DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 832017 - Last Review: October 18, 2013 - Revision: 61.0

Notice
Collapse this imageExpand this image
Important This article contains several references to the default dynamic port range. In Windows Server 2008 and later versions, and in Windows Vista and later versions, the default dynamic port range changed to the following range:
  • Start port: 49152
  • End port: 65535
Windows 2000, Windows XP, and Windows Server 2003 use the following dynamic port range:

  • Start port: 1025
  • End port: 5000

What this means for you:
  • If your computer network environment uses only Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista, you must enable connectivity over the high port range of 49152 through 65535.
  • If your computer network environment uses Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista together with versions of Windows earlier than Windows Server 2008 and Windows Vista, you must enable connectivity over both the following port ranges:
    • High port range 49152 through 65535
    • Low port range 1025 through 5000
  • If your computer network environment uses only versions of Windows earlier than Windows Server 2008 and Windows Vista, you must enable connectivity over the low port range of 1025 through 5000.
For more information about the default dynamic port range in Windows Server 2012, Windows 8, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista, click the followng article number to go to the article in the Microsoft Knowledge Base:
929851  (http://support.microsoft.com/kb/929851/ ) The default dynamic port range for TCP/IP has changed in Windows Vista and in Windows Server 2008

On This Page

Summary

This article discusses the required network ports, protocols, and services that are used by Microsoft client and server operating systems, server-based programs, and their subcomponents in the Microsoft Windows Server system. Administrators and support professionals may use this Microsoft Knowledge Base article as a roadmap to determine which ports and protocols Microsoft operating systems and programs require for network connectivity in a segmented network.

You should not use the port information in this article to configure Windows Firewall. For information about how to configure Windows Firewall, see the following Microsoft website:

Networking and Access Technologies: Windows Firewall (http://technet.microsoft.com/en-us/network/bb545423.aspx)
The Windows Server system includes a comprehensive and integrated infrastructure to meet the requirements of developers and information technology (IT) professionals. This system runs programs and solutions that you can use to obtain, analyze, and share information quickly and easily. These Microsoft client, server, and server program products use different network ports and protocols to communicate with client systems and with other server systems over the network. Dedicated firewalls, host-based firewalls, and Internet Protocol security (IPsec) filters are other important components that you must have to help secure your network. However, if these technologies are configured to block ports and protocols that are used by a specific server, that server will no longer respond to client requests.

Overview

The following list provides an overview of the information that this article contains:
  • The "System services ports" section contains a brief description of each service, displays the logical name of that service, and indicates the ports and protocols that each service requires for correct operation. Use this section to help identify the ports and protocols that a particular service uses.
  • The "Ports and protocols" section includes a table that summarizes the information from the "System Services Ports" section. The table is sorted by the port number instead of by the service name. Use this section to quickly determine which services listen on a particular port.

This article uses certain terms in specific ways. To help avoid confusion, make sure that you understand how the article uses these terms:
  • System services: System services are programs that load automatically as part of an application's startup process or as part of the operating system startup process. System services support the different tasks that the operating system must perform. For example, some system services that are available on computers that run Windows Server 2003 Enterprise Edition include the Server service, the Print Spooler service, and the World Wide Web Publishing service. Each system service has a friendly service name and a service name. The friendly service name is the name that appears in graphical management tools such as the Services Microsoft Management Console (MMC) snap-in. The service name is the name that is used with command-line tools and with many scripting languages. Each system service may provide one or more network services.
  • Application protocol: In this article, application protocol refers to a high-level network protocol that uses one or more TCP/IP protocols and ports. Examples of application protocols include HTTP, server message blocks (SMBs), and Simple Mail Transfer Protocol (SMTP).
  • Protocol: TCP/IP protocols are standard formats for communicating between devices on a network. TCP/IP protocols operate at a lower level than the application protocols. The TCP/IP suite of protocols includes TCP, User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).
  • Port: This is the network port that the system service listens on for incoming network traffic.
This article does not specify which services rely on other services for network communication. For example, many services rely on the remote procedure call (RPC) or DCOM features in Microsoft Windows to assign them dynamic TCP ports. The Remote Procedure Call service coordinates requests by other system services that use RPC or DCOM to communicate with client computers. Many other services rely on network basic input/output system (NetBIOS) or SMBs, protocols that are provided by the Server service. Other services rely on HTTP or on Hypertext Transfer Protocol Secure (HTTPS). These protocols are provided by Internet Information Services (IIS). A full discussion of the architecture of the Windows operating systems is beyond the scope of this article. However, detailed documentation on this subject is available on Microsoft TechNet and on the Microsoft Developer Network (MSDN) websites. Although many services may rely on a particular TCP or UDP port, only one service or process at a time can listen on that port.

When you use RPC with TCP/IP or with UDP/IP as the transport, incoming ports are frequently dynamically assigned to system services as required; TCP/IP and UDP/IP ports that are higher than port 1024 are used. These are also informally known as random RPC ports. In these cases, RPC clients rely on the RPC endpoint mapper to tell them which dynamic port or ports were assigned to the server. For some RPC-based services, you can configure a specific port instead of letting RPC dynamically assign a port. You can also restrict the range of ports that RPC dynamically assigns to a small range, regardless of the service. For more information about this topic, see the "References" section.

This article includes information about the system services roles and the server roles for the Microsoft products that are listed in the "Applies to" section. Although this information may also apply to Windows XP and to Microsoft Windows 2000 Professional, this article is focused on server-class operating systems. Therefore, this describes the ports that a service listens on instead of the ports that client programs use to connect to a remote system.

System services ports

This section provides a description of each system service, includes the logical name that corresponds to the system service, and displays the ports and the protocols that each service requires.

Click the name of a system service in the following list to see the description:

Active Directory (Local Security Authority)

Application Layer Gateway Service

ASP.NET State Service

Certificate Services

Cluster Service

Computer Browser

DHCP Server

Distributed File System Namespaces

Distributed File System Replication

Distributed Link Tracking Server

Distributed Transaction Coordinator

DNS Server

Event Log

Fax Service

File Replication

File Server for Macintosh

FTP Publishing Service

Group Policy

HTTP SSL

Hyper-V service

Internet Authentication Service

Internet Connection Firewall (ICF)/Internet Connection Sharing

IPAM

ISA/TMG Server

Kerberos Key Distribution Center

License Logging

Message Queuing

Messenger

Microsoft Exchange MTA Stacks

Microsoft POP3 Service

Net Logon

NetMeeting Remote Desktop Sharing

Network News Transfer Protocol (NNTP)

Offline Files, User Profile Service, Folder Redirection, and Primary Computer

Performance Logs and Alerts

Print Spooler

Remote Installation

Remote Procedure Call (RPC)

Remote Procedure Call (RPC) Locator

Remote Storage Notification

Remote Storage

Routing and Remote Access

Server

SharePoint Portal Server

Simple Mail Transfer Protocol (SMTP)

Simple TCP/IP Services

SNMP Service

SNMP Trap Service

SSDP Discovery Service

TCP/IP Print Server

Telnet

Terminal Services

Terminal Services Licensing

Terminal Services Session Directory

Trivial FTP Daemon

UPnP Device Host

Windows Internet Name Service (WINS)

Windows Media Services

Windows Remote Management (WinRM)

Windows Time

World Wide Web Publishing Service

Ports and protocols

The following table summarizes the information from the "System services ports" section. This table is sorted by port number instead of by service name. Click here to see the table

Microsoft provides part of the information that is in this table in a Microsoft Excel worksheet. This worksheet is available for download from the Microsoft Download Center.

Active Directory port and protocol requirements

Application servers, client computers and domain controllers that are located in common or external forests have service dependencies so that user-initiated and computer-initiated operations such as domain join, logon authentication, remote administration, and Active Directory replication work correctly. Such services and operations require network connectivity over specific port and networking protocols.

A summarized list of services, ports and protocols required for member computers and domain controllers to inter-operate with one another or for application servers to access Active Directory include but are not limited to the following.
Click here to see a list of services on which Active Directory depends
Click here to see a list of services that require Active Directory services

References

Click here to see a list of reference resources

Windows Media Services

For information about the ports that are used by Windows Media Services, see Allocating Ports for Windows Media Services.




Applies to
  • Windows Web Server 2008 R2
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Web Server 2008
  • Windows Server 2008 for Itanium-Based Systems
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Systems Management Server 2003
  • Microsoft SharePoint Portal Server 2001
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft SQL Server 2000 Standard Edition
  • Microsoft SQL Server 2000 Enterprise Edition
  • Microsoft Exchange 2000 Server Standard Edition
  • Microsoft Exchange 2000 Enterprise Server
  • Microsoft Operations Manager 2000 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2000 Standard Edition
  • Microsoft Application Center 2000 Standard Edition
  • Windows 7 Enterprise
  • Windows 7 Home Basic
  • Windows 7 Home Premium
  • Windows 7 Professional
  • Windows 7 Starter
  • Windows 7 Ultimate
  • Windows Vista Service Pack 2
  • Microsoft Windows XP Service Pack 3
  • Windows 8
  • Windows Server 2012 Datacenter
  • Windows Server 2012 Essentials
  • Windows Server 2012 Foundation
  • Windows Server 2012 Standard
Keywords: 
kbfirewall kbhowtomaster KB832017
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support