XCLN: How to Force Static Mapping of Sockets

• Microsoft Exchange Server, version 4.0

SUMMARY

This article tells you how to allow the Microsoft Exchange Client to connect to Microsoft Exchange Server over an existing connection to the Internet and through a firewall. In order to do this, make the ports assigned to these connections static. This requires you to add entries to the registry.

MORE INFORMATION

The computer must be restarted for these changes to take effect.

To make the ports static:

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall Windows NT. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

1. Start Registry Editor (Regedt32.exe).

2. Under the HKEY_LOCAL_MACHINE subtree, go to the following subkey:

         System\CurrentControlSet\Services\MSExchangeDS\Parameters
   

3. Add the following entry for the Microsoft Exchange Directory service:

         TCP/IP port REG_DWORD
         DATA: <port number to assign>
   

   NOTE: DO NOT assign ports immediately above the 1023 range. For more

             information about the ramifications and guidelines for static
             port assignment of Exchange services, please see the following
             article in the Microsoft Knowledge Base:
   
                ARTICLE-ID: Q180795
                TITLE: XADM: Intrasite Directory Replication Fails with Error
                       1720
   
      EXAMPLE: "TCP/IP Port"=dword:000004C9(1225)
   
      The decimal number 1225 was used for the DS, which is 4C9 in hexadecimal.
   
   

4. Go to the following subkey:

         System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
   

5. Add the following entry for the Information Store:

         TCP/IP port REG_DWORD
         DATA: <port number to assign>
   

   NOTE: DO NOT assign ports immediately above the 1023 range. For more

             information about the ramifications and guidelines for static
             port assignment of Exchange services, please see the following
             article in the Microsoft Knowledge Base:
   
                ARTICLE-ID: Q180795
                TITLE: XADM: Intrasite Directory Replication Fails with Error
                       1720
   
      EXAMPLE: "TCP/IP Port"=dword:000004CA(1226)
   
      The decimal number 1226 was used for the IS, 4CA in hexadecimal format.
   
   

6. Quit Registry Editor.

Further Explanation

A packet filter (or firewall) will deny connection attempts made to any port for which you have not explicitly allowed connections. Microsoft Exchange Server does use a well-known static port (port 135) to listen for client connects to the RPC Endpoint Mapper Service. However, after the client connects to this socket, Microsoft Exchange Server then re-assigns the client two random ports to use when communicating with the Directory and the Information Store. This makes it impossible to allow these through the firewall without forcing them to be statically assigned.

REFERENCES

For additional information, please refer to the Readme.wri file on the Microsoft Exchange Server version 4.0 compact disc.