Ports used for connections - Configuration Manager (2024)

Table of Contents
In this article Ports you can configure Non-configurable ports Ports used by clients and site systems Asset Intelligence synchronization point --> Microsoft Asset Intelligence synchronization point --> SQL Server Client --> Client Client --> Configuration Manager Network Device Enrollment Service (NDES) policy module Client --> Cloud distribution point Client --> Cloud management gateway (CMG) Client --> Distribution point, both standard and pull Client --> Distribution point configured for multicast, both standard and pull Client --> Distribution point configured for PXE, both standard and pull Client --> Fallback status point Client --> Global catalog domain controller Client --> Management point Client --> Software update point Client --> State migration point CMG connection point --> CMG virtual machine scale set CMG connection point --> CMG classic cloud service CMG connection point --> Management point CMG connection point --> Software update point Configuration Manager console --> Client Configuration Manager console --> internet Configuration Manager console --> Reporting services point Configuration Manager console --> Site server Configuration Manager console --> SMS Provider Configuration Manager Network Device Enrollment Service (NDES) policy module --> Certificate registration point Data warehouse service point --> SQL Server Distribution point, both standard and pull --> Management point Endpoint Protection point --> internet Endpoint Protection point --> SQL Server Enrollment proxy point --> Enrollment point Enrollment point --> SQL Server Exchange Server Connector --> Exchange Online Exchange Server Connector --> On-premises Exchange Server Mac computer --> Enrollment proxy point Management point --> Domain controller Management point <--> Site server Management point --> SQL Server Mobile device --> Enrollment proxy point Pull-Distribution point --> Distribution point configured as source Reporting Services point --> SQL Server Service connection point --> Azure (CMG) Service connection point --> Azure Logic App Site server <--> Asset Intelligence synchronization point Site server --> Client Site server --> Cloud distribution point Site server --> Distribution point, both standard and pull Site server --> Domain controller Site server <--> Certificate registration point Site server <--> CMG connection point Site server <--> Endpoint Protection point Site server <--> Enrollment point Site server <--> Enrollment proxy point Site server <--> Fallback status point Site server --> internet Site server <--> Issuing certification authority (CA) Site server --> Server hosting remote content library share Site server <--> Service connection point Site server <--> Reporting services point Site server <--> Site server Site server --> SQL Server Site server --> SQL Server for WSUS Site server --> SMS Provider Site server <--> Software update point Site server <--> State migration point SMS Provider --> SQL Server Software update point --> internet Software update point --> Upstream WSUS server SQL Server --> SQL Server State migration point --> SQL Server Notes for ports used by clients and site systems Other ports Connections to SQL Server Discovery and publishing External connections made by Configuration Manager Installation requirements for site systems that support internet-based clients Ports used by Configuration Manager client installation Ports used by migration Ports used by Windows Server Diagram Next steps FAQs
  • Article
  • 20 minutes to read

Applies to: Configuration Manager (current branch)

This article lists the network ports that Configuration Manager uses. Some connections use ports that aren't configurable, and some support custom ports that you specify. If you use any port filtering technology, verify that the required ports are available. These port filtering technologies include firewalls, routers, proxy servers, or IPsec.

Note

If you support internet-based clients by using SSL bridging, in addition to port requirements, you might also have to allow some HTTP verbs and headers to traverse your firewall.

Ports you can configure

Configuration Manager enables you to configure the ports for the following types of communication:

  • Enrollment proxy point to enrollment point

  • Client-to-site systems that run IIS

  • Client to internet (as proxy server settings)

  • Software update point to internet (as proxy server settings)

  • Software update point to WSUS server

  • Site server to site database server

  • Site server to WSUS database server

  • Reporting services points

    Note

    You configure the ports for the reporting services point in SQL Server Reporting Services. Configuration Manager then uses these ports during communications to the reporting services point. Be sure to review these ports that define the IP filter information for IPsec policies or for configuring firewalls.

By default, the HTTP port that's used for client-to-site system communication is port 80, and 443 for HTTPS. You can change these ports during setup or in the site properties.

Non-configurable ports

Configuration Manager doesn't allow you to configure ports for the following types of communication:

  • Site to site

  • Site server to site system

  • Configuration Manager console to SMS Provider

  • Configuration Manager console to the internet

  • Connections to cloud services, such as Microsoft Azure

Ports used by clients and site systems

The following sections detail the ports that are used for communication in Configuration Manager. The arrows in the section title show the direction of the communication:

  • --> Indicates that one computer starts communication and the other computer always responds

  • <--> Indicates that either computer can start communication

Asset Intelligence synchronization point --> Microsoft

DescriptionUDPTCP
HTTPS--443

Asset Intelligence synchronization point --> SQL Server

DescriptionUDPTCP
SQL over TCP--1433 Note 2 Alternate port available

Client --> Client

Wake-up proxy also uses ICMP echo request messages from one client to another client. Clients use this communication to confirm whether the other client is awake on the network. ICMP is sometimes referred to as ping commands. ICMP doesn't have a UDP or TCP protocol number, and so it isn't listed in the below table. However, any host-based firewalls on these client computers or intervening network devices within the subnet must permit ICMP traffic for wake-up proxy communication to succeed.

DescriptionUDPTCP
Wake On LAN9 Note 2 Alternate port available--
Wake-up proxy25536 Note 2 Alternate port available--
Windows PE Peer cache broadcast8004--
Windows PE Peer cache download--8003

For more information, see Windows PE Peer Cache.

Client --> Configuration Manager Network Device Enrollment Service (NDES) policy module

DescriptionUDPTCP
HTTP80
HTTPS--443

Client --> Cloud distribution point

DescriptionUDPTCP
HTTPS--443

For more information, see Ports and data flow.

Client --> Cloud management gateway (CMG)

DescriptionUDPTCP
HTTPS--443

For more information, see CMG data flow.

Client --> Distribution point, both standard and pull

DescriptionUDPTCP
HTTP--80 Note 2 Alternate port available
HTTPS--443 Note 2 Alternate port available
Express updates--8005 Note 2 Alternate port available

Note

Use client settings to configure the alternate port for express updates. For more information, see Port that clients use to receive requests for delta content.

Client --> Distribution point configured for multicast, both standard and pull

DescriptionUDPTCP
Server Message Block (SMB)--445
Multicast protocol63000-64000--

Client --> Distribution point configured for PXE, both standard and pull

DescriptionUDPTCP
DHCP67 and 68--
TFTP69 Note 4--
Boot Information Negotiation Layer (BINL)4011--
DHCPv6 for PXE responder without WDS547--

Important

If you enable a host-based firewall, make sure that the rules allow the server to send and receive on these ports. When you enable a distribution point for PXE, Configuration Manager can enable the inbound (receive) rules on the Windows Firewall. It doesn't configure the outbound (send) rules.

See Also
Configuring Remote Control in SCCM 2012 | Windows OS HubConfigMgr Client TCP Port Tester

Client --> Fallback status point

DescriptionUDPTCP
HTTP--80 Note 2 Alternate port available

Client --> Global catalog domain controller

A Configuration Manager client doesn't contact a global catalog server when it's a workgroup computer or when it's configured for internet-only communication.

DescriptionUDPTCP
Global catalog LDAP--3268

Client --> Management point

DescriptionUDPTCP
Client notification (default communication before falling back to HTTP or HTTPS)--10123 Note 2 Alternate port available
HTTP--80 Note 2 Alternate port available
HTTPS--443 Note 2 Alternate port available

Client --> Software update point

DescriptionUDPTCP
HTTP--80 or 8530 Note 3
HTTPS--443 or 8531 Note 3

Client --> State migration point

DescriptionUDPTCP
HTTP--80 Note 2 Alternate port available
HTTPS--443 Note 2 Alternate port available
Server Message Block (SMB)--445

CMG connection point --> CMG virtual machine scale set

Configuration Manager uses these connections to build the CMG channel. For more information, see CMG data flow.

DescriptionUDPTCP
HTTPS (one VM)--443
HTTPS (two or more VMs)--10124-10139

CMG connection point --> CMG classic cloud service

Configuration Manager uses these connections to build the CMG channel. For more information, see CMG data flow.

DescriptionUDPTCP
TCP-TLS (preferred)--10140-10155
HTTPS (fallback with one VM)--443
HTTPS (fallback with two or more VMs)--10124-10139

CMG connection point --> Management point

DescriptionUDPTCP
HTTPS--443
HTTP--80

The specific port required depends upon the management point configuration. For more information, see CMG data flow.

CMG connection point --> Software update point

The specific port depends upon the software update point configuration.

DescriptionUDPTCP
HTTPS--443/8531
HTTP--80/8530

For more information, see CMG data flow.

Configuration Manager console --> Client

DescriptionUDPTCP
Remote Control (control)--2701
Remote Assistance (RDP and RTC)--3389

Configuration Manager console --> internet

DescriptionUDPTCP
HTTP--80
HTTPS--443

The Configuration Manager console uses internet access for the following actions:

  • Downloading software updates from Microsoft Update for deployment packages.
  • The Feedback item in the ribbon.
  • Links to documentation within the console.
  • Downloading items from Community hub

Configuration Manager console --> Reporting services point

DescriptionUDPTCP
HTTP--80 Note 2 Alternate port available
HTTPS--443 Note 2 Alternate port available

Configuration Manager console --> Site server

DescriptionUDPTCP
RPC (initial connection to WMI to locate provider system)--135

Configuration Manager console --> SMS Provider

DescriptionUDPTCP
RPC Endpoint Mapper135135
RPC--DYNAMIC Note 6
HTTPS--443 *Note

Note for administration service

Any device that makes a call to the administration service on the SMS Provider uses HTTPS port 443. For more information, see What is the administration service?

Configuration Manager Network Device Enrollment Service (NDES) policy module --> Certificate registration point

DescriptionUDPTCP
HTTPS--443 Note 2 Alternate port available

Data warehouse service point --> SQL Server

DescriptionUDPTCP
SQL over TCP--1433 Note 2 Alternate port available

Distribution point, both standard and pull --> Management point

A distribution point communicates to the management point in the following scenarios:

  • To report the status of prestaged content

  • To report usage summary data

  • To report content validation

  • To report the status of package downloads, only for pull-distribution points

DescriptionUDPTCP
HTTP--80 Note 2 Alternate port available
HTTPS--443 Note 2 Alternate port available

Endpoint Protection point --> internet

DescriptionUDPTCP
HTTP--80

Endpoint Protection point --> SQL Server

DescriptionUDPTCP
SQL over TCP--1433 Note 2 Alternate port available

Enrollment proxy point --> Enrollment point

DescriptionUDPTCP
HTTPS--443 Note 2 Alternate port available

Enrollment point --> SQL Server

DescriptionUDPTCP
SQL over TCP--1433 Note 2 Alternate port available

Exchange Server Connector --> Exchange Online

DescriptionUDPTCP
Windows Remote Management over HTTPS--5986

Exchange Server Connector --> On-premises Exchange Server

DescriptionUDPTCP
Windows Remote Management over HTTP--5985

Mac computer --> Enrollment proxy point

DescriptionUDPTCP
HTTPS--443

Management point --> Domain controller

DescriptionUDPTCP
Lightweight Directory Access Protocol (LDAP)389389
Secure LDAP (LDAPS, for signing and binding)636636
Global catalog LDAP--3268
RPC Endpoint Mapper--135
RPC--DYNAMIC Note 6

Management point <--> Site server

Note 5

DescriptionUDPTCP
RPC Endpoint mapper--135
RPC--DYNAMIC Note 6
Server Message Block (SMB)--445

Management point --> SQL Server

DescriptionUDPTCP
SQL over TCP--1433 Note 2 Alternate port available

Mobile device --> Enrollment proxy point

DescriptionUDPTCP
HTTPS--443

Pull-Distribution point --> Distribution point configured as source

DescriptionUDPTCP
HTTP--80 Note 2 Alternate port available
HTTPS--443 Note 2 Alternate port available
Express updates--8005 Note 2 Alternate port available

Reporting Services point --> SQL Server

DescriptionUDPTCP
SQL over TCP--1433 Note 2 Alternate port available

Service connection point --> Azure (CMG)

DescriptionUDPTCP
HTTPS for CMG service deployment--443

For more information, see CMG data flow.

Service connection point --> Azure Logic App

DescriptionUDPTCP
HTTPS for external notification--443

For more information, see External notifications.

Site server <--> Asset Intelligence synchronization point

DescriptionUDPTCP
Server Message Block (SMB)--445
RPC Endpoint Mapper135135
RPC--DYNAMIC Note 6

Site server --> Client

DescriptionUDPTCP
Wake On LAN9 Note 2 Alternate port available--

Site server --> Cloud distribution point

DescriptionUDPTCP
HTTPS--443

For more information, see Ports and data flow.

Site server --> Distribution point, both standard and pull

Note 5

DescriptionUDPTCP
Server Message Block (SMB)--445
RPC Endpoint Mapper135135
RPC--DYNAMIC Note 6

Site server --> Domain controller

DescriptionUDPTCP
Lightweight Directory Access Protocol (LDAP)389389
Secure LDAP (LDAPS, for signing and binding)636636
Global catalog LDAP--3268
RPC Endpoint Mapper--135
RPC--DYNAMIC Note 6

Site server <--> Certificate registration point

DescriptionUDPTCP
Server Message Block (SMB)--445
RPC Endpoint Mapper135135
RPC--DYNAMIC Note 6

Site server <--> CMG connection point

DescriptionUDPTCP
Server Message Block (SMB)--445
RPC Endpoint Mapper135135
RPC--DYNAMIC Note 6

Site server <--> Endpoint Protection point

DescriptionUDPTCP
Server Message Block (SMB)--445
RPC Endpoint Mapper135135
RPC--DYNAMIC Note 6

Site server <--> Enrollment point

DescriptionUDPTCP
Server Message Block (SMB)--445
RPC Endpoint Mapper135135
RPC--DYNAMIC Note 6

Site server <--> Enrollment proxy point

DescriptionUDPTCP
Server Message Block (SMB)--445
RPC Endpoint Mapper135135
RPC--DYNAMIC Note 6

Site server <--> Fallback status point

Note 5

DescriptionUDPTCP
Server Message Block (SMB)--445
RPC Endpoint Mapper135135
RPC--DYNAMIC Note 6

Site server --> internet

DescriptionUDPTCP
HTTP--80 Note 1
HTTPS--443

Site server <--> Issuing certification authority (CA)

This communication is used when you deploy certificate profiles by using the certificate registration point. The communication isn't used for every site server in the hierarchy. Instead, it's used only for the site server at the top of the hierarchy.

DescriptionUDPTCP
RPC Endpoint Mapper135135
RPC (DCOM)--DYNAMIC Note 6

Site server --> Server hosting remote content library share

You can move the content library to another storage location to free up hard drive space on your central administration or primary site servers. For more information, see Configure a remote content library for the site server.

DescriptionUDPTCP
Server Message Block (SMB)--445

Site server <--> Service connection point

DescriptionUDPTCP
Server Message Block (SMB)--445
RPC Endpoint Mapper135135
RPC--DYNAMIC Note 6

Site server <--> Reporting services point

Note 5

DescriptionUDPTCP
Server Message Block (SMB)--445
RPC Endpoint Mapper135135
RPC--DYNAMIC Note 6

Site server <--> Site server

DescriptionUDPTCP
Server Message Block (SMB)--445

Site server --> SQL Server

DescriptionUDPTCP
SQL over TCP--1433 Note 2 Alternate port available

During the installation of a site that uses a remote SQL Server to host the site database, open the following ports between the site server and the SQL Server:

DescriptionUDPTCP
Server Message Block (SMB)--445
RPC Endpoint Mapper135135
RPC--DYNAMIC Note 6

Site server --> SQL Server for WSUS

DescriptionUDPTCP
SQL over TCP--1433 Note 3 Alternate port available

Site server --> SMS Provider

DescriptionUDPTCP
Server Message Block (SMB)--445
RPC Endpoint Mapper135135
RPC--DYNAMIC Note 6

Site server <--> Software update point

Note 5

DescriptionUDPTCP
Server Message Block (SMB)--445
RPC Endpoint Mapper135135
RPC--DYNAMIC Note 6
HTTP--80 or 8530 Note 3
HTTPS--443 or 8531 Note 3

Site server <--> State migration point

Note 5

DescriptionUDPTCP
Server Message Block (SMB)--445
RPC Endpoint Mapper135135

SMS Provider --> SQL Server

DescriptionUDPTCP
SQL over TCP--1433 Note 2 Alternate port available

Software update point --> internet

DescriptionUDPTCP
HTTP--80 Note 1

Software update point --> Upstream WSUS server

DescriptionUDPTCP
HTTP--80 or 8530 Note 3
HTTPS--443 or 8531 Note 3

SQL Server --> SQL Server

Intersite database replication requires the SQL Server at one site to communicate directly with the SQL Server at its parent or child site.

DescriptionUDPTCP
SQL Server service--1433 Note 2 Alternate port available
SQL Server Service Broker--4022 Note 2 Alternate port available

Tip

Configuration Manager doesn't require the SQL Server Browser, which uses port UDP 1434.

State migration point --> SQL Server

DescriptionUDPTCP
SQL over TCP--1433 Note 2 Alternate port available

Notes for ports used by clients and site systems

Note 1: Proxy server port

This port can't be configured but can be routed through a configured proxy server.

Note 2: Alternate port available

You can define an alternate port in Configuration Manager for this value. If you define a custom port, use that custom port in the IP filter information for IPsec policies or to configure firewalls.

Note 3: Windows Server Update Services (WSUS)

Since Windows Server 2012, by default WSUS uses port 8530 for HTTP and port 8531 for HTTPS.

After installation, you can change the port. You don't have to use the same port number throughout the site hierarchy.

  • If the HTTP port is 80, the HTTPS port must be 443.

  • If the HTTP port is anything else, the HTTPS port must be 1 or higher, for example, 8530 and 8531.

    Note

    When you configure the software update point to use HTTPS, the HTTP port must also be open. Unencrypted data, such as the EULA for specific updates, uses the HTTP port.

  • The site server makes a connection to the SQL Server hosting the SUSDB when you enable the following options for WSUS cleanup:

    • Add non-clustered indexes to the WSUS database to improve WSUS cleanup performance
    • Remove obsolete updates from the WSUS database

If you change the default SQL Server port to an alternate port with SQL Server Configuration Manager, make sure the site server can connect using the defined port. Configuration Manager doesn't support dynamic ports. By default, SQL Server named instances use dynamic ports for connections to the database engine. When you use a named instance, manually configure the static port.

Note 4: Trivial FTP (TFTP) Daemon

The Trivial FTP (TFTP) Daemon system service doesn't require a user name or password and is an integral part of Windows Deployment Services (WDS). The Trivial FTP Daemon service implements support for the TFTP protocol that's defined by the following RFCs:

  • RFC 1350: TFTP

  • RFC 2347: Option extension

  • RFC 2348: Block size option

  • RFC 2349: Time-out interval and transfer size options

TFTP is designed to support diskless boot environments. TFTP Daemons listen on UDP port 69 but respond from a dynamically allocated high port. If you enable this port, the TFTP service can receive incoming TFTP requests, but the selected server can't respond to those requests. You can't enable the selected server to respond to inbound TFTP requests unless you configure the TFTP server to respond from port 69.

The PXE-enabled distribution point and the client in Windows PE select dynamically allocated high ports for TFTP transfers. These ports are defined by Microsoft between 49152 and 65535. For more information, see Service overview and network port requirements for Windows.

However, during the actual PXE boot, the network card on the device selects the dynamically allocated high port it uses during the TFTP transfer. The network card on the device isn't bound to the dynamically allocated high ports defined by Microsoft. It's only bound to the ports defined in RFC 1350. This port can be any from 0 to 65535. For more information about what dynamically allocated high ports the network card uses, contact the device hardware manufacturer.

Note 5: Communication between the site server and site systems

By default, communication between the site server and site systems is bi-directional. The site server starts communication to configure the site system, and then most site systems connect back to the site server to send status information. Reporting service points and distribution points don't send status information. If you select Require the site server to initiate connections to this site system on the site system properties after the site system has been installed, the site system won't start communication with the site server. Instead, the site server starts the communication. It uses the site system installation account for authentication to the site system server.

Note 6: Dynamic ports

Dynamic ports use a range of port numbers that's defined by the OS version. These ports are also known as ephemeral ports. For more information about the default port ranges, see Service overview and network port requirements for Windows.

Other ports

The following sections provide more information about ports that Configuration Manager uses.

Clients use Server Message Block (SMB) whenever they connect to UNC shares. For example:

  • Manual client installation that specifies the CCMSetup.exe /source: command-line property

  • Endpoint Protection clients that download definition files from a UNC path

DescriptionUDPTCP
Server Message Block (SMB)--445

Connections to SQL Server

For communication to the SQL Server database engine and for intersite replication, you can use the default SQL Server port or specify custom ports:

  • Intersite communications use:

    • SQL Server Service Broker, which defaults to port TCP 4022.

    • SQL Server service, which defaults to port TCP 1433.

  • Intrasite communication between the SQL Server database engine and various Configuration Manager site system roles defaults to port TCP 1433.

  • Configuration Manager uses the same ports and protocols to communicate with each SQL Server Always On availability group replica that hosts the site database as if the replica was a standalone SQL Server instance.

When you use Azure and the site database is behind an internal or external load balancer, configure the following components:

  • Firewall exceptions on each replica
  • Load-balancing rules

Configure the following ports:

  • SQL over TCP: TCP 1433
  • SQL Server Service Broker: TCP 4022
  • Server Message Block (SMB): TCP 445
  • RPC Endpoint Mapper: TCP 135

Warning

Configuration Manager doesn't support dynamic ports. By default, SQL Server named instances use dynamic ports for connections to the database engine. When you use a named instance, manually configure the static port for intrasite communication.

The following site system roles communicate directly with the SQL Server database:

  • Certificate registration point role

  • Enrollment point role

  • Management point

  • Site server

  • Reporting Services point

  • SMS Provider

  • SQL Server --> SQL Server

When a SQL Server hosts a database from more than one site, each database must use a separate instance of SQL Server. Configure each instance with a unique set of ports.

If you enable a host-based firewall on the SQL Server, configure it to allow the correct ports. Also configure network firewalls in between computers that communicate with the SQL Server.

For an example of how to configure SQL Server to use a specific port, see Configure a server to listen on a specific TCP port.

Discovery and publishing

Configuration Manager uses the following ports for the discovery and publishing of site information:

  • Lightweight Directory Access Protocol (LDAP): 389
  • Secure LDAP (LDAPS, for signing and binding): 636
  • Global catalog LDAP: 3268
  • RPC Endpoint Mapper: 135
  • RPC: Dynamically allocated high TCP ports
  • TCP: 1024: 5000
  • TCP: 49152: 65535

External connections made by Configuration Manager

On-premises Configuration Manager clients or site systems can make the following external connections:

  • Asset Intelligence synchronization point --> Microsoft

  • Endpoint Protection point --> internet

  • Client --> Global catalog domain controller

  • Configuration Manager console --> internet

  • Management point --> Domain controller

  • Site server --> Domain controller

  • Site server <--> Issuing Certification Authority (CA)

  • Software update point --> internet

  • Software update point --> Upstream WSUS Server

  • Service connection point --> Azure

  • Service connection point --> Azure Logic App

  • CMG connection point --> CMG cloud service

Installation requirements for site systems that support internet-based clients

Note

This section only applies to internet-based client management (IBCM). It doesn't apply to the cloud management gateway. For more information, see Manage clients on the internet.

Internet-based management points, distribution points that support internet-based clients, the software update point, and the fallback status point use the following ports for installation and repair:

  • Site server --> Site system: RPC endpoint mapper using UDP and TCP port 135

  • Site server --> Site system: RPC dynamic TCP ports

  • Site server <--> Site system: Server message blocks (SMB) using TCP port 445

Application and package installations on distribution points require the following RPC ports:

  • Site server --> Distribution point: RPC endpoint mapper using UDP and TCP port 135

  • Site server --> Distribution point: RPC dynamic TCP ports

Use IPsec to help secure the traffic between the site server and site systems. If you must restrict the dynamic ports that are used with RPC, you can use the Microsoft RPC configuration tool (rpccfg.exe). Use the tool to configure a limited range of ports for these RPC packets. For more information, see How to configure RPC to use certain ports and how to help secure those ports by using IPsec.

Important

Before you install these site systems, make sure that the remote registry service is running on the site system server and that you have specified a site system installation account if the site system is in a different Active Directory forest without a trust relationship. For example, the remote registry service is used on servers running site systems such as distribution points (both pull and standard) and remote SQL Servers.

Ports used by Configuration Manager client installation

The ports that Configuration Manager uses during client installation depends on the deployment method:

Ports used by migration

The site server that runs migration uses several ports to connect to applicable sites in the source hierarchy. For more information, see Required configurations for migration.

Ports used by Windows Server

The following table lists some of the key ports used by Windows Server.

DescriptionUDPTCP
DNS5353
DHCP67 and 68--
NetBIOS Name Resolution137--
NetBIOS Datagram Service138--
NetBIOS Session Service--139
Kerberos authentication--88

For more information, see the following articles:

Diagram

The following diagram shows the connections between the main components that are in a typical Configuration Manager site. It currently doesn't include all connections.

Ports used for connections - Configuration Manager (1)

Next steps

Proxy server support

Internet access requirements

Ports used for connections - Configuration Manager (2024)

FAQs

Does SCCM need port 445? ›

#1) SMB traffic on TCP 445 is a requirement for the SCCM Primary to communicate with the SCCM Secondary site server. #2) SCCM clients in Network B do not need to traverse the firewall using SMB since the SCCM Secondary in Network B is "local" and the SCCM clients can use this as a distribution point.

Read On
Which of the following TCP port numbers are important for installing SCCM CB? ›

Firewall Ports Client Network -> Configuration Manager Roles

8530 TCP. Software Update Point. 8531 TCP.

Discover More Details
How do I know if my SCCM port is open? ›

This is a little tool I created for testing the required TCP ports on SCCM client systems. It will check that the required inbound ports are open and that the client can communicate to its management point, distribution point and software update point on the required ports.

Continue Reading
What is port 10123? ›

SCCM (System Center Configuration Manager) Microsoft software management suite uses port 10123 for client notifications.

See Details
What is port 139 and 445 used for? ›

Ports 139 and 445 are used for 'NetBIOS' communication between two Windows 2000 hosts. In the case of port 445 an attacker may use this to perform NetBIOS attacks as it would on port 139. Impact: All NetBIOS attacks are possible on this host.

Find Out More
Does SCCM use port 8005? ›

Summary. Express patching functionality in Microsoft System Center Configuration Manager (SCCM) uses port 8005, the Tomcat is not able to bind the port.

Tell Me More
What are the 3 types of port numbers? ›

The port numbers are divided into three ranges:
  • Well-known ports. The well known ports are those from 0 - 1,023. ...
  • Registered ports. The registered ports are those from 1,024 - 49,151. ...
  • Dynamic and/or private ports. The dynamic and/or private ports are those from 49,152 - 65,535.

Show Me More
What ports do I need to know for network? ›

Table 1-2 Well-known port numbers.
PROTOCOLACRONYMPORT NUMBER
Hypertext Transfer ProtocolHTTP80
Hypertext Transfer Protocol SecureHTTPS443
File Transfer ProtocolFTP20 (Data), 21 (Control)
TELNETTELNET23
6 more rows
Dec 15, 2012

Explore More
What are the most used port numbers? ›

Some of the most commonly used ports, along with their associated networking protocol, are:
  • Ports 20 and 21: File Transfer Protocol (FTP). ...
  • Port 22: Secure Shell (SSH). ...
  • Port 25: Historically, Simple Mail Transfer Protocol (SMTP). ...
  • Port 53: Domain Name System (DNS). ...
  • Port 80: Hypertext Transfer Protocol (HTTP).

Continue Reading
What port is SCCM? ›

To use Configuration Manager remote control, allow the following port: Inbound: TCP Port 2701.

Show Me More

What is RPC port number? ›

By default, RPC uses the port range of 1024 to 5000 for allocating ports for endpoints.

Read The Full Story
How can I tell if port 7777 is open? ›

On a Windows computer

Press the Windows key + R, then type "cmd.exe" and click OK. Enter "telnet + IP address or hostname + port number" (e.g., telnet www.example.com 1723 or telnet 10.17. xxx. xxx 5000) to run the telnet command in Command Prompt and test the TCP port status.

See Details
What port is 4848 used for? ›

admin Administration Server

Get More Info Here
What is the port 5349? ›

The standard listening port number for a STUN server is 3478 for UDP and TCP, and 5349 for TLS. Alternatively, TLS may also be run on the TCP port if the server implementation can de-multiplex TLS and STUN packets.

Continue Reading
What is port 443 used for? ›

Port 443 is a virtual port that computers use to divert network traffic. Billions of people across the globe use it every single day. Any web search you make, your computer connects with a server that hosts that information and fetches it for you. This connection is made via a port – either HTTPS or HTTP port.

View More
What are ports 135 and 445 used for? ›

Port 135 is used for RPC client-server communication, and ports 139 and 445 are used for authentication and file sharing. UDP ports 137 and 138 are used for local NetBIOS browser, naming, and lookup functions.

View Details
What is port 445 commonly used for? ›

Port 445 is a traditional Microsoft networking port with tie-ins to the original NetBIOS service found in earlier versions of Windows OSes. Today, port 445 is used by Microsoft Directory Services for Active Directory (AD) and for the Server Message Block (SMB) protocol over TCP/IP.

See More
What port can I use instead of 1433? ›

The alternative port is 14330. If you find that your ISP or firewall is blocking the standard SQL port (1433), you can configure your SQL client to connect via the alternative port. Did you know that our Website Cloud Backup service can also back up your database?

Learn More
What application uses port 8009? ›

Apache JServ Protocol (AJP) is used for communication between Tomcat and Apache web server. This protocol is binary and is enabled by default. Anytime the web server is started, AJP protocol is started on port 8009. It is primarily used as a reverse proxy to communicate with application servers.

Discover More Details
What port number is 8084? ›

Port 8084 Details

IBM Lotus Sametime server uses this port. To allow internal users to participate in interactive audio/video meetings with users from the Internet, you must either open TCP port 8084 (the default TCP Tunneling port for the Audio/Video Services) or a range of UDP ports through the internal firewall.

Show Me More

What are the four standard ports? ›

There are different types of ports available:
  • Serial port.
  • Parallel port.
  • USB port.
  • PS/2 port.
  • VGA port.
  • Modem port.
  • FireWire Port.
  • Sockets.
Jun 16, 2021

Learn More Now
Which port is the most common port used to connect? ›

A)USB: It is the port that is specifically designed to connect peripheral devices to a computer. It is an industry-agreed standard that is implemented in almost all computing devices to connect an external device(input/output) to the computer.

Explore More
Which ports uses TCP? ›

TCP ports are ports that comply with the transmission control protocols. Some TCP ports include File Transfer Protocol ports (20 and 21) for file transfers, the SMTP port (25) and IMAP port (143) for emails, and the Secure Shell port (22).

Explore More
What ports does DHCP use? ›

DHCP servers have a User Datagram Protocol (UDP) port number of 67, so listen for messages addressed to this port number. On the other hand, DHCP clients have the UDP port number 68 and only respond to messages sent to number 68.

Continue Reading
How many network ports are there? ›

Ports and Protocols. Between the protocols User Datagram Protocol (UDP) and Transmission Control Protocol (TCP), there are 65,535 ports available for communication between devices.

Read The Full Story
What are the 13 major ports? ›

What are the 13 major ports of India?
  • Chennai- Tamil Nadu.
  • Kochi- Kerala.
  • Ennore-Tamil Nadu.
  • Kolkata-West Bengal.
  • Kandla-Gujarat.
  • Mangalore-Karnataka.
  • Mormugao-Goa.
  • Mumbai Port Trust-Maharashtra.

Keep Reading
What port is LDAP? ›

The default port for LDAP is port 389, but LDAPS uses port 636 and establishes TLS/SSL upon connecting with a client.

Explore More
What ports should not be used? ›

Ports 80, 443, 8080 and 8443 (HTTP and HTTPS)

They're especially vulnerable to cross-site scripting, SQL injections, cross-site request forgeries and DDoS attacks.

See Details
Is port 5671 TCP or UDP? ›

It supports connections over TCP port 5671. It requires the port 5671(default port used by AMQP) to be enabled in the network of the sender or receiver local system.

See More
Why is port 2083 used? ›

The TCP port 2083 was already previously assigned by IANA for "RadSec", an early implementation of RADIUS/TLS, prior to issuance of this RFC. This early implementation can be configured to be compatible to RADIUS/TLS as specified by the IETF. See [RFC6614], Appendix A for details.

Explore More

Is port 3268 UDP or TCP? ›

Service Name and Transport Protocol Port Number Registry
Service NamePort NumberTransport Protocol
ns-cfg-server3266udp
ibm-dial-out3267tcp
ibm-dial-out3267udp
msft-gc3268tcp
78 more rows

See Details
Does RPC use TCP or UDP? ›

Generally, RPC applications will use UDP when sending data, and only fall back to TCP when the data to be transferred doesn't fit into a single UDP datagram. Of course, client programs have to have a way to find out which port a program number maps to.

Keep Reading
Is port 135 an RPC? ›

Port 135 is used for RPC client-server communication; ports 139 and 445 are used for authentication and file sharing. UDP ports 137 and 138 are used for local NetBIOS browser, naming, and lookup functions.

Explore More
Is RPC HTTP or TCP? ›

RPC protocol uses TCP as an underlying protocol and HTTP again uses TCP as an underlying protocol.

Know More
What is TCP port 7778 used for? ›

Port 7778 Details

The OHS component 1.0. 2 through 10. x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778.

See More
How can I tell if port 8080 is open? ›

For instance, to check whether port 8080 is open, you would type “lsof -i :8080” in the terminal. This will show you a list of all the processes using port 8080.

Discover More Details
What is the port 4444? ›

Port 4444, Transfer Control Protocol: Some rootkits, backdoors, and Trojans open and use port 4444. It uses this port to eavesdrop on traffic and communications, for its communications, and to receive data from the compromised computer.

Show Me More
What is port 515 used for? ›

LPR is a TCP-based protocol. The port on which a line printer daemon listens is 515. The source port must be less than 1024. A line printer daemon responds to commands sent to its port.

Tell Me More
What port is 389 used for? ›

Port 389 is used for TLS connections; TLS establishes a non encrypted connection on port 389 that it 'upgrades' to an encrypted TLS connection as the initial connection proceeds. This allows unencrypted and encrypted connections to be setup and handled by this one port.

View More
What is a 10101 port used for? ›

This port was used for serial communication back before USB existed (For connecting a mouse and that sort of things). The 10101 label on the port is just a string of ones and zeros (Serial communication).

Find Out More

What is using port 7777? ›

When Oracle HTTP Server is started, by default, it listens for requests on port 7777 (non-SSL). If port 7777 is occupied, Oracle HTTP Server listens on the next available port number between a range of 7777-7877.

Continue Reading
What is the port 2255? ›

Port 2255 Details

Ports are unsigned 16-bit integers (0-65535) that identify a specific process, or network service. IANA is responsible for internet protocol resources, including the registration of commonly used port numbers for well-known internet services.

Discover More Details
What is 2121 port used for? ›

Port 2121 Details. FTP proxy uses port 2121 (TCP). A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.

See Details
What port is 587 used for? ›

Port 587: The standard secure SMTP port

Modern email servers use port 587 for the secure submission of email for delivery. For example, if you use an email client software like Outlook or Apple Mail, it most likely is configured to use this port to send your messages.

Tell Me More
Whats port 5678 used for? ›

Port 5678 Details. Port used by Linksys (and other) Cable/DSL Routers Remote Administration. Also used by MikroTik Neighbor Discovery protocol. SNATMAP server also uses this port to ensure that connections between iChat users can properly function behind network address translation (NAT).

Discover More
Why is port 8081 used? ›

Best Answer. By Default, Port 8081 is only used for the Administration of tomcat, and blocking it will not impact the Java Console or product usage.

See More
Do I need port 445 open? ›

We also recommend blocking port 445 on internal firewalls to segment your network – this will prevent internal spreading of the ransomware. Note that blocking TCP 445 will prevent file and printer sharing – if this is required for business, you may need to leave the port open on some internal firewalls.

Learn More
What happens if I disable port 445? ›

Blocking TCP 445 will prevent file and printer sharing and also other services such as DHCP (dynamic host configuration protocol) which is frequently used for automatically obtaining an IP address from the DHCP servers used by many corporations and ISPs(Internet Service Providers) will stop functioning.

Keep Reading
Is port 445 enough for SMB? ›

SMB is a network file sharing protocol that requires an open port on a computer or server to communicate with other systems. SMB ports are generally port numbers 139 and 445.

Keep Reading
What is TCP 445 used for? ›

TCP port 445 is used for direct TCP/IP MS Networking access without the need for a NetBIOS layer. This service is only implemented in the more recent verions Windows starting with Windows 2000 and Windows XP. The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT/2K/XP.

Continue Reading

Is port 443 always open? ›

The answer is no.. To open a port, a process/application should be installed and configured to listen to port 443.. Typically if you are using a web server with https/teamviewer/skype there is possibility to see 443 port is opened..

Discover More Details
What is the difference between port 139 and 445? ›

Port 139: SMB originally ran on top of NetBIOS using port 139. NetBIOS is an older transport layer that allows Windows computers to talk to each other on the same network. Port 445: Later versions of SMB (after Windows 2000) began to use port 445 on top of a TCP stack. Using TCP allows SMB to work over the internet.

Discover More
What is port 3389 used for? ›

Remote Desktop Protocol (RDP) is a Microsoft proprietary protocol that enables remote connections to other computers, typically over TCP port 3389. It provides network access for a remote user over an encrypted channel.

View Details
What traffic uses port 445? ›

Today, port 445 is used by Microsoft Directory Services for Active Directory (AD) and for the Server Message Block (SMB) protocol over TCP/IP.

View More
Is port 445 inbound or outbound? ›

constant outbound SMB port 445( microsoft-ds) traffic.

Get More Info
Is SMB traffic TCP or UDP? ›

Summary. Windows supports file and printer-sharing traffic by using the SMB protocol directly hosted on TCP. SMB 1.0 and older CIFS traffic supported the NetBIOS over TCP (NBT) protocol supported the UDP transport, but starting in Windows Vista and Windows Server 2008 with SMB 2.0. 2, requires TCP/IP over port 445.

Get More Info Here
Does SMB uses TCP or UDP? ›

SMB relies on the TCP and IP protocols for transport. This combination potentially allows file sharing over complex, interconnected networks, including the public Internet. The SMB server component uses TCP port 445.

Find Out More
What is port 5357? ›

5357. tcp,udp. wsdapi. Used by Microsoft Network Discovery, should be filtered for public networks. Disabling Network Discovery for any public network profile should close the port unless it's being used by another potentially malicious service.

Continue Reading
What is port 514? ›

A syslog server opens port 514 and listens for incoming syslog event notifications (carried by UDP protocol packets) generated by remote syslog clients. Any number of client devices can be programmed to send syslog event messages to whatever servers they choose.

Discover More Details
What uses TCP port 12345? ›

Port 12345 is best known as the default of NetBus, a Trojan developed years ago, that allows a hacker to access data and gain control over some functions on a remote computer system. More recently, it has been associated with Trend Micro's OfficeScan anti-virus product, which also uses, or listens on, port 12345.

Read On
Top Articles
Adding a Second Email to Your Gmail Account: A Quick How-To Guide
Ripple (XRP): What It Is, History and How to Buy - SmartAsset
Zabor Funeral Home Inc
Bashas Elearning
Missed Connections Inland Empire
Craigslist Cars And Trucks For Sale By Owner Indianapolis
T Mobile Rival Crossword Clue
How to know if a financial advisor is good?
Die Windows GDI+ (Teil 1)
Soap2Day Autoplay
Magic Mike's Last Dance Showtimes Near Marcus Cedar Creek Cinema
Games Like Mythic Manor
Echat Fr Review Pc Retailer In Qatar Prestige Pc Providers – Alpha Marine Group
2 Corinthians 6 Nlt
Lancasterfire Live Incidents
How do I get into solitude sewers Restoring Order? - Gamers Wiki
Dirt Removal in Burnet, TX ~ Instant Upfront Pricing
Union Ironworkers Job Hotline
Pay Boot Barn Credit Card
Race Karts For Sale Near Me
Metro Pcs.near Me
Epguides Strange New Worlds
Ein Blutbad wie kein anderes: Evil Dead Rise ist der Horrorfilm des Jahres
Bible Gateway passage: Revelation 3 - New Living Translation
R. Kelly Net Worth 2024: The King Of R&B's Rise And Fall
Galaxy Fold 4 im Test: Kauftipp trotz Nachfolger?
Tokyo Spa Memphis Reviews
Ou Football Brainiacs
Jackass Golf Cart Gif
Mosley Lane Candles
Khatrimmaza
2012 Street Glide Blue Book Value
Cross-Border Share Swaps Made Easier Through Amendments to India’s Foreign Exchange Regulations - Transatlantic Law International
Jefferson Parish Dump Wall Blvd
Hannibal Mo Craigslist Pets
Ksu Sturgis Library
159R Bus Schedule Pdf
Sam's Club Gas Prices Deptford Nj
Clima De 10 Días Para 60120
Birmingham City Schools Clever Login
Pekin Soccer Tournament
Centimeters to Feet conversion: cm to ft calculator
Gas Buddy Il
Theatervoorstellingen in Nieuwegein, het complete aanbod.
300+ Unique Hair Salon Names 2024
Germany’s intensely private and immensely wealthy Reimann family
Publix Store 840
Roller Znen ZN50QT-E
Superecchll
Hkx File Compatibility Check Skyrim/Sse
Koniec veľkorysých plánov. Prestížna LEAF Academy mení adresu, masívny kampus nepostaví
Latest Posts
Education Loan for study in new-zealand
Go Green With Socially Responsible Investing
Article information

Author: Maia Crooks Jr

Last Updated:

Views: 5725

Rating: 4.2 / 5 (43 voted)

Reviews: 90% of readers found this page helpful

Author information

Name: Maia Crooks Jr

Birthday: 1997-09-21

Address: 93119 Joseph Street, Peggyfurt, NC 11582

Phone: +2983088926881

Job: Principal Design Liaison

Hobby: Web surfing, Skiing, role-playing games, Sketching, Polo, Sewing, Genealogy

Introduction: My name is Maia Crooks Jr, I am a homely, joyous, shiny, successful, hilarious, thoughtful, joyous person who loves writing and wants to share my knowledge and understanding with you.