastra 6725ip desk phone, Microsoft Communicator “14” Phone Edition for Polycom CX500 common area phone, and Microsoft Communicator “14” Phone Edition for Polycom CX600 desk phone |
67/68 |
DHCP |
N/A |
Used by these phones to find the Communications Server certificate, provisioning FQDN, and Registrar FQDN. |