In many instances, users may need to access an Exchange system over a router, or through a firewall. In such instances, it is necessary that the router or firewall be able to pass the appropriate type of traffic.
Quite a few people of warned of scenarios on the exam that involve just such configurations. It is therefore imperative to be familiar with the appropriate ports that the various Exchange services utilize. The following table summarizes these ports:
Protocol
Standard Port
Secure (SSL) Port
DNS
53
-
HTTP
80
443
IMAP4
143
993
IRC
194
-
LDAP
389
636
NNTP
119
-
POP3
110
995
RPC End-Point Mapper
135
-
SMTP
25
-
One particular port of interest is the RCP port, 135. Also referred to as the "End-Point Mapper" service, this port is responsible for telling us what port various other exchange services, such as the MTA, DS, and IS, are listening on.
This feature is important, because when an Exchange server starts, the MTA, DS, and IS, are each DYNAMICALLY assigned a port by the End-Point Mapper service. So first a connection is made to port 135 with a request for the port of the service that is needed. The End-Point Mapper replies with the correct port and then communication is established with that port.
This can cause an obvious problem if a router or firewall in between the two services has these ports closed. And since the ports are dynamically assigned you can't be sure which port needs to be opened.
Fortunately, these ports can be "pinned down" rather than assigned dynamically. The way to accomplish this is through a registry setting, as follows:
For the DS:
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/MSExchange/DS/Parameters/TCP/IP port
For the IS:
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/MSExchange/IS/Parameters/System/TCP/IP port
