Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Firewall ports

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Secure Messaging >> Firewall ports Page: [1]
Login
Message << Older Topic   Newer Topic >>
Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
Firewall ports - 14.Jul.2008 1:29:10 PM   
kizzle911

 

Posts: 70
Joined: 13.May2008
Status: offline 		I have a CAS 2007 and 2 - E2003 mailboxes.  Which ports on the firewall do I need to open in order to use OWA to access the mailboxes?

Is there anything else I need to configure to on the CAS2007?

What ports do I need to enable to use RPC over HTTP?
Post #: 1
RE: Firewall ports - 14.Jul.2008 3:02:49 PM   
Sembee

 

Posts: 3607
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline 		One port only is required for OWA and Outlook Anywhere - port 443. No other ports required.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/

(in reply to kizzle911)
Post #: 2
RE: Firewall ports - 14.Jul.2008 7:46:09 PM   
kizzle911

 

Posts: 70
Joined: 13.May2008
Status: offline 		I read somewhere that for RPC you need to enable port 5000 - 5020.  Is this true?
 
On my CAS2007, I have external host and NTLM authentication set.  The Allow secure channel (SSL) unloading is unchecked.

(in reply to Sembee)
Post #: 3
RE: Firewall ports - 14.Jul.2008 9:34:33 PM   
t0ta11ed

 

Posts: 274
Joined: 2.Feb.2007
From: Mars
Status: offline 		It amazes and frightens me that soooo many people seem to think that Outlook Anywhere requires opening RPC ports. That being said...I'll rinse and repeat...you ONLY need 443 as long as everything is configured right. This includes OWA, because if you notice..it's web-based.  

_____________________________

Invasion Plans - http://dev.marzopolis.com

(in reply to kizzle911)
Post #: 4
RE: Firewall ports - 15.Jul.2008 12:24:52 AM   
kizzle911

 

Posts: 70
Joined: 13.May2008
Status: offline 		After reading that, I just want to say that OWA works perfectly but Outlook Anywhere does not work.  Any ideas guys? 

FYI, OWA is accessed through my CAS 2007 server and my mailbox is on an E2003 server.

(in reply to t0ta11ed)
Post #: 5
RE: Firewall ports - 15.Jul.2008 6:32:19 AM   
Sembee

 

Posts: 3607
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline 		Does it work internally?
Have you configured Exchange 2003 for the feature correctly? I believe that you have to set the GUI for RPC over HTTPS to be the backend server of the topology.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/

(in reply to kizzle911)
Post #: 6
RE: Firewall ports - 15.Jul.2008 1:49:25 PM   
kizzle911

 

Posts: 70
Joined: 13.May2008
Status: offline 		Exchange over Internet has been enabled internally and Outlook does work but when I look at the connection status, for all connections is says "TCP/IP"

I believe I have configured the Exchange 2003 feature correctly, the GUI is set to RPC over HTTP to be the backend server.  Is this correct?

Do I need to disable the RCPHTTPConfigurator on the CAS2007?

< Message edited by kizzle911 -- 15.Jul.2008 2:43:40 PM >

(in reply to Sembee)
Post #: 7
RE: Firewall ports - 15.Jul.2008 3:11:06 PM   
Sembee

 

Posts: 3607
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline 		If the connections say TCP/IP then the feature isn't working. If it was working then they would say https.

This line I don't understand "Do I need to disable the RCPHTTPConfigurator on the CAS2007"

Outlook Anywhere is what the feature is called on Exchange 2007 and that needs to be enabled on the CAS role.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/

(in reply to kizzle911)
Post #: 8
RE: Firewall ports - 15.Jul.2008 5:02:08 PM   
kizzle911

 

Posts: 70
Joined: 13.May2008
Status: offline 		The line  "Do I need to disable the RCPHTTPConfigurator on the CAS2007"  is from the bottom of this site:  http://technet.microsoft.com/en-us/library/aa996922(EXCHG.80).aspx

Outlook Anywhere on the CAS is enabled.  RPC service is started.  External host name (webmail.company.com) is working using OWA.  Could it be authentication? 

(in reply to Sembee)
Post #: 9
RE: Firewall ports - 15.Jul.2008 5:08:01 PM   
Elan Shudnow

 

Posts: 579
Joined: 4.Jan.2007
From: Chicago, IL
Status: offline 		Here is the document on Exchange port requirements:
http://technet.microsoft.com/en-us/library/bb331973(EXCHG.80).aspx

_____________________________

Elan Shudnow
http://www.shudnow.net

(in reply to Sembee)
Post #: 10
RE: Firewall ports - 15.Jul.2008 5:36:09 PM   
Sembee

 

Posts: 3607
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
quote:

ORIGINAL: kizzle911

The line  "Do I need to disable the RCPHTTPConfigurator on the CAS2007"  is from the bottom of this site:  http://technet.microsoft.com/en-us/library/aa996922(EXCHG.80).aspx



If you read that article it states that you only have to make that change if you are deploying Exchange 2003 without Service Pack 1. Anyone doing that would have to have a very good reason not to be using any of the service packs for Exchange 2003.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/

(in reply to kizzle911)
Post #: 11
RE: Firewall ports - 15.Jul.2008 5:51:14 PM   
kizzle911

 

Posts: 70
Joined: 13.May2008
Status: offline 		My mistake, I totally ignored that part of it.  I was checking out your website and decided to try something.

So I try to access https://webmail.company.com/rpc , it prompted with a dialog with the username and password boxes.  I entered my credentials and I was unable to login.  I get Error: Access is Denied.  Any ideas?

(in reply to Sembee)
Post #: 12
RE: Firewall ports - 16.Jul.2008 4:37:52 AM   
Sembee

 

Posts: 3607
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
quote:

ORIGINAL: kizzle911
So I try to access https://webmail.company.com/rpc , it prompted with a dialog with the username and password boxes.  I entered my credentials and I was unable to login.  I get Error: Access is Denied.  Any ideas?


That is the expected behaviour. The test to the /rpc virtual directory is to confirm SSL acceptance. If you get an SSL prompt then the feature will not work as Outlook cannot cope with SSL prompts.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/

(in reply to kizzle911)
Post #: 13
RE: Firewall ports - 16.Jul.2008 12:49:35 PM   
kizzle911

 

Posts: 70
Joined: 13.May2008
Status: offline 		Therefore should I uncheck the require SSL in IIS on the CAS2007?

(in reply to Sembee)
Post #: 14
RE: Firewall ports - 16.Jul.2008 1:24:20 PM   
Sembee

 

Posts: 3607
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
quote:

ORIGINAL: kizzle911

Therefore should I uncheck the require SSL in IIS on the CAS2007?


That setting is completely immaterial to whether the feature works or not. You cannot turn off/turn on SSL in IIS - which is what some people think the require SSL option does. All that setting does is force the setting to be secure. As RPC over HTTPS is designed to work over port 443/ssl having that setting on or off is not going to make any difference.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/

(in reply to kizzle911)
Post #: 15
RE: Firewall ports - 16.Jul.2008 1:28:05 PM   
kizzle911

 

Posts: 70
Joined: 13.May2008
Status: offline 		I am running out of options here.  Is there anything else I can check for???

(in reply to Sembee)
Post #: 16
RE: Firewall ports - 16.Jul.2008 3:11:10 PM   
Sembee

 

Posts: 3607
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline 		I have nothing further to suggest other than call Microsoft. You seemed to have done everything that is required on the surface. They can do the one thing that we cannot, and that is look at the software involved. You may well have overlooked something or failed to mention something that you don't think is relevant or do not even know about.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/

(in reply to kizzle911)
Post #: 17
RE: Firewall ports - 16.Jul.2008 3:13:17 PM   
kizzle911

 

Posts: 70
Joined: 13.May2008
Status: offline 		I have a feeling I may have left out something.  Thanks for your help.

(in reply to Sembee)
Post #: 18

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Secure Messaging >> Firewall ports Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts