XCCC: TCP/IP Ports Used by Microsoft Mobile Information Server

This article was previously published under Q294297
This article has been archived. It is offered "as is" and will no longer be updated.
This article describes the Transmission Control Protocol/Internet Protocol (TCP/IP) ports that are used by Mobile Information Server. This article also describes scenarios where you may need to open these ports on a firewall to allow access for mobile users.
When you run Mobile Information Server in a perimeter network (also known as DMZ, demilitarized zone, and screened subnet), open the following ports on the router between the perimeter network and the internal network:
  • 80 - Hypertext Transfer Protocol (HTTP)
  • 53 - Domain name system (DNS)
  • 88 - Kerberos (if you are using NTLM)
  • 135 - Remote procedure call (RPC)
  • 137 - NetBIOS Name Service
  • 138 - NetBIOS Datagram Service
  • 139 - NetBIOS Session
  • 389 - Lightweight Directory Access Protocol (LDAP) (TCP/User Datagram Protocol [UDP])
  • 1026 - RPC
  • 3268 - Global Catalog with LDAP
However, if you are using IPSec to secure traffic between Mobile Information Server and the internal network, allow only the following through the firewall for inbound and outbound traffic:
  • IP Protocol 50 - Encapsulating Security Protocol (ESP)
  • IP Protocol 51 - Authentication Header (AH)
  • UDP port 500 - ISAKMP
Additional TCP and UDP ports may be required to allow Kerberos. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
233256 How to Enable IPSec Traffic Through a Firewall
On the external firewall between the perimeter network and the public network, the following ports must be available:
  • For Exchange 2000 notifications:
    • 25 - SMTP (if you are using SMTP carriers)
    • 80 - HTTP (if you are using HTTP carriers with Mobile Information Server Carrier Edition)
    • 50, 51, UDP 500 - IPSec (if you are using an HTTP carrier with the IPSec policy)
  • For Exchange 2000 browse:
    • 80 - HTTP (if you are not using secure HTTP)
    • 443 - HTTPS (if you are using secure HTTP over Secure Sockets Layer [SSL])
  • For Exchange Server 5.5 browse:
    • 80 - HTTP (if you are not using secure HTTP)
    • 443 - HTTPS (if you are using secure HTTP over SSL)
In addition, Exchange Server 5.5 browse requires the following additional ports to be opened on the internal firewall:
  • 1024 and higher - Dynamic RPC
When you set Exchange Server 5.5 RPC ports statically, you can avoid the need for all ports higher than 1024 for dynamic RPC.

Article ID: 294297 - Last Review: 12/06/2015 01:42:45 - Revision: 1.3

Microsoft Mobile Information Server 2001 Enterprise Edition

  • kbnosurvey kbarchive kbinfo KB294297