For a Microsoft Systems Management Server (SMS) 2.0 version of this article, visit the following Microsoft Knowledge Base Web site:
Port Requirements: SMS site server to Active DirectorySMS 2003 site servers require access to the Active Directory global catalog server in order to do the following:
- Publish site systems to Active Directory
- Publish and query for Active Directory site boundaries
- Run Active Directory discovery methods
|RPC Endpoint Mapper||135||135|
|Global Catalog LDAP||N/A||3268|
|Global Catalog LDAP SSL||N/A||3269|
Port requirements: SMS 2003 site server to the child site, to the secondary site, or to the SMS SQL Server
|Port 445||Server Message Block (SMB)|
Port requirements: SMS 2003 site server to remote SMS SQL Server database. Proxy management points, management point, server locator points, and reporting points to the SMS SQL Server database
|Port 1433||TCP (SMS site server to SQL server)|
Port requirements: SMS 2003 Advanced Client to Active DirectoryIn an Active Directory environment, the Advanced client makes a Lightweight Directory Access Protocol (LDAP) query to the global catalog server to find a management point that matches the client’s IP address. The following ports are required in Active Directory to allow the client to contact the global catalog server.
|Port 389||UDP (User Datagram Protocol) LDAP Ping|
|Port 389||TCP LDAP|
|Port 636||TCP LDAP (SSL Connection)|
|Port 3268||TCP (explicit connection to Global Catalog)|
|Port 3269||TCP (explicit SSL connection to Global Catalog)|
Port requirements: SMS 2003 Advanced Client to Management Point or to distribution point
|Port 80||Hypertext Transfer Protocol (HTTP)|
|Port 139||Client sessions (for non BITS-enabled DPs)|
|Port 445||Server Message Block (for non BITS-enabled DPs)|
set oSMSClient = CreateObject ("Microsoft.SMS.Client")
oSMSClient.SetCurrentManagementPoint "MP NetBIOS name",0
AAA: 10.0.0.1 "MP_AAA \0x1A" #PRE.
For more information about how to write an LMHOSTS file, click the following article number to view the article in the Microsoft Knowledge Base:
Port requirements: SMS Remote Control System service: Wuser32
|SMS Remote Chat||TCP||2703|
|SMS Remote Chat||UDP||2703|
|SMS Remote Control (control)||TCP||2701|
|SMS Remote Control (control)||UDP||2701|
|SMS Remote Control (data)||TCP||2702|
|SMS Remote Control (data)||UDP||2702|
|SMS Remote File Transfer||TCP||2704|
|SMS Remote File Transfer||UDP||2704|
SMS Remote Control UDPWhen you use NetBIOS over TCP/IP for SMS Remote Control, the following ports are used:
|Port 137||Name resolution|
|Port 139||Client sessions|
Microsoft Windows NT UDPThe following list includes the core UDP ports that Windows NT uses, and it also lists their respective functions:
|Domain Name System (DNS)||UDP||53|
|Dynamic Host Configuration Protocol (DHCP)||UDP||67|
|Remote procedure call (RPC)||TCP||135|
|Windows Internet Name Service (WINS)||UDP||138|
Microsoft SQL Server portsIf you use the TCP/IP Net-Library, enable port 1433 on the firewall. Use the Hosts file or an advanced connection string for host name resolution.
If you use named pipes over TCP/IP, enable port 139 for NetBIOS functions.
Microsoft does not recommend that you enable UDP ports 137 and 138 for NetBIOS name resolution by using B-node broadcasts. Instead, you can use a WINS server or an Lmhosts file for name resolution.
By default, SQL Server uses TCP (not UDP) port 1433 to listen on TCP/IP. To change the port, run SQL Server Setup on the server and then click
Change Network Support. If SQL Server uses port 1433, the client Net-Library works. If SQL Server uses a custom port number, the client must specify that port in the Data Source Name (DSN).
SMS RAS SenderSMS can also use the SMS RAS Sender with Point to Point Tunneling Protocol (PPTP) to send and to receive SMS site, client, and administrative information through a firewall. Under these circumstances, the following port is used:
SecurityTo help improve the security of your computer, you can configure your firewall to use Internet Protocol (IP) filters that permit only registered addresses to pass through the firewall.
If you enable specific ports on a proxy server or on a firewall, this may affect the security of your computer. For additional information about security issues, visit the following Microsoft Web site: For more information about how to restrict TCP/IP ports for DCOM, click the following article number to view the article in the Microsoft Knowledge Base:
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.