Microsoft System Center Configuration Manager 2007 is a distributed client/server system. The distributed nature of Configuration Manager 2007 means that connections can be established between site servers, site systems and clients. Some connections use ports that are not configurable, and some use ports that can be customized. You must verify that the required ports are available if you use any port filtering technology such as firewalls, routers, proxy servers, and IPsec.
Configurable Ports
Configuration Manager 2007 allows you to configure the ports for the following types of communication:
- Client to site system
- Client to internet (as proxy server settings)
- Software update point to internet (as proxy server settings)
- Software update point to WSUS server
- Client to reporting point
By default, the HTTP port used for client to site system communication is port 80 and the default HTTPS port is 443. Ports for client-to-site system communication over HTTP or HTTPS can be changed during Setup or in the Site Properties for your Configuration Manager site.
Reporting point site system roles have configurable port settings for HTTP and HTTPS communication defined on the reporting point site system role property page. By default, users connect to the reporting point using the HTTP port 80 and HTTPS port 443.
Non-Configurable Ports
Configuration Manager does not allow you to configure ports for the following types of communication:
- Site to site (primary-to-primary or primary-to-secondary)
- Site server to site system
- Site server to site database server
- Site system to site database server
- Configuration Manager 2007 console to SMS Provider
- Configuration Manager 2007 console to the Internet
About RPC connections and Configuration Manager
Configuration Manager 2007 uses RPC extensively in its communications. RPC initially connects using port 135, then negotiates a port above 1024 for subsequent communication. This port number is dynamic, and cannot be changed within Configuration Manager 2007. To limit the available "random" ports used by RPC to a pre-defined range of ports, Microsoft offers a free RPC configuration tool. You can use the RPC configuration tool to establish a limited range of ports for use by RPC, then configure your IPsec filter to include the port range. For more information about the RPC configuration tool, see http://go.microsoft.com/fwlink/?LinkId=93102.
1. Site Server < -- > Site Server
Description | UDP | TCP |
Server Message Block (SMB) | -- | 445 |
Point to Point Tunneling Protocol (PPTP) | -- | 1723 (See note 3) |
2. Primary Site Server -- > Domain Controller
Description | UDP | TCP |
Lightweight Directory Access Protocol (LDAP) | -- | 389 |
LDAP (Secure Sockets Layer [SSL] connection) | 636 | 636 |
Global Catalog LDAP | -- | 3268 |
Global Catalog LDAP SSL | -- | 3269 |
RPC Endpoint Mapper | 135 | 135 |
RPC | -- | DYNAMIC |
Kerberos | 88 | -- |
3. Site Server < -- > Software Update Point
(see note 6)
Description | UDP | TCP |
Server Message Block (SMB) | -- | 445 |
Hypertext Transfer Protocol (HTTP) | -- | 80 or 8530 (See note 4) |
Secure Hypertext Transfer Protocol (HTTPS) | -- | 443 or 8531 (See note 4) |
4. Software Update Point -- > Internet
Description | UDP | TCP |
Hypertext Transfer Protocol (HTTP) | -- | 80 (See note 1) |
5. Site Server < -- > State Migration Point
(see note 6)
Description | UDP | TCP |
Server Message Block (SMB) | -- | 445 |
RPC Endpoint Mapper | 135 | 135 |
6. Client -- > Software Update Point
Description | UDP | TCP |
Hypertext Transfer Protocol (HTTP) | -- | 80 or 8530 (See note 4) |
Secure Hypertext Transfer Protocol (HTTPS) | -- | 443 or 8531 (See note 4) |
7. Client -- > State Migration Point
Description | UDP | TCP |
Hypertext Transfer Protocol (HTTP) | -- | 80 (See note 2) |
Secure Hypertext Transfer Protocol (HTTPS) | -- | 443 (See note 2) |
Server Message Block (SMB) | -- | 445 |
8. Client -- > PXE Service Point
Description | UDP | TCP |
Dynamic Host Configuration Protocol (DHCP) | 67 and 68 | -- |
Trivial File Transfer Protocol (TFTP) | 69 (See note 5) | -- |
Boot Information Negotiation Layer (BINL) | 4011 | -- |
9. Site Server < -- > PXE Service Point
(see note 6)
Description | UDP | TCP |
Server Message Block (SMB) | -- | 445 |
RPC Endpoint Mapper | 135 | 135 |
RPC | -- | DYNAMIC |
10. Site Server < -- > System Health Validator
(see note 6)
Description | UDP | TCP |
Server Message Block (SMB) | -- | 445 |
RPC Endpoint Mapper | 135 | 135 |
RPC | -- | DYNAMIC |
11. Client -- > System Health Validator
The client requires the ports established with the Network Access Protection server such as DHCP and IPsec. No port is required for 802.1X.
Description | UDP | TCP |
DHCP | 67 and 68 | -- |
IPsec | -- | 80 or 443 |
12. Site Server < -- > Fallback Status Point
(see note 6)
Description | UDP | TCP |
Server Message Block (SMB) | -- | 445 |
RPC Endpoint Mapper | 135 | 135 |
RPC | -- | DYNAMIC |
13. Client -- > Fallback Status Point
Description | UDP | TCP |
Hypertext Transfer Protocol (HTTP) | -- | 80 (See note 2) |
14. Site Server -- > Distribution Point
Description | UDP | TCP |
Server Message Block (SMB) | -- | 445 |
RPC Endpoint Mapper | 135 | 135 |
RPC | -- | DYNAMIC |
15. Client -- > Distribution Point
Description | UDP | TCP |
Hypertext Transfer Protocol (HTTP) | -- | 80 (See note 2) |
Secure Hypertext Transfer Protocol (HTTPS) | -- | 443 (See note 2) |
Server Message Block (SMB) | -- | 445 |
16. Client -- > Branch Distribution Point
Description | UDP | TCP |
Server Message Block (SMB) | -- | 445 |
17. Client -- > Management Point
Description | UDP | TCP |
Hypertext Transfer Protocol (HTTP) | -- | 80 (See note 2) |
Secure Hypertext Transfer Protocol (HTTPS) | -- | 443 (See note 2) |
18. Client -- > Server Locator Point
Description | UDP | TCP |
Hypertext Transfer Protocol (HTTP) | -- | 80 (See note 2) |
19. Branch Distribution Point -- > Distribution Point
Description | UDP | TCP |
Hypertext Transfer Protocol (HTTP) | -- | 80 (See note 2) |
Secure Hypertext Transfer Protocol (HTTPS) | -- | 443 (See note 2) |
20. Site Server to Provider
Description | UDP | TCP |
Server Message Block (SMB) | -- | 445 |
RPC Endpoint Mapper | 135 | 135 |
RPC | -- | DYNAMIC |
21. Server Locator Point -- > Microsoft SQL Server
Description | UDP | TCP |
SQL over TCP | -- | 1433 |
22. Management Point -- > Microsoft SQL Server
Description | UDP | TCP |
SQL over TCP | -- | 1433 |
23. Provider -- > SQL Server
Description | UDP | TCP |
SQL over TCP | -- | 1433 |
24. Reporting Point -- > SQL Server
Description | UDP | TCP |
SQL over TCP | -- | 1433 |
25. Configuration Manager Console -- > Reporting Point
Description | UDP | TCP |
Hypertext Transfer Protocol (HTTP) | -- | 80 (See note 2) |
Secure Hypertext Transfer Protocol (HTTPS) | -- | 443 (See note 2) |
26. Configuration Manager Console -- > Provider
Description | UDP | TCP |
RPC Endpoint Mapper | 135 | 135 |
RPC | -- | DYNAMIC |
27. Configuration Manager Console -- > Internet
Description | UDP | TCP |
Hypertext Transfer Protocol (HTTP) | -- | 80 |
28. Primary Site Server -- > Microsoft SQL Server
Description | UDP | TCP |
SQL over TCP | -- | 1433 |
29. Management Point -- > Domain Controller
Description | UDP | TCP |
Lightweight Directory Access Protocol (LDAP) | -- | 389 |
LDAP (Secure Sockets Layer [SSL] connection) | 636 | 636 |
Global Catalog LDAP | -- | 3268 |
Global Catalog LDAP SSL | -- | 3269 |
RPC Endpoint Mapper | 135 | 135 |
RPC | -- | DYNAMIC |
Kerberos | 88 | -- |
30. Site Server -- > Reporting Point
Description | UDP | TCP |
Server Message Block (SMB) | -- | 445 |
RPC Endpoint Mapper | 135 | 135 |
RPC | -- | DYNAMIC |
31. Site Server < -- > Server Locator Point
(see note 6)
Description | UDP | TCP |
Server Message Block (SMB) | -- | 445 |
RPC Endpoint Mapper | 135 | 135 |
RPC | -- | DYNAMIC |
32. Configuration Manager Console -- > Site Server
Description | UDP | TCP |
RPC (initial connection to WMI to locate provider system) | -- | 135 |
33. Software Update Point -- > WSUS Synchronization Server
Description | UDP | TCP |
Hypertext Transfer Protocol (HTTP) | -- | 80 or 8530(See note 4) |
Secure Hypertext Transfer Protocol (HTTPS) | -- | 443 or 8531 (See note 4) |
34. Configuration Manager Console -- > Client
Description | UDP | TCP |
Remote Control (control) | 2701 | 2701 |
Remote Control (data) | 2702 | 2702 |
Remote Assistance (RDP and RTC) | -- | 3389 |
35. Management Point < -- > Site Server
(see note 6)
Description | UDP | TCP |
RPC Endpoint mapper | -- | 135 |
RPC | -- | DYNAMIC |
36. Site Server -- > Client
Description | UDP | TCP |
Wake on LAN | 9 (See note 2) | -- |
37. PXE Service Point -- > Microsoft SQL Server
Description | UDP | TCP |
SQL over TCP | -- | 1433 |
参考KB: http://technet.microsoft.com/en-us/library/bb632618.aspx
浙公网安备 33010602011771号