DOCUMENT:Q155831 06-AUG-2002 [exchange] TITLE :XADM: Set TCP/IP for Exchange/Outlook Client Through Firewall PRODUCT :Microsoft Exchange PROD/VER::4.0,5.0,5.5 OPER/SYS: KEYWORDS:exc4 exc5 exc55 ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Exchange Server, versions 5.5, 4.0, 5.0 ------------------------------------------------------------------------------- IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base: Q256986 Description of the Microsoft Windows Registry SUMMARY ======= This article tells you how to allow the Microsoft Exchange Client to connect to Microsoft Exchange Server over an existing connection to the Internet and through a firewall. In order to do this, make the ports assigned to these connections static. This requires you to add entries to the registry. For additional information about configuring Exchange Server services for Internet firewalls, please click the article number below to view the article in the Microsoft Knowledge Base: Q148732 XADM: Setting TCP/IP Port Numbers for Internet Firewalls MORE INFORMATION ================ WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. You must restart the computer for these changes to take effect. To make the ports static: 1. Start Registry Editor (Regedt32.exe). 2. Under the HKEY_LOCAL_MACHINE subtree, go to the following subkey: System\CurrentControlSet\Services\MSExchangeDS\Parameters 3. Add the following entry for the Microsoft Exchange Directory service: TCP/IP port REG_DWORD DATA: NOTE: Microsoft recommends that you assign ports from the 5000 - 65535 (decimal) range. For additional information about the guidelines for static port assignment of Exchange Server services, please see the Microsoft Knowledge Base article in the "More Information" section. EXAMPLE: "TCP/IP Port"=dword:00001388(5000) The decimal number 5000 was used for the DS, 1388 in hexadecimal format. 4. Locate the following subkey: System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem 5. Add the following entry for the Information Store: TCP/IP port REG_DWORD DATA: NOTE: Microsoft recommends that you assign ports from the 5000 - 65535 (decimal) range. For additional information about the guidelines for static port assignment of Exchange Server services, please see the Microsoft Knowledge Base article in the More Information section. EXAMPLE: "TCP/IP Port"=dword:00001389(5001) The decimal number 5001 was used for the IS, 1389 in hexadecimal format. 6. Quit Registry Editor. After this, you must configure the packet filter (or firewall) to allow Transmission Control Protocol (TCP) connections to be made to these ports as well as to port 135. Further Explanation ------------------- A packet filter (or firewall) denies connection attempts made to any port for which you have not explicitly allowed connections. Microsoft Exchange Server does use a well-known static port (port 135) to listen for client connects to the Remote Procedure Call (RPC) Endpoint Mapper Service. However, after the client connects to this socket, Microsoft Exchange Server then re-assigns the client two random ports to use when communicating with the directory and the information store. This makes it impossible to allow these through the firewall without forcing them to be statically assigned. References ---------- For additional information, please refer to the Readme.wri file on the Microsoft Exchange Server compact disc. For additional information about port selection for Exchange, click the article number below to view the article in the Microsoft Knowledge Base: Q194952 XADM: Statically Mapped Port Limitations for Exchange Server Additional query words: static mapped ports ====================================================================== Keywords : exc4 exc5 exc55 Technology : kbExchangeSearch kbExchange500 kbExchange550 kbExchange400 kbZNotKeyword2 Version : :4.0,5.0,5.5 Issue type : kbhowto ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.