• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

What ports to open for Exchange to work?

F

FreshPrince

Diamond Member
We have an exchange 2003 server that I'd like to use the built in server 2003 windows firewall, but which ports should I open to get this going? So far, I'm not comfortable having the windows firewall turned off for that server...

Thanks!

-FP
 
http://www.petri.co.il/ports_used_by_exchange.htm

But keep in mind it depends on how you have the clients accessing it and what services you are running, you're going to need to take a few min. to audit how your clients access it as well as how the mail is routed to ensure that you're opening the exchange ports you need (without just arbitrarily opening them all).

-Erik
 
Originally posted by: spyordie007
http://www.petri.co.il/ports_used_by_exchange.htm

But keep in mind it depends on how you have the clients accessing it and what services you are running, you're going to need to take a few min. to audit how your clients access it as well as how the mail is routed to ensure that you're opening the exchange ports you need (without just arbitrarily opening them all).

-Erik
Click to expand...

thanks, but my lord, might as well disable the firewall...

this excercise is to try and lock down backend exchange server sitting on the LAN, but we're pretty much opening everything aren't we? sigh 🙁

 
but we're pretty much opening everything aren't we?
Click to expand...
If it's acting as a back-end than you can do a lot to limit the scope on its firewall (since no clients connect directly to it).

Assuming you dont have exchange 5.5 servers about the only things you would have to open are:
80 (from your front-end)
25 (from your front-end and any other exchange servers)
691 (from any other exchange servers)
102 (from any other exchange servers)
135-138 (from your front-end and any other exchange servers plus any machines you want to run the exchange system manager MSC on)

I *think* that's all you'd need. Obviously still quite a lot of stuff, but limiting the scope should really help.
 
Originally posted by: spyordie007
but we're pretty much opening everything aren't we?
Click to expand...
If it's acting as a back-end than you can do a lot to limit the scope on its firewall (since no clients connect directly to it).

Assuming you dont have exchange 5.5 servers about the only things you would have to open are:
80 (from your front-end)
25 (from your front-end and any other exchange servers)
691 (from any other exchange servers)
102 (from any other exchange servers)
135-138 (from your front-end and any other exchange servers plus any machines you want to run the exchange system manager MSC on)

I *think* that's all you'd need. Obviously still quite a lot of stuff, but limiting the scope should really help.
Click to expand...

actually, my definition of backend is that this server handles outlook in the LAN, but it does not serve frontend OWA functions. So, all those ports would still be opened to allow outlook to function. Either way, it sucks 🙁

This all spawn from the fact that our exchange server would reboot for no reason...even the event log says unexpected error, and that all. The only way we've been correcting this problem is sniffing out the traffic, and find out the outlook machine with a corrupt profile. Delete/Recreate the profile, and the server stops rebooting 🙁

if you have any insight on this...I would appreciate it. Again, the event log does not give an error number or reason why it's crashing. Also, the system is setup to stay at the blue screen when they happen, but it never blue screens, which tells me it more of a exchange information store issue.

also, is there a tool that fixes the exchange db? there used to be such a tool in exchange 5.5, but I have not found one in 2k3 🙁
 
Woah, you have an outlook client that was causing Exchange to reboot? Cant say I've ever heard of that (regardless what client you connect to it with or what traffic it sends it shouldnt ever cause the exchange server to reboot like that). Have you talked to Microsoft PSS about this?
 
Originally posted by: spyordie007
Woah, you have an outlook client that was causing Exchange to reboot? Cant say I've ever heard of that (regardless what client you connect to it with or what traffic it sends it shouldnt ever cause the exchange server to reboot like that). Have you talked to Microsoft PSS about this?
Click to expand...

that's the thing...I don't feel like paying for support when I already dumped $10K+ on the software :|

I can't believe they want to charge to do support on software that we already paid for...

and their technet, and knowledgebase sucks. what's worse is when users(ceo's) come screeming at you when their precious email goes down.

I'd rebuild the server, no sweat...but we have 6000+ contacts in exchange that can't be imported .... what kind of crap is that? You can do a right click, export list, but you can't import back in....that's AD for you. So, the only way is to setup another exchange box and run in parallel, while we're recreating the 6000+ contacts by hand. Once they're recreated, the server can be rebuilt :/

not only this, you can't even move the exchange org to another forest...well you can, but m$ wants to charge us $20K+ for a software that does this exact thing. I guess there isn't such a thing as mergers...no 2 companies will ever come together and form a new one :roll: Well, they do, but m$ wants more $$$$ to do it.

I know domino sucks too, but I'm seriously thinking about cutting out loss and switching
 
Call PSS, it will be worth your while. If the issue is a bug in their software (which it almost sounds like) they will typically waive the fee (esp. on their products like exchange).

Now what's this about loosing the contacts (or the server for that matter). From your previous posts it sounded like the server was still running and if that's the case you should be able to build the new one and than move the mailboxes and addresslists over to it (see 822931).

I know what it's like to have the execs screaming when email is down (belive me I've been there before); but if you follow through on this issue perhaps you can get yourself back out of it (especially if you have backups). If you'd like post some more info about the problem, I'll be around for a bit longer and would be glad to offer suggestions.

-Erik

BTW there are ways to migrate user accounts and exchange mailboxes from one forrest to another, but that's another topic alltogether.
 
you know if outlook, there's the Global address list and personal address list.

All our contacts are in the GAL, which means they are not exportable to another forest. One could do the contacts in public folder, but it also means user error when one gets changed. I wish there's free way to export the GAL to another forest. This would solve most of our problems, because a server rebuild is no sweat and we got the mailboxes and public folders down. It's moving contact items in the GAL that's busting out butts, and the only way to move that info cross forests is to pay $20K or recreate them by hand 🙁

another reason I hate calling M$ is that they always want to take over your machine...which means putting it in the DMZ and open up more holes 🙁
 
If you still have the "origional" server functional than you can move the contacts to a new server. A GAL is basically just a query (it doesnt contain the addresses itself); where are the contacts stored?

And why are you wanting to move it to another forest?
 
Originally posted by: spyordie007
If you still have the "origional" server functional than you can move the contacts to a new server. A GAL is basically just a query (it doesnt contain the addresses itself); where are the contacts stored?

And why are you wanting to move it to another forest?
Click to expand...

we made the mistake of setting up exchange and our LAN domain separate forests. We thought it would make things more secure, which it did, but not worth the extra effort. now, we want to move the exchange org. back into our lan domain, but it won't let us move the GAL to another forest. I understand the GAL is really stored in AD and not in exchange, there's got to be a way to move that to another forest.
 
Oh OK so they arent contacts stored in an exchange information store, they are contacts in active directory. This makes a lot more sense.

Is the contact information than stored in contact objects within AD? If that's the case you should be able to migrate the contact objects with the ADMT (which can be used to restructure domains between forests), you would have to recrate the GAL, but that would be relitivily easy and you wouldnt have to re-enter the information into the other forest.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top