rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does Ports used in Configuration Manager 05/04/2021 + 19 minutestoread-§ @QOOQ In this article Ports you can configure Non-configurable ports Ports used by clients and site systems Other ports Diagram Next steps Applies to: Configuration Manager (current branch) This article lists the network ports that Configuration Manager uses. Some connections use ports that aren’t configurable, and some support custom ports that you specify. If you use any port filtering technology, verify that the required ports are available, These port filtering technologies include firewalls, routers, proxy servers, or IPsec. © Note Ifyou support internet-based clients by using SSL bridging, in addition to port requirements, you might also have to allow some HTTP verbs and headers to traverse your firewall. Ports you can configure Configuration Manager enables you to configure the ports for the following types of communication: * Enrollment proxy point to enrollment point * Client-to-site systems that run IIS * Client to intemet (as proxy server settings) * Software update point to internet (as proxy server settings) itpssidocs. microsoft. com/ur-usimomiconigmgtfcorelplan-designiiorarchy/ports 128rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does, © Software update point to WSUS server * Site server to site database server « Site server to WSUS database server * Reporting services points © Note You configure the ports for the reporting services point in SQL Server Reporting Services. Configuration Manager then uses these ports during communications to the reporting services point. Be sure to review these ports that define the IP filter information for IPsec policies or for configuring firewalls. By default, the HTTP port that's used for client-to-site system communication is port 80, and 443 for HTTPS. You can change these ports during setup or in the site properties. Non-configurable ports Configuration Manager doesn't allow you to configure ports for the following types of communication © Site to site *@ Site server to site system * Configuration Manager console to SMS Provider * Configuration Manager console to the internet © Connections to cloud services, such as Microsoft Intune and cloud distribution points Ports used by clients and site systems The following sections detail the ports that are used for communication in Configuration Manager. The arrows in the section title show the direction of the communication: * => Indicates that one computer starts communication and the other computer always responds itpssidocs. microsoft. con/ur-usimomiconfgmgtfcorelplan-designiiorarchy/ports 2128rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does © &+ Indicates that either computer can start communication Asset Intelligence synchronization point --> Microsoft Description upp Tep HTTPS - 443, Asset Intelligence synchronization point --> SQL Server Description upp TeP SQL over TCP ~ 1433 Note 2 Akernate port available Client --> Client Wake-up proxy also uses ICMP echo request messages from one client to another client. Clients use this communication to confirm whether the other client is awake on the network. ICMP is sometimes referred to as ping commands. ICMP doesn't have a UDP or TCP protocol number, and so it isn't listed in the below table. However, any host-based firewalls on these client computers or intervening network devices within the subnet must, permit ICMP traffic for wake-up proxy communication to succeed, Descr upp TeP Wake On LAN 9 Note 2 Amat pot arainbe . Wake-up proxy 25536 Note 2Atemate pot avalble Windows PE Peer cache broadcast 8004 - Windows PE Peer cache download 8003 For more information, see Windows PE Peer Cache. itpssidocs. microsoft. con/ur-usimomiconfgmgtfcorelplan-designiiorarchy/ports 328riterz021 Pts se for connections -Conguaton Manager| Merosot Docs Client --> Configuration Manager Network Device Enrollment Service (NDES) policy module Description upp Tep HTTP 80 HTTPS 443, Client --> Cloud distribution point Description upP Ter HTTPS - 443, For more information, see Ports and data flow. Client --> Cloud management gateway (CMG) Description upp Tep HTTPS - 443 For more information, see CMG Ports and data flow. Client --> Distribution point, both standard and pull Description upp tcp HTTP 40 Note 2 Akerate por asisble HTTPS - 443 Note 2 Akemnate port available Express updates . 8005 Note 2Aternate port avaiable © Note itpssdocs. microsoft. com/ar-usimomiconigmgrfcorelplan-designiiorarchy/ports 428mare024 Ports used for connections ~Coniguaton Manager| Mereaat Docs Use client settings to configure the alternate port for express updates. For more information, see Port that clients use to receive requests for delta content. Client --> Distribution point configured for multicast, both standard and pull Descripti upp TeP Server Message Block (SMB) ~ 445 Multicast protocol 63000-64000 Client --> Distribution point configured for PXE, both standard and pull Description upp Tep DHCP 67 and 68 TFTP 69 Notes - Boot Information Negotiation Layer (BINL) 4011 ~ © Important Ifyou enable a host-based firewall, make sure that the rules allow the server to send and receive on these ports. When you enable a distribution point for PXE, Configuration Manager can enable the inbound (receive) rules on the Windows Firewall. It doesn't configure the outbound (send) rules. Client --> Fallback status point Description upp Ter itpssidocs. microsoft. com/ur-usimomiconigmgtfcorelplan-designiiorarchy/ports 5128rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does Description upp Tep HTTP. - go Note 2 Altemate port available Client --> Global catalog domain controller A Configuration Manager client doesn't contact a global catalog server when it's a workgroup computer or when it's configured for internet-only communication. Description upp Ter Global catalog LDAP - 3268 Client --> Management point Description upp TP Client notification (default communication before falling back = 10123 Note 2Altermate to HTTP or HTTPS) port available HTTP - 0 Note 2Alomate por avaiable HTTPS - 1443 Note 2 Aterate por aiiable Client --> Software update point Description upp Ter HTTP - 80 or 8530 Note 3 HTTPS - 443 or 8531 Note Client --> State migration point itpssidocs. microsoft. con/ur-usimomiconfgmgtfcorelplan-designiiorarchy/ports 528rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does, Description upp Tep HTTP - {80 Wote 2 Aemate port avaliable HTTPS - 443 Note 2 Aterate port avaiable Server Message Block (SMB) - 445 CMG connection point --> CMG cloud service Configuration Manager uses these connections to build the CMG channel. For more information, see CMG Ports and data flow. Description upp TeP TCP-ILS (preferred) - 10140-10155 HTTPS (fallback with one VM) - 443 HTTPS (fallback with two or more VMs) 10124-10139 CMG connection point --> Management point Description upP Ter HTTPS - 443 HTTP - 80 The specific port required depends upon the management point configuration. For more information, see CMG Ports and data flow. CMG connection point --> Software update point The specific port depends upon the software update point configuration. Description upp Ter itpssidocs. microsoft. con/ur-usimomiconfgmgtfcorelplan-designiiorarchy/ports 28rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does Description upp Tep HTTPS - 4443/8531 HTTP. ~ 80/8530 For more information, see CMG Ports and data flow. Configuration Manager console --> Client Description upp Tep Remote Control (control) ~ 2701 Remote Assistance (RDP and RTC) ~ 3389 Configuration Manager console --> internet Description upp TeP HTTP - 80 HTTPS - 443 The Configuration Manager console uses internet access for the following actions: * Downloading software updates from Microsoft Update for deployment packages. * The Feedback item in the ribbon. * Links to documentation within the console, Configuration Manager console --> Reporting services point Description upp TeP HTTP 0 Note 2 Aterate port available itpssidocs. microsoft. com/ur-usimomiconigmgtfcorelplan-designiiorarchy/ports a8rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does Description upp TeP HTTPS ~- 1443 Note 2 Aternate port available Configuration Manager console --> Site server Description upp Tee RPC (initial connection to WMI to locate provider system) _ 135 Configuration Manager console --> SMS Provider Description upp Ter RPC Endpoint Mapper 135 135 RPC - DYNAMIC Note HTTPS 443 Nore Note for administration service Any device that makes a call to the administration service on the SMS Provider uses HTTPS port 443. For more information, see What is the administration service? Configuration Manager Network Device Enrollment Service (NDES) policy module --> Certificate registration point Description upp TeP HTTPS - 1443 Note 2 Aternate port available Data warehouse service point --> SQL Server itpssidocs. microsoft. con/ur-usimomiconfgmgtfcorelplan-designiiorarchy/ports 928rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does Description upp TeP SQL over TCP 41433 Nove 2 Akermate port available Distribution point, both standard and pull --> Management point A distribution point communicates to the management point in the following scenarios: * To report the status of prestaged content * To report usage summary data * To report content validation © To report the status of package downloads, only for pull-distribution points Description upp TeP ure _ 0 Note 2 Alternate port available HTTPS i 443. Note 2 Akernate port avilable Endpoint Protection point --> internet Description upp Ter HTTP. - 80 Endpoint Protection point --> SQL Server Description upp ep SQL over TCP ~ 41433 Note 2 Akernate port available Enrollment proxy point --> Enrollment point itpssidocs. microsoft. com/ur-usimomiconigmgtfcorelplan-designiiorarchy/ports 10128rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does Description upp Tep HTTPS ~- (443 Note 2 Aternate port available Enrollment point --> SQL Server Description upp Ter SQL over TCP ~ 41433 Note 2 Akernate port available Exchange Server Connector --> Exchange Online Description upp Tep Windows Remote Management over HTTPS ~ 5986 Exchange Server Connector --> On-premises Exchange Server Description upp Ter Windows Remote Management over HTTP _ 5985 Mac computer --> Enrollment proxy point Description upP Ter HTTPS - 443, Management point --> Domain controller Description upp Tep itpssidocs. microsoft. con/ur-usimomiconfgmgtfcorelplan-designiiorarchy/ports 1128rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does, Description upp Ter Lightweight Directory Access Protocol (LDAP) 389 389 Secure LDAP (LDAPS, for signing and binding) 636 636 Global catalog LDAP - 3268 RPC Endpoint Mapper - 135 RPC - DYNAMIC Note 6 Management point <--> Site server Note 5 Description upp Ter RPC Endpoint mapper _ 135 RPC _ DYNAMIC Note 6 Server Message Block (SMB) ~ 445 Management point --> SQL Server Description upp TeP SQL over TCP - 41433 Nove 2 Akermate port available Mobile device --> Enrollment proxy point Description upP Ter HTTPS 443, Reporting Services point --> SQL Server itpssidocs. microsoft. con/ur-usimomiconfgmgtfcorelplan-designiiorarchy/ports 1208rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does, Description upp TeP SQL over TCP 41433 Nove 2 Akermate port available Service connection point --> Azure (CMG) Description uP Ter HTTPS for CMG service deployment - 443 For more information, see CMG Ports and data flow. Site server <--> Asset Intelligence synchronization point Description upp Ter Server Message Block (SMB) - 445 RPC Endpoint Mapper 135 135 RPC _ DYNAMIC Not" Site server --> Client Description upp TeP Wake On LAN 4g Note2 Alternate port available Site server --> Cloud distribution point Description upp Top HTTPS - 443 itpssidocs. microsoft. con/ur-usimomiconfgmgtfcorelplan-designiiorarchy/ports 1328rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does For more information, see Ports and data flow. Site server --> Distribution point, both standard and pull Note 5 Description upp Server Message Block (SMB) RPC Endpoint Mapper 135 RPC - Site server --> Domain controller Description Lightweight Directory Access Protocol (LDAP) Secure LDAP (LDAPS, for signing and binding) Global catalog LDAP RPC Endpoint Mapper RPC upp 389 636 ep 445 135 DYNAMIC "2%" TeP 389 636 3268 135 DYNAMIC “oteS Site server <--> Certificate registration point Description upp Server Message Block (SMB) _ RPC Endpoint Mapper 135 RPC itpssidocs. microsoft. con/ur-usimomiconfgmgtfcorelplan-designiiorarchy/ports Tep 44s 135 DYNAMIC "25 14128rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does Site server <--> CMG connection point Description upp TP Server Message Block (SMB) ~ 445, RPC Endpoint Mapper 135 135 RPC - DYNAMIC 82% 5 Site server <--> Endpoint Protection point Description upp Ter Server Message Block (SMB) _ 445 RPC Endpoint Mapper 135 135 RPC - DYNAMIC Note 6 Site server <--> Enrollment point Description upp Ter Server Message Block (SMB) - 445 RPC Endpoint Mapper 135 135 RPC _ DYNAMIC "2%" Site server <--> Enrollment proxy point Description upp Tep Server Message Block (SMB) - 445 itpssidocs. microsoft. con/ur-usimomiconfgmgtfcorelplan-designiiorarchy/ports 1828rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does, Descri upp Ter RPC Endpoint Mapper 135 135 RPC _ DYNAMIC Not 6 Site server <--> Fallback status point Note 5 Description upp Ter Server Message Block (SMB) _ 445 RPC Endpoint Mapper 135 135 RPC - DYNAMIC Not" Site server --> internet Description upp TeP HTTP. ~ ag Note? Site server <--> Issuing certification authority (CA) This communication is used when you deploy certificate profiles by using the certificate registration point. The communication isn’t used for every site server in the hierarchy. Instead, it's used only for the site server at the top of the hierarchy. Description upp Ter RPC Endpoint Mapper 135 135 RPC (COM) - DYNAMIC Not’ itpssidocs. microsoft. con/ur-usimomiconfgmgtfcorelplan-designiiorarchy/ports 16128rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does, Site server --> Server hosting remote content library share You can move the content library to another storage location to free up hard drive space on your central administration or primary site servers. For more information, see Configure a remote content library for the site server. Description upp Tep Server Message Block (SMB) - 445 Site server <--> Service connection point Description upp TeP Server Message Block (SMB) _ 445 RPC Endpoint Mapper 135 135 RPC - DYNAMIC "25 Site server <--> Reporting services point Note 5 Description upp TcP Server Message Block (SMB) _ 445 RPC Endpoint Mapper 135 135 RPC Site server <--> Site server Description Server Message Block (SMB) itpssidocs. microsoft. com/ur-usimomiconigmgtfcorelplan-designiiorarchy/ports DYNAMIC "2 upp Tep - 44s 1728rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does, Site server --> SQL Server Description upp Top SQL over TCP ~- 41433 Note 2 Akernate port available During the installation of a site that uses a remote SQL Server to host the site database, open the following ports between the site server and the SQL Server: Description upp Ter Server Message Block (SMB) - 445 RPC Endpoint Mapper 135 135 RPC _ DYNAMIC Not" 6 Site server --> SQL Server for WSUS Description upp TeP SQL over TCP - 41433 Note 3 Akernate por available Site server --> SMS Provider Description upp Ter Server Message Block (SMB) - 445 RPC Endpoint Mapper 135 135 RPC _ DYNAMIC Not" Site server <--> Software update point Notes itpssidocs. microsoft. com/ur-usimomiconigmgtfcorelplan-designiiorarchy/ports 18128rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does, Description upp Ter Server Message Block (SMB) - 445 HTTP - 80 o 8530 Not" HTTPS ~ 443 or 8531 Notes Site server <--> State migration point Note 5 Description upp Ter Server Message Block (SMB) - 445 RPC Endpoint Mapper 135 135 SMS Provider --> SQL Server Description upp TeP SQL over TCP ~ 1433 Note 2 Akernate port available Software update point --> internet Description upp ep HTTP. - a9 Note! Software update point --> Upstream WSUS server Description upp Ter HTTP. ~ 80 or 8530 Nowe itpssidocs. microsoft. con/ur-usimomiconfgmgtfcorelplan-designiiorarchy/ports 19128rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does, Description upp Tep HTTPS - 443 or 8531 Not? SQL Server --> SQL Server Intersite database replication requires the SQL Server at one site to communicate directly with the SQL Server at its parent or child site. Description upp TeP SQL Server service - +1433 Note 2 Atemate port avaiable SQL Server Service Broker ~ 4022 Note 2 Altemate port available Q Tip Configuration Manager doesn't require the SQL Server Browser, which uses port UDP 1434, State migration point --> SQL Server Description upp TeP SQL over TCP - 41433 Nove 2 Akermate por available Notes for ports used by clients and site systems Note 1: Proxy server port This port can't be configured but can be routed through a configured proxy server. Note 2: Alternate port available You can define an alternate port in Configuration Manager for this value. If you define a custom port, use that custom port in the IP filter information for IPsec policies or to itpssidocs. microsoft. con/ur-usimomiconfgmgtfcorelplan-designiiorarchy/ports 20128rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does, configure firewalls. Note 3: Windows Server Update Services (WSUS) Since Windows Server 2012, by default WSUS uses port 8530 for HTTP and port 8531 for HTTPS. After installation, you can change the port. You don't have to use the same port number throughout the site hierarchy. * Ifthe HTTP port is 80, the HTTPS port must be 443, « Ifthe HTTP port is anything else, the HTTPS port must be 1 or higher, for example, 8530 and 8531 © Note When you configure the software update point to use HTTPS, the HTTP port must also be open. Unencrypted data, such as the EULA for specific updates, uses the HTTP port. * The site server makes a connection to the SQL Server hosting the SUSDB when you enable the following options for WSUS cleanup: © Add non-clustered indexes to the WSUS database to improve WSUS cleanup performance © Remove obsolete updates from the WSUS database Ifyou change the default SQL Server port to an alternate port with SQL Server Configuration Manager, make sure the site server can connect using the defined port. Configuration Manager doesn't support dynamic ports. By default, SQL Server named instances use dynamic ports for connections to the database engine. When you use a named instance, manually configure the static port. Note 4: Trivial FTP (TFTP) Daemon The Trivial FTP (TFTP) Daemon system service doesn't require a user name or password and is an integral part of Windows Deployment Services (WDS). The Trivial FTP Daemon service implements support for the TFTP protocol that's defined by the following RFCs: © RFC 1350: TFTP itpssidocs. microsoft. com/ur-usimomiconigmgtfcorelplan-designiiorarchy/ports 21128rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does, RFC 2347: Option extension RFC 2348: Block size option RFC 2349: Time-out interval and transfer size options TFTP is designed to support diskless boot environments. TFTP Daemons listen on UDP port 69 but respond from a dynamically allocated high port. If you enable this port, the TFTP service can receive incoming TFTP requests, but the selected server can’t respond to those requests. You can't enable the selected server to respond to inbound TFTP requests unless you configure the TFTP server to respond from port 69. The PXE-enabled distribution point and the client in Windows PE select dynamically allocated high ports for TFTP transfers. These ports are defined by Microsoft between 49152 and 65535. For more information, see Service overview and network port requirements for Windows. However, during the actual PXE boot, the network card on the device selects the dynamically allocated high port it uses during the TFTP transfer. The network card on the device isn’t bound to the dynamically allocated high ports defined by Microsoft. It's only bound to the ports defined in RFC 1350. This port can be any from 0 to 65535. For more information about what dynamically allocated high ports the network card uses, contact the device hardware manufacturer. Note 5: Communication between the site server and site systems By default, communication between the site server and site systems is bi-directional. The site server starts communication to configure the site system, and then most site systems connect back to the site server to send status information. Reporting service points and distribution points don't send status information. If you select Require the site server to ate connections to this site system on the site system properties after the site system has been installed, the site system won't start communication with the site server. Instead, the site server starts the communication. It uses the site system installation account for authentication to the site system server. Note 6: Dynamic ports Dynamic ports use a range of port numbers that's defined by the OS version. These ports are also known as ephemeral ports. For more information about the default port ranges, itpssidocs. microsoft. con/ur-usimomiconfgmgtfcorelplan-designiiorarchy/ports 22128rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does, see Service overview and network port requirements for Windows. Other ports The following sections provide more information about ports that Configuration Manager uses. Client to server shares Clients use Server Message Block (SMB) whenever they connect to UNC shares. For example: * Manual client installation that specifies the CCMSetup.exe /source: command-line property * Endpoint Protection clients that download definition files from a UNC path Description upp TeP Server Message Block (SMB) - 445 Connections to SQL Server For communication to the SQL Server database engine and for intersite replication, you can use the default SQL Server port or specify custom ports: © Intersite communications use: © SQL Server Service Broker, which defaults to port TCP 4022. © SQL Server service, which defaults to port TCP 1433, © Intrasite communication between the SQL Server database engine and various Configuration Manager site system roles defaults to port TCP 1433, * Configuration Manager uses the same ports and protocols to communicate with each SQL Server Always On availability group replica that hosts the site database as if the replica was a standalone SQL Server instance. itpssidocs. microsoft. con/ur-usimomiconfgmgtfcorelplan-designiiorarchy/ports 23128riterz021 Pts se for connections -Conguaton Manager| Merosot Docs When you use Azure and the site database is behind an internal or external load balancer, configure the following components «Firewall exceptions on each replica * Load-balancing rules Configure the following ports SQL over TCP: TCP 1433 SQL Server Service Broker: TCP 4022 Server Message Block (SMB): TCP 445, RPC Endpoint Mapper: TCP 135 A Warning Configuration Manager doesn't support dynamic ports. by default, SQL Server named instances use dynamic ports for connections to the database engine. When you use a named instance, manually configure the static port for intrasite communication. The following site system roles communicate directly with the SQL Server database: * Certificate registration point role © Enrollment point role * Management point © Site server * Reporting Services point * SMS Provider # SQL Server --> SQL Server When a SQL Server hosts a database from more than one site, each database must use a separate instance of SQL Server. Configure each instance with a unique set of ports. Ifyou enable a host-based firewall on the SQL Server, configure it to allow the correct ports. Also configure network firewalls in between computers that communicate with the SQL Server. itpssidocs. microsoft. com/ur-usimomiconigmgtfcorelplan-designiiorarchy/ports 24128mare024 Pris used fr connections - Configuration Manager| Mcrsoft Docs For an example of how to configure SQL Server to use a specific port, see Configure a server to listen on a specific TCP port. Discovery and publishing Configuration Manager uses the following ports for the discovery and publishing of site information: * Lightweight Directory Access Protocol (LDAP): 389 * Secure LDAP (LDAPS, for signing and binding): 636 * Global catalog LDAP: 3268 © RPC Endpoint Mapper: 135 © RPC: Dynamically allocated high TCP ports © TCP: 1024: 5000 TCP: 49152: 65535 External connections made by Configuration Manager On-premises Configuration Manager clients or site systems can make the following external connections: © Asset Intelligence synchronization point --> Microsoft © Endpoint Protection point --> internet * Client --> Global catalog domain controller * Configuration Manager console --> internet * Management point --> Domain controller © Site server --> Domain controller © Site server <--> Issuing Certification Authority (CA) * Software update point --> internet * Software update point --> Upstream WSUS Server * Service connection point --> Azure * CMG connection point --> CMG cloud service itpssidocs. microsoft. com/ur-usimomiconigmgtfcorelplan-designiiorarchy/ports 25128rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does Installation requirements for site systems that support internet-based clients © Note This section only applies to internet-based client management (IBCM). It doesn't apply to the cloud management gateway. For more information, see Manage clients on the internet. Internet-based management points, distribution points that support internet-based clients, the software update point, and the fallback status point use the following ports for installation and repair: « Site server =-> Site system: RPC endpoint mapper using UDP and TCP port 135 * Site server --> Site system: RPC dynamic TCP ports * Site server <--> Site system: Server message blocks (SMB) using TCP port 445 Application and package installations on distribution points require the following RPC ports: «Site server --» Distribution point: RPC endpoint mapper using UDP and TCP port 135 © Site server --» Distribution point: RPC dynamic TCP ports Use IPsec to help secure the traffic between the site server and site systems. If you must restrict the dynamic ports that are used with RPC, you can use the Microsoft RPC configuration tool (rpccfg.exe). Use the tool to configure a limited range of ports for these RPC packets. For more information, see How to configure RPC to use certain ports and how to help secure those ports by using IPsec © Important Before you install these site systems, make sure that the remote registry service is running on the site system server and that you have specified a site system installation account if the site system is in a different Active Directory forest without a trust, relationship. For example, the remote registry service is used on servers running site systems such as distribution points (both pull and standard) and remote SQL Servers. itpssidocs. microsoft. con/ur-usimomiconfgmgtfcorelplan-designiiorarchy/ports 26128rri@r2024 Ports used for connections - Configuration Manager| Microsoft Does Ports used by Configuration Manager client installation The ports that Configuration Manager uses during client installation depends on the deployment method: * Fora list of ports for each client deployment method, see Ports used during Configuration Manager client deployment * For more information about how to configure Windows Firewall on the client for client installation and post-installation communication, see Windows Firewall and port settings for clients Ports used by migration The site server that runs migration uses several ports to connect to applicable sites in the source hierarchy. For more information, see Required configurations for migration, Ports used by Windows Server The following table lists some of the key ports used by Windows Server. Description upp ep DNS 53 53 DHCP 67 and 68 ~ NetBIOS Name Resolution 137 NetBIOS Datagram Service 138 NetBIOS Session Service - 139 Kerberos authentication - 88 For more information, see the following articles: @ Service overview and network port requirements for Windows * How to configure a firewall for domains and trusts itpssidocs. microsoft. con/ur-usimomiconfgmgtfcorelplan-designiiorarchy/ports 27128raat Pars wed fr conecon-Congurton Maoger|Merua Doce Diagram The following diagram shows the connections between the main components that are in a typical Configuration Manager site. It currently doesn’ include all connections. Site WSUS Software Update Domain server sync update point sources controller mee = F—R—e@ & Distribution Statemigration | Fallbackstatus point paint ont wr =f = | B fm | | t sextet | ornaver (Micrasoftcom) Management e paint sms Reporting site database provider point server a i i nes) Next steps Proxy server support. Internet access requirements Is this page helpful? Yes No itpssidocs. microsoft. con/ur-usimomiconfgmgtfcorelplan-designiiorarchy/ports