This article discusses the essential network ports, protocols and services that are used by Microsoft client and server operating systems, server-based programs and their subcomponents in the Microsoft Windows server system. Administrators and support professionals may use this Microsoft Knowledge Base article as a road-map to determine what ports and protocols Microsoft operating systems and programs require for network connectivity in a segmented network. The port information in this article should not be used to configure Windows Firewall. For information about configuring Windows Firewall, visit the following Microsoft Web sites: http://technet2.microsoft.com/windowsserver/en/library/6490c9fc-6c06- 4304-b61c-5577af1445d01033.mspx http://technet.microsoft.com/en-us/network/bb545423.aspx The Windows server system includes a comprehensive and integrated infrastructure that is designed to meet the requirements of developers and of information technology (IT) professionals. This system is designed to run programs and solutions that information workers can use to obtain, to analyze, and to share information quickly and easily. These Microsoft client, server and server program products use a variety of network ports and protocols to communicate with client systems and with other server systems over the network. Dedicated firewalls, host- based firewalls, and Internet Protocol security (IPsec) filters are other important components that are required to help secure your network. However, if these technologies are configured to block ports and protocols that are used by a specific server, that server will no longer respond to client requests. Back to the top Overview The following list provides an overview of the information that this article contains: The "System services ports" section of this article contains a brief description of each service, displays the logical name of that service, and indicates the ports and protocols that each
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
This article discusses the essential network ports, protocols and services that are
used by Microsoft client and server operating systems, server-based programs and
their subcomponents in the Microsoft Windows server system. Administrators and
support professionals may use this Microsoft Knowledge Base article as a road-map
to determine what ports and protocols Microsoft operating systems and programs
require for network connectivity in a segmented network.
The port information in this article should not be used to configure Windows Firewall.
For information about configuring Windows Firewall, visit the following Microsoft Web
¹ For more information about how to customize this port, see the "Domain controllers
and Active Directory" section in the "References" section.
² This is the range in Windows Server 2008 and in Windows Vista.
Application Layer Gateway Service
This subcomponent of the Internet Connection Sharing (ICS)/Internet Connection
Firewall (ICF) service provides support for plug-ins that allow network protocols to
pass through the firewall and work behind Internet Connection Sharing. Application
Layer Gateway (ALG) plug-ins can open ports and change data (such as ports and IP
addresses) that are embedded in packets. File Transfer Protocol (FTP) is the only
network protocol with a plug-in that is included with Windows Server 2003, Standard
Edition, and Windows Server 2003, Enterprise Edition. The ALG FTP plug–in is
designed to support active FTP sessions through the network address translation
(NAT) engine that these components use. The ALG FTP plug–in supports these
sessions by redirecting all traffic that passes through the NAT and that is destined for
port 21 to a private listening port in the range of 3000 to 5000 on the loopback
adapter. The ALG FTP plug–in then monitors and updates FTP control channel traffic
so that the FTP plug-in can forward port mappings through the NAT for the FTP data
channels. The FTP plug–in also updates ports in the FTP control channel stream.
System service name: ALG
Application protocol
Protocol Ports
FTP control TCP 21
ASP.NET State Service
ASP.NET State Service provides support for ASP.NET out-of-process session states.
ASP.NET State Service stores session data out-of-process. The service uses sockets to
communicate with ASP.NET that is running on a Web server.
System service name: aspnet_state
Application protocol Protocol Ports
ASP.NET Session State TCP 42424
Certificate Services
Certificate Services is part of the core operating system. By using Certificate
Services, a business can act as its own certification authority (CA). In this way, the
business can issue and manage digital certificates for programs and protocols such
as Secure/Multipurpose Internet Mail Extensions (S/MIME), Secure Sockets Layer
(SSL), Encrypting File System (EFS), IPsec, and smart card logon. Certificate Services
relies on RPC and on DCOM to communicate with clients by using random TCP ports
that are higher than port 1024.
System service name: CertSvc
Application protocol Protocol Ports
RPC TCP 135
Randomly allocated high TCP ports¹
TCP random port number between 1024 - 65535random port number between 49152 - 65535²
¹ For more information about how to customize this port, see the "Remote Procedure
Calls and DCOM" section in the "References" section.
² This is the range in Windows Server 2008 and in Windows Vista.
Cluster Service
The Cluster service controls server cluster operations and manages the cluster
database. A cluster is a collection of independent computers that act as a single
computer. Managers, programmers, and users see the cluster as a single system. The
software distributes data among the nodes of the cluster. If a node fails, other nodes
provide the services and data that was formerly provided by the missing node. When
a node is added or repaired, the cluster software migrates some data to that node.
System service name: ClusSvc
Application protocol Protocol Ports
Cluster Services UDP 3343
RPC TCP 135
Cluster Administrator UDP 137
Randomly allocated high UDP ports¹
UDP random port number between 1024 - 65535random port number between 49152 - 65535²
¹ For more information about how to customize this port, see the "Remote Procedure
Calls and DCOM" section in the "References" section.
² This is the range in Windows Server 2008 and in Windows Vista
Computer Browser
The Computer Browser system service maintains an up-to-date list of computers
on your network and supplies the list to programs that request it. The Computer
Browser service is used by Windows-based computers to view network domains and
resources. Computers that are designated as browsers maintain browse lists that
contain all shared resources that are used on the network. Earlier versions of
Windows programs, such as My Network Places, the net view command, and
Windows Explorer, all require browsing capability. For example, when you open My
Network Places on a computer that is running Microsoft Windows 95, a list of domains
and computers appears. To display this list, the computer obtains a copy of the
browse list from a computer that is designated as a browser.
System service name: Browser
Application protocol Protocol Ports
NetBIOS Datagram Service UDP 138
NetBIOS Name Resolution UDP 137
NetBIOS Session Service TCP 139
DHCP Server
The DHCP Server service uses the Dynamic Host Configuration Protocol (DHCP) to
automatically allocate IP addresses. By using this service, you can adjust the
advanced network settings of DHCP clients. For example, you can configure network
settings such as Domain Name System (DNS) servers and Windows Internet Name
Service (WINS) servers. You can establish one or more DHCP servers to maintain
TCP/IP configuration information and to provide that information to client computers.
System service name: DHCPServer
Application protocol
Protocol Ports
DHCP Server UDP 67
MADCAP UDP 2535
Distributed File System
The Distributed File System (DFS) integrates disparate file shares that are located
across a local area network (LAN) or wide area network (WAN) into a single logical
namespace. The DFS service is required for Active Directory domain controllers to
advertise the SYSVOL shared folder.
System service name: Dfs
Application protocol Protocol Ports
NetBIOS Datagram Service UDP 138
NetBIOS Session Service TCP 139
LDAP Server TCP 389
LDAP Server UDP 389
SMB TCP 445
RPC TCP 135
Randomly allocated high TCP ports¹
TCP random port number between 1024 - 65535random port number between 49152 - 65535²
¹ For more information about how to customize this port, see the "Remote Procedure
Calls and DCOM" section in the "References" section.
² This is the range in Windows Server 2008 and in Windows Vista
Distributed File System Replication
The Distributed File System Replication (DFSR) service is a state-based, multi-
master file replication engine that automatically copies updates to files and folders
between computers that are participating in a common replication group. DFSR was
added in Windows Server 2003 R2. You can configure DFSR by using the Dfsrdiag.exe
command-line tool to replicate files on specific ports, regardless of whether they are
participating in Distributed File System Namespaces (DFSN) or not.
System service name: DFSR
Application protocol Protocol Ports
RPC TCP 135
RPC TCP 5722³
Randomly allocated high TCP ports¹
TCP random port number between 1024 - 65535random port number between 49152 - 65535²
¹ For more information about how to customize this port, see the "Distributed File
Replication Service" section in the "References" section.
² This is the range in Windows Server 2008 and in Windows Vista
³ Port 5722 is only used on 2008 domain controller or 2008R2 domain controller.
Distributed Link Tracking Server
The Distributed Link Tracking Server system service stores information so that
files that are moved between volumes can be tracked to each volume in the domain.
The Distributed Link Tracking Server service runs on each domain controller in a
domain. This service enables the Distributed Link Tracking Client service to track
linked documents that have been moved to a location in another NTFS file system
volume in the same domain.
System service name: TrkSvr
Application protocol Protocol Ports
RPC TCP 135
Randomly allocated high TCP ports¹
TCP random port number between 1024 - 65535random port number between 49152 - 65535²
¹ For more information about how to customize this port, see the "Remote Procedure
Calls and DCOM" section in the "References" section.
² This is the range in Windows Server 2008 and in Windows Vista
Distributed Transaction Coordinator
The Distributed Transaction Coordinator (DTC) system service is responsible for
coordinating transactions that are distributed across multiple computer systems and
resource managers, such as databases, message queues, file systems, or other
transaction-protected resource managers. The DTC system service is required if
transactional components are configured through COM+. It is also required for
transactional queues in Message Queuing (also known as MSMQ) and SQL Server
operations that span multiple systems.
System service name: MSDTC
Application protocol Protocol Ports
RPC TCP 135
Randomly allocated high TCP TCP random port number between 1024 -
ports¹ 65535random port number between 49152 - 65535²
¹ For more information about how to customize this port, see the "Distributed
Transaction Coordinator" section in the "References" section.
² This is the range in Windows Server 2008 and in Windows Vista
DNS Server
The DNS Server service enables DNS name resolution by answering queries and
update requests for DNS names. DNS servers are required to locate devices and
services that are identified by using DNS names and to locate domain controllers in
Active Directory.
System service name: DNS
Application protocol
Protocol Ports
DNS UDP 53
DNS TCP 53
Event Log
The Event Log system service logs event messages that are generated by
programs and by the Windows operating system. Event Log reports contain
information that can be useful in diagnosing problems. Reports are viewed in Event
Viewer. The Event Log service writes events that are sent by programs, by services,
and by the operating system to log files. The events contain diagnostic information in
addition to errors that are specific to the source program, the service, or the
component. The logs can be viewed programmatically through the event log APIs or
through the Event Viewer in an MMC snap-in.
System service name: Eventlog
Application protocol Protocol Ports
RPC/named pipes (NP) TCP 139
RPC/NP TCP 445
RPC/NP UDP 137
RPC/NP UDP 138
Note The Event Log service uses RPC over named pipes. This service has the same firewall requirements as those of the "File and Printer Sharing" feature.
Microsoft Exchange Server and Outlook clients
Versions of Microsoft Exchange Server and Exchange clients have various port and
protocol requirements. These requirements depend upon which version of Exchange
Server or Exchange client is in use.
For Outlook clients to connect to versions of Exchange prior to Exchange 2003, direct
RPC connectivity to the Exchange server is required. RPC connections made from
Outlook to the Exchange server will first contact the RPC endpoint mapper (Port TCP
135) to request information on the port mappings of the various endpoints required.
The Outlook client then tries to make connections to the Exchange server directly by
using these endpoint ports.
Exchange 5.5 uses two ports for client communication. One port is for the Information
Store, and one port is for the Directory. Exchange 2000 and 2003 use three ports for
client communication. One port is for the Information Store, one is for Directory
Referral (RFR), and one port is for DSProxy/NSPI.
In most cases, these two or three ports will be mapped randomly into the range TCP
1024-65535. If required, these ports can be configured to always bind to a static port
mapping rather than to use the ephemeral ports.
For more information about how to configure static TCP/IP ports in Exchange Server,
click the following article number to view the article in the Microsoft Knowledge Base:
270836 Exchange Server static port mappings
Outlook 2003 clients support direct connectivity to Exchange servers by using RPC.
However, these clients can also communicate with Exchange 2003 servers that are
hosted on Windows Server 2003-based computers on the Internet. The use of RPC
over HTTP communication between Outlook and Exchange server eliminates the
need to expose unauthenticated RPC traffic across the Internet. Instead, traffic
between the Outlook 2003 client and the Exchange Server 2003 computer is
tunneled within HTTPS packets over TCP port 443 (HTTPS).
RPC over HTTPS requires that port TCP 443 (HTTPS) be available between the Outlook
2003 client and the server that is functioning as the "RPCProxy" device. The HTTPS
RPC TCP 135, random port number between 1024 - 65535*
¹ For more information about how to customize this port, see the "Domain controllers
and Active Directory" section in the "References" section.
² This is the range in Windows Server 2008 and in Windows Vista.
HTTP SSL
The HTTP SSL system service enables IIS to perform SSL functions. SSL is an open
standard for establishing an encrypted communications channel to help prevent the
interception of critical information, such as credit card numbers. Although this service
is designed to work on other Internet services, it is primarily used to enable
encrypted electronic financial transactions on the World Wide Web (WWW). You can
configure the ports for this service through the Internet Information Services (IIS)
Manager snap-in.
System service name: HTTPFilter
Application protocol
Protocol Ports
HTTPS TCP 443
Internet Authentication Service
Internet Authentication Service (IAS) performs centralized authentication,
authorization, auditing, and accounting of users who are connecting to a network.
These users can be on a LAN connection or on a remote connection. IAS implements
the Internet Engineering Task Force (IETF) standard Remote Authentication Dial-In
User Service (RADIUS) protocol.
System service name: IAS
Application protocol Protocol Ports
Legacy RADIUS UDP 1645
Legacy RADIUS UDP 1646
RADIUS Accounting UDP 1813
RADIUS Authentication UDP 1812
Internet Connection Firewall (ICF)/Internet Connection Sharing (ICS)
This system service provides NAT, addressing, and name resolution services for all
computers on your home network or your small-office network. When the Internet
Connection Sharing feature is enabled, your computer becomes an "Internet
gateway" on the network, and other client computers can then share one connection
to the Internet, such as a dial-up connection or a broadband connection. This service
provides basic DHCP and DNS services but will work with the full-featured Windows
DHCP or DNS services. When ICF and Internet Connection Sharing act as a gateway
for the rest of the computers on your network, they provide DHCP and DNS services
to the private network on the internal network interface. They do not provide these
services on the external-facing interface.
System service name: SharedAccess
Application protocol
Protocol Ports
DHCP Server UDP 67
DNS UDP 53
DNS TCP 53
Kerberos Key Distribution Center
When you use the Kerberos Key Distribution Center (KDC) system service, users
can log on to the network by using the Kerberos version 5 authentication protocol. As
in other implementations of the Kerberos protocol, the KDC is a single process that
provides two services: the Authentication Service and the Ticket-Granting Service.
The Authentication Service issues ticket granting tickets, and the Ticket-Granting
Service issues tickets for connection to computers in its own domain.
System service name: kdc
Application protocol
Protocol Ports
Kerberos TCP 88
Kerberos UDP 88
Kerberos Password V5 UDP 464
Kerberos Password V5 TCP 464
DC Locator UDP 389
License Logging
The License Logging system service is a tool that was originally designed to help
customers manage licenses for Microsoft server products that are licensed in the
Server Client Access License (CAL) model. License Logging was introduced with
Microsoft Windows NT Server 3.51. By default, the License Logging service is disabled
in Windows Server 2003. Because of legacy design constraints and evolving license
terms and conditions, License Logging may not provide an accurate view of the total
number of CALs that are purchased compared to the total number of CALs that are
used on a particular server or across the enterprise. The CALs that are reported by
License Logging may conflict with the interpretation of the End-User License
Agreement (EULA) and with Product Use Rights (PUR). License Logging will not be
included in future versions of the Windows operating system. Microsoft recommends
that only users of the Microsoft Small Business Server family of operating systems
enable this service on their servers.
System service name: LicenseService
Application protocol Protocol Ports
NetBIOS Datagram Service UDP 138
NetBIOS Session Service TCP 139
SMB TCP 445
Note The License Logging service uses RPC over named pipes. This service has the
same firewall requirements as those of the "File and Printer Sharing" feature.
Message Queuing
The Message Queuing system service is a messaging infrastructure and
development tool for creating distributed messaging programs for Windows. These
programs can communicate across heterogeneous networks and can send messages
between computers that may be temporarily unable to connect to each other.
Message Queuing helps provide security, efficient routing, support for sending
messages within transactions, priority-based messaging, and guaranteed message
delivery.
System service name: MSMQ
Application protocol
Protocol Ports
MSMQ TCP 1801
MSMQ UDP 1801
MSMQ-DCs TCP 2101
MSMQ-Mgmt TCP 2107
MSMQ-Ping UDP 3527
MSMQ-RPC TCP 2105
MSMQ-RPC TCP 2103
RPC TCP 135
Messenger
The Messenger system service sends messages to or receives messages from
users and computers, administrators, and the Alerter service. This service is not
related to Windows Messenger. If you disable the Messenger service, notifications
that are sent to computers or users who are currently logged on the network are not
received. Additionally, the net send command and the net name command no
longer function.
System service name: Messenger
Application protocol Protocol Ports
NetBIOS Datagram Service UDP 138
Microsoft Exchange MTA Stacks
In Microsoft Exchange 2000 Server and Microsoft Exchange Server 2003, the
Message Transfer Agent (MTA) is frequently used to provide backward-compatible
message transfer services between Exchange 2000 Server-based servers and
Exchange Server 5.5-based servers in a mixed-mode environment.
System service name: MSExchangeMTA
Application protocol
Protocol Ports
X.400 TCP 102
Microsoft Operations Manager 2000
Microsoft Operations Manager (MOM) 2000 delivers enterprise-class operations
management by providing comprehensive event management, proactive monitoring
and alerting, reporting, and trend analysis. After you install MOM 2000 Service Pack 1
(SP1), MOM 2000 no longer uses a clear text communications channel, and all traffic
between the MOM agent and the MOM server is encrypted over TCP port 1270. The
MOM Administrator console uses DCOM to connect to the server. This means that
administrators who manage the MOM server over the network must have access to
random high TCP ports.
System service name: one point
Application protocol
Protocol Ports
MOM-Clear TCP 51515
MOM-Encrypted TCP 1270
Microsoft POP3 Service
Microsoft POP3 Service provides e-mail transfer and retrieval services.
Administrators can use this service to store and manage e-mail accounts on the mail
server. When you install Microsoft POP3 Service on the mail server, users can
connect to the mail server and can retrieve e-mail by using an e-mail client that
supports the POP3 protocol, such as Microsoft Outlook.
System service name: POP3SVC
Application protocol
Protocol Ports
POP3 TCP 110
MSSQLSERVER
MSSQLSERVER is a system service in Microsoft SQL Server 2000. SQL Server
provides a powerful and comprehensive data management platform. You can
configure the ports that each instance of SQL Server uses by using the Server
Network Utility.
System service name: MSSQLSERVER
Application protocol
Protocol Ports
SQL over TCP TCP 1433
SQL Probe UDP 1434
MSSQL$UDDI
The MSSQL$UDDI system service is installed during the installation of the
Universal Description, Discovery, and Integration (UDDI) feature of the Windows
Server 2003 family of operating systems. MSSQL$UDDI provides UDDI capabilities in
an enterprise. The SQL Server database engine is the core component of
MSSQL$UDDI.
System service name: MSSQLSERVER
Application protocol
Protocol Ports
SQL over TCP TCP 1433
SQL Probe UDP 1434
Net Logon
The Net Logon system service maintains a security channel between your
computer and the domain controller to authenticate users and services. It passes the
user's credentials to a domain controller and returns the domain security identifiers
and the user rights for the user. This is typically referred to as pass-through
authentication. Net Logon is configured to start automatically only when a member
computer or domain controller is joined to a domain. In the Windows 2000 Server and
Windows Server 2003 families, Net Logon publishes service resource locator records
in the DNS. When this service runs, it relies on the WORKSTATION service and on the
Local Security Authority service to listen for incoming requests. On domain member
computers, Net Logon uses RPC over named pipes. On domain controllers, it uses
RPC over named pipes, RPC over TCP/IP, mailslots, and Lightweight Directory Access
Protocol (LDAP).
System service name: Netlogon
Application protocol Protocol Ports
NetBIOS Datagram Service
UDP 138
NetBIOS Name Resolution UDP 137
NetBIOS Session Service TCP 139
SMB TCP 445
LDAP UDP 389
RPC¹ TCP 135, random port number between 1024 - 65535135, random port number between 49152 -
65535²
¹ For more information about how to customize this port, see the "Domain controllers
and Active Directory" section in the "References" section.
² This is the range in Windows Server 2008 and in Windows Vista.
Note The Net Logon service uses RPC over named pipes for down-level clients. This
service has the same firewall requirements as those of the "File and Printer Sharing"
feature.
NetMeeting Remote Desktop Sharing
The NetMeeting Remote Desktop Sharing system service allows authorized users
to remotely access your Windows desktop from another personal computer over a
corporate intranet by using Windows NetMeeting. You must explicitly enable this
service in NetMeeting. You can disable or shut down this feature by using an icon in
the Windows notification area.
System service name: mnmsrvc
Application protocol
Protocol Ports
Terminal Services TCP 3389
Network News Transfer Protocol (NNTP)
The Network News Transfer Protocol (NNTP) system service allows computers that
are running Windows Server 2003 to act as news servers. Clients can use a news
client, such as Microsoft Outlook Express, to retrieve newsgroups from the server and
to read the headers or the bodies of the articles in each newsgroup.
System service name: NNTPSVC
Application protocol
Protocol Ports
NNTP TCP 119
NNTP over SSL TCP 563
Performance Logs and Alerts
The Performance Logs and Alerts system service collects, based on preconfigured
schedule parameters, performance data from local or remote computers and then
writes that data to a log or triggers a message. Based on the information that is
contained in the named log collection setting, the Performance Logs and Alerts
service starts and stops each named performance data collection. This service only
runs if at least one performance data collection is scheduled.
System service name: SysmonLog
Application protocol Protocol Ports
NetBIOS Session Service TCP 139
Print Spooler
The Print Spooler system service manages all local and network print queues and
controls all print jobs. Print Spooler is the center of the Windows printing subsystem.
It manages the print queues on the system and communicates with printer drivers
and input/output (I/O) components, such as the USB port and the TCP/IP protocol
suite.
System service name: Spooler
Application protocol Protocol Ports
NetBIOS Datagram Service UDP 138
NetBIOS Name Resolution UDP 137
NetBIOS Session Service TCP 139
SMB TCP 445
Note The Spooler service uses RPC over named pipes. This service has the same
firewall requirements as those of the "File and Printer Sharing" feature.
Remote Installation
You can use the Remote Installation system service to install Windows 2000,
Windows XP, and Windows Server 2003 on Pre-Boot eXecution Environment (PXE)
remote boot-enabled client computers. The Boot Information Negotiation Layer (BINL)
service, the primary component of Remote Installation Server (RIS), answers PXE
client requests, checks Active Directory for client validation, and passes client
information to and from the server. The BINL service is installed when you either add
the RIS component from Add/Remove Windows Components, or select it when you
initially install the operating system.
System service name: BINLSVC
Application protocol
Protocol Ports
BINL UDP 4011
Remote Procedure Call (RPC)
The Remote Procedure Call (RPC) system service is an interprocess
communication (IPC) mechanism that enables data exchange and invocation of
functionality that reside in a different process. The different process can be on the
same computer, on the LAN, or in a remote location, and can be accessed over a
WAN connection or over a VPN connection. The RPC service serves as the RPC
endpoint mapper and Component Object Model (COM) Service Control Manager.
Many services depend on the RPC service to start successfully.
System service name: RpcSs
Application protocol Protocol Ports
RPC TCP 135
RPC over HTTPS TCP 593
NetBIOS Datagram Service UDP 138
NetBIOS Name Resolution UDP 137
NetBIOS Session Service TCP 139
SMB TCP 445
Note The RPC Endpoint Mapper also offers its services by using named pipes. This
service has the same firewall requirements as those of the "File and Printer Sharing"
feature.
Remote Procedure Call (RPC) Locator
The Remote Procedure Call (RPC) Locator system service manages the RPC name
service database. When this service is turned on, RPC clients can locate RPC servers.
This service is turned off by default.
System service name: RpcLocator
Application protocol Protocol Ports
NetBIOS Datagram Service UDP 138
NetBIOS Name Resolution UDP 137
NetBIOS Session Service TCP 139
SMB TCP 445
Note The RPC service Locator offers its services by using RPC over named pipes. This
service has the same firewall requirements as those of the "File and Printer Sharing"
feature.
Remote Storage Notification
The Remote Storage Notification system service notifies users when they read
from or write to files that are only available from a secondary storage media.
Stopping this service prevents this notification.
System service name: Remote_Storage_User_Link
Application protocol Protocol Ports
RPC TCP 135
Randomly allocated high TCP ports¹
TCP random port number between 1024 - 65535random port number between 49152 - 65535²
¹ For more information about how to customize this port, see the "Remote Procedure
Calls and DCOM" section in the "References" section.
² This is the range in Windows Server 2008 and in Windows Vista.
Remote Storage Server
The Remote Storage Server system service stores infrequently used files on a
secondary storage medium. If you stop this service, users cannot move or retrieve
files from the secondary storage media.
System service name: Remote_Storage_Server
Application protocol Protocol Ports
RPC TCP 135
Randomly allocated high TCP ports¹
TCP random port number between 1024 - 65535random port number between 49152 - 65535²
¹ For more information about how to customize this port, see the "Remote Procedure Calls and DCOM" section in the "References" section.² This is the range in Windows Server 2008 and in Windows Vista.
Routing and Remote Access
The Routing and Remote Access service provides multiprotocol LAN-to-LAN, LAN-
to-WAN, VPN, and NAT routing services. Additionally, the Routing and Remote Access
service also provides dial-up and VPN remote access services. Although Routing and
Remote Access can use all the following protocols, the service typically uses only a
subset of them. For example, if you configure a VPN gateway that lies behind a
filtering router, you will probably use only one technology. If you use L2TP with IPsec,
you must allow IPsec ESP (IP protocol 50), NAT-T (UDP on port 4500), and IPsec
ISAKMP (UDP on port 500) through the router.
Note Although NAT-T and IPsec ISAKMP are required for L2TP, these ports are
actually monitored by the Local Security Authority. For additional information about
this, see the "References" section of this article.
System service name: RemoteAccess
Application protocol Protocol Ports
GRE (IP protocol 47) GRE n/a
IPsec AH (IP protocol 51) AH n/a
IPsec ESP (IP protocol 50) ESP n/a
L2TP UDP 1701
PPTP TCP 1723
Server
The Server system service provides RPC support and file, print, and named pipe
sharing over the network. The Server service allows the sharing of local resources,
such as disks and printers, so that other users on the network can access them. It
also allows named pipe communication between programs that are running on the
local computer and on other computers. Named pipe communication is memory that
is reserved for the output of one process to be used as input for another process. The
input-accepting process does not have to be local to the computer.
Note If a computer name resolves to multiple IP addresses using WINS, or if WINS
failed and the name is resolved using DNS, NetBIOS over TCP/IP (NetBT) will try to
ping the IP address or addresses of the file server. Port 139 communications depend
on Internet Control Message Protocol (ICMP) echo messages. If Internet Protocol
version 6 (IPv6) is not installed, port 445 communications will also depend on ICMP
for name resolution. Preloaded Lmhosts entries will bypass the DNS resolver. If IPv6
is installed on Windows Server 2003-based or Windows XP-based systems, port 445
communications will not trigger any ICMP requests.
System service name: lanmanserver
Application protocol Protocol Ports
NetBIOS Datagram Service UDP 138
NetBIOS Name Resolution UDP 137
NetBIOS Session Service TCP 139
SMB TCP 445
SharePoint Portal Server
With the SharePoint Portal Server system service, you can develop an intelligent
portal that seamlessly connects users, teams, and knowledge so that people can take
advantage of relevant information across business processes. Microsoft SharePoint
Portal Server 2003 provides an enterprise business solution that integrates
information from various systems into one solution through single sign-on and
enterprise application integration capabilities.
Application protocol
Protocol Ports
HTTP TCP 80
HTTPS TCP 443
Simple Mail Transfer Protocol (SMTP)
The Simple Mail Transfer Protocol (SMTP) system service is an e-mail submission
and relay agent. It accepts and queues e-mail for remote destinations, and it retries
at specified intervals. Windows domain controllers use the SMTP service for intersite
e-mail-based replication. The Collaboration Data Objects (CDO) for the Windows
Server 2003 COM component can use the SMTP service to submit and to queue
outbound e-mail.
System service name: SMTPSVC
Application protocol
Protocol Ports
SMTP TCP 25
Simple TCP/IP Services
Simple TCP/IP Services implements support for the following protocols:
Echo, port 7, RFC 862
Discard, port 9, RFC 863
Character Generator, port 19, RFC 864
Daytime, port 13, RFC 867
Quote of the Day, port 17, RFC 865
System service name: SimpTcp
Application protocol
Protocol Ports
Chargen TCP 19
Chargen UDP 19
Daytime TCP 13
Daytime UDP 13
Discard TCP 9
Discard UDP 9
Echo TCP 7
Echo UDP 7
Quotd TCP 17
Quoted UDP 17
SMS Remote Control Agent
SMS Remote Control Agent is a system service in Microsoft Systems Management
Server (SMS) 2003. SMS Remote Control Agent provides a comprehensive solution for
change and for configuration management for the Microsoft operating systems. With
this solution, organizations can provide relevant software and updates to users.
System service name: Wuser32
Application protocol Protocol Ports
SMS Remote Chat TCP 2703
SMS Remote Chat UDP 2703
SMS Remote Control (control) TCP 2701
SMS Remote Control (control) UDP 2701
SMS Remote Control (data) TCP 2702
SMS Remote Control (data) UDP 2702
SMS Remote File Transfer TCP 2704
SMS Remote File Transfer UDP 2704
SNMP Service
SNMP Service allows incoming Simple Network Management Protocol (SNMP)
requests to be serviced by the local computer. SNMP Service includes agents that
monitor activity in network devices and report to the network console workstation.
SNMP Service provides a method of managing network hosts (such as workstation or
server computers, routers, bridges, and hubs) from a centrally-located computer that
is running network management software. SNMP performs management services by
using a distributed architecture of management systems and agents.
System service name: SNMP
Application protocol
Protocol Ports
SNMP UDP 161
SNMP Trap Service
SNMP Trap Service receives trap messages that are generated by local or by
remote SNMP agents and then forwards those messages to SNMP management
programs that are running on your computer. SNMP Trap Service, when configured
for an agent, generates trap messages if any specific events occur. These messages
are sent to a trap destination. For example, an agent can be configured to initiate an
authentication trap if an unrecognized management system sends a request for
information. Trap destinations include the computer name, the IP address, or the
Internetwork Packet Exchange (IPX) address of the management system. The trap
destination must be a network-enabled host that is running SNMP management
software.
System service name: SNMPTRAP
Application protocol Protocol Ports
SNMP Traps Outbound UDP 162
SQL Analysis Server
The SQL Analysis Server system service is a component of SQL Server 2000. With
SQL Analysis Server, you can create and manage OLAP cubes and data mining
models. The analysis server may access local or remote data sources for creating and
storing cubes or data mining models.
Application protocol
Protocol Ports
SQL Analysis Services TCP 2725
SQL Server: Downlevel OLAP Client Support
This system service is used by SQL Server 2000 when the SQL Analysis Server
service has to support connections from downlevel (OLAP Services 7.0) clients. These
are the default ports for OLAP services that are used by SQL 7.0.
Application protocol
Protocol Ports
OLAP Services 7.0 TCP 2393
OLAP Services 7.0 TCP 2394
SSDP Discovery Service
SSDP Discovery Service implements Simple Service Discovery Protocol (SSDP) as a
Windows service. SSDP Discovery Service manages receipt of device presence
announcements, updates its cache, and passes these notifications along to clients
with outstanding search requests. SSDP Discovery Service also accepts registration
of event callbacks from clients, turns these into subscription requests, and monitors
for event notifications. It then passes these requests along to the registered
callbacks. This system service also provides hosted devices with periodic
announcements. Currently, the SSDP event notification service uses TCP port 5000.
Starting with the next Windows XP service pack, it will rely on TCP port 2869.
Note At the time of this writing, the current Windows XP service pack level is
Windows XP Service Pack 1 (SP1).
System service name: SSDPRSR
Application protocol Protocol Ports
SSDP UDP 1900
SSDP event notification TCP 2869
SSDP legacy event notification TCP 5000
Systems Management Server 2.0
Microsoft Systems Management Server (SMS) 2003 provides a comprehensive
solution for change and configuration management for Microsoft operating systems.
With this solution, organizations can provide relevant software and updates to users
quickly and cost-effectively.
Application protocol Protocol Ports
NetBIOS Datagram Service UDP 138
NetBIOS Name Resolution UDP 137
NetBIOS Session Service TCP 139
RPC TCP 135
SMB TCP 445
Randomly allocated high TCP ports¹
TCP random port number between 1024 - 65535random port number between 49152 - 65535²
¹ For more information about how to customize this port, see the "Remote Procedure
Calls and DCOM" section in the "References" section.
² This is the range in Windows Server 2008 and in Windows Vista.
TCP/IP Print Server
The TCP/IP Print Server system service enables TCP/IP–based printing by using the
Line Printer Daemon (LPD) protocol. The LPD service on the server receives
documents from Line Printer Remote (LPR) utilities that are running on UNIX
computers.
System service name: LPDSVC
Application protocol
Protocol Ports
LPD TCP 515
Telnet
The Telnet system service for Windows provides ASCII terminal sessions to Telnet
clients. A Telnet server supports two types of authentication and supports the
following four types of terminals:
American National Standards Institute (ANSI)
VT-100
VT-52
VTNT
System service name: TlntSvr
Application protocol
Protocol Ports
Telnet TCP 23
Terminal Services
Terminal Services provides a multi-session environment that allows client devices
to access a virtual Windows desktop session and Windows-based programs that are
running on the server. Terminal Services allows multiple users to be connected
interactively to a computer.
System service name: TermService
Application protocol
Protocol Ports
Terminal Services TCP 3389
Terminal Services Licensing
The Terminal Services Licensing system service installs a license server and
provides licenses to registered clients when the clients connect to a terminal server
(a server that has Terminal Server enabled). Terminal Services Licensing is a low-
impact service that stores the client licenses that have been issued for a terminal
server, and then tracks the licenses that have been issued to client computers or
terminals.
System service name: TermServLicensing
Application protocol Protocol Ports
RPC TCP 135
Randomly allocated high TCP ports¹
TCP random port number between 1024 - 65535random port number between 49152 - 65535²
NetBIOS Datagram Service UDP 138
NetBIOS Name Resolution UDP 137
NetBIOS Session Service TCP 139
SMB TCP 445
¹ For more information about how to customize this port, see the "Remote Procedure
Calls and DCOM" section in the "References" section.
² This is the range in Windows Server 2008 and in Windows Vista.
Note Terminal Services Licensing offers its services by using RPC over named pipes.
This service has the same firewall requirements as those of the "File and Printer
Sharing" feature.
Terminal Services Session Directory
The Terminal Services Session Directory system service allows clusters of load-
balanced terminal servers to correctly route a user's connection request to the server
where the user already has a session running. Users are routed to the first-available
terminal server, regardless of whether they are running another session in the server
cluster. The load-balancing functionality pools the processing resources of several
servers by using the TCP/IP networking protocol. You can use this service with a
cluster of terminal servers to increase the performance of a single terminal server by
distributing sessions across multiple servers. Terminal Services Session Directory
keeps track of disconnected sessions on the cluster and makes sure that users are
reconnected to those sessions.
System service name: Tssdis
Application protocol Protocol Ports
RPC TCP 135
Randomly allocated high TCP ports¹
TCP random port number between 1024 - 65535random port number between 49152 - 65535²
¹ For more information about how to customize this port, see the "Remote Procedure
Calls and DCOM" section in the "References" section.
² This is the range in Windows Server 2008 and in Windows Vista.
Trivial FTP Daemon
The Trivial FTP Daemon system service does not require a user name or a
password and is an integral part of the Remote Installation Services (RIS). The Trivial
FTP Daemon service implements support for the Trivial FTP Protocol (TFTP) that is
defined by the following RFCs:
RFC 1350 - TFTP
RFC 2347 - Option extension
RFC 2348 - Block size option
RFC 2349 - Timeout interval, and transfer size options
Trivial File Transfer Protocol (TFTP) is a file transfer protocol that is designed to
support diskless boot environments. The TFTP service listens on UDP port 69 but
responds from a randomly allocated high port. Therefore, enabling this port will let
the TFTP service receive incoming TFTP requests, but will not let the selected server
respond to those requests. The service is free to respond to any such request from
any source port it wishes, and the remote client will then use that port for the
duration of the transfer. Communication is bidirectional. If you need to enable this
protocol through a firewall, it may be useful to open UDP port 69 inbound. You can
then rely on other firewall features, which dynamically allow the service to respond
through temporary holes on any other port.
System service name: tftpd
Application protocol
Protocol Ports
TFTP UDP 69
Universal Plug and Play Device Host
The Universal Plug and Play Host discovery system service implements all the
components that are required for device registration, control, and the response to
events for hosted devices. The information that is registered that pertains to a device
(the description, the lifetimes, and the containers) are optionally stored to disk and
are announced on the network after registration, or when the operating system
restarts. The service also includes the Web server that serves the device, in addition
to service descriptions and a presentation page.
System service name: UPNPHost
Application protocol
Protocol Ports
UPNP TCP 2869
Windows Internet Name Service (WINS)
Windows Internet Name Service (WINS) enables NetBIOS name resolution. This
service helps you locate network resources by using NetBIOS names. WINS servers
are required unless all domains have been upgraded to the Active Directory directory
service and unless all computers on the network are running Windows 2000 or later.
WINS servers communicate with network clients by using NetBIOS name resolution.
WINS replication is only required between WINS servers.
System service name: WINS
Application protocol Protocol Ports
NetBIOS Name Resolution UDP 137
WINS Replication TCP 42
WINS Replication UDP 42
Windows Media Services
Windows Media Services in Windows Server 2003 replaces the following four
services that are included in Windows Media Services versions 4.0 and 4.1:
Windows Media Monitor Service
Windows Media Program Service
Windows Media Station Service
Windows Media Unicast Service
Windows Media Services is now a single service that runs on Windows Server 2003,
Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server
2003, Datacenter Edition. Its core components were developed by using the COM,
and it has a flexible architecture that you can customize for specific programs. It
supports a greater variety of control protocols, including Real Time Streaming
Protocol (RTSP), Microsoft Media Server (MMS) protocol, and HTTP.
System service name: WMServer
Application protocol
Protocol Ports
HTTP TCP 80
MMS TCP 1755
MMS UDP 1755
MS Theater UDP 2460
RTCP UDP 5005
RTP UDP 5004
RTSP TCP 554
Windows Time
The Windows Time system service maintains date and time synchronization on all
Windows XP and Windows Server 2003-based computers on a network. This service
uses Network Time Protocol (NTP) to synchronize computer clocks so that an
accurate clock value, or timestamp is assigned for network validation and for
resource access requests. The implementation of NTP and the integration of time
providers help make Windows Time a reliable and scalable time service for your
enterprise. For computers that are not joined to a domain, you can configure
Windows Time to synchronize time with an external time source. If this service is
turned off, the time setting for local computers is not synchronized with a time
service in the Windows domain or with an externally configured time service.
Windows Server 2003 uses NTP. NTP runs on UDP port 123. The Windows 2000
version of this service uses Simple Network Time Protocol (SNTP). SNTP also runs on
UDP port 123.
When the Windows Time service uses a Windows domain configuration, the service
requires domain controller location and authentication services. Therefore, the ports
for Kerberos and DNS are required.
System service name: W32Time
Application protocol
Protocol Ports
NTP UDP 123
SNTP UDP 123
World Wide Web Publishing Service
World Wide Web Publishing Service provides the infrastructure that is necessary to
register, to manage, to monitor, and to serve Web sites and programs that are
registered with IIS. This system service contains a process manager and a
configuration manager. The process manager controls the processes where custom
applications and Web sites reside. The configuration manager reads the stored
system configuration for World Wide Web Publishing Service and makes sure that
Http.sys is configured to route HTTP requests to the appropriate application pools or
operating system processes. You can configure the ports that are used by this service
through the Internet Information Services (IIS) Manager snap-in. If the administrative
Web site is enabled, a virtual Web site is created that uses HTTP traffic on TCP port
8098.
System service name: W3SVC
Application protocol
Protocol Ports
HTTP TCP 80
HTTPS TCP 443
Back to the top
Ports and protocols
The following table summarizes the information from the "System services ports"
section. This table is sorted by port number instead of by the service name.
Port Protocol Application protocol System service name
n/a GRE GRE (IP protocol 47) Routing and Remote Access
42424 TCP ASP.Net Session State ASP.NET State Service
51515 TCP MOM-Clear Microsoft Operations Manager 2000
1024-65535
TCP RPC Randomly allocated high TCP ports
Note Port 5722 is only used on 2008 domain controller or 2008R2 domain controller.
Microsoft provides the information in this table in a Microsoft Excel worksheet. This worksheet is available for download from the Microsoft Download Center:
Services on which Active Directory depends
Active Directory / LSA
Computer Browser
Distributed File System
File Replication Service
Kerberos Key Distribution Center
Net Logon
Remote Procedure Call (RPC)
Server
Simple Mail Transfer Protocol (SMTP) (if so configured)
WINS (in Windows Server 2003 SP1 and later versions for backup Active
Directory replication operations, if DNS is not working)
Windows Time
World Wide Web Publishing Service
Services that require Active Directory services
Certificate Services (required for specific configurations)
DHCP Server (if so configured)
Distributed File System
Distributed Link Tracking Server (optional but on by default on Windows 2000
computers)
Distributed Transaction Coordinator
DNS Server (if so configured)
Fax Service (if so configured)
File Replication Service
File Server for Macintosh (if so configured)
Internet Authentication Service (if so configured)
License Logging (on by default)
Net Logon
Print Spooler
Remote Installation (if so configured)
Remote Procedure Call (RPC) Locator
Remote Storage Notification
Remote Storage Server
Routing and Remote Access
Server
Simple Mail Transfer Protocol (SMTP) (if so configured)