The Terminal Services Licensing system service installs a license server and provides licenses to registered clients when the clients connect to a terminal server (a server that has Terminal Server enabled). Because of legacy design constraints and evolving license terms and conditions, License Logging may not provide an accurate view of the total number of CALs that are purchased compared to the total number of CALs that are used on a particular server or across the enterprise. The Distributed Link Tracking Server system service stores information so that files that are moved between volumes can be tracked to each volume in the domain. The License Logging system service is a tool that was originally designed to help customers manage licenses for Microsoft server products that are licensed in the server client access license (CAL) model. Aufruf einer fernen Prozedur) ist eine Technik zur Realisierung von Interprozesskommunikation. It's the range in TMG. The Computer Browser system service maintains an up-to-date list of computers on your network and supplies the list to programs that request it. The Telnet system service for Windows provides ASCII terminal sessions to Telnet clients. The Browser service uses RPC over Named Pipes to compile. The RPC Locator service offers its services by using RPC over named pipes. It lets the business issue and manage digital certificates for programs and protocols such as: Certificate Services relies on RPC and DCOM to communicate with clients by using random TCP ports that are higher than port 1024. If no member is specified, Dfsrdiag.exe uses the local computer. WINS servers communicate with network clients by using NetBIOS name resolution. You can configure the range of high ports by using the IIS metabase. The default HTTP port is TCP 80, and the default HTTPS port is TCP 443. If you stop this service, users cannot move or retrieve files from the secondary storage media. The Remote Procedure Call (RPC) system service is an interprocess communication (IPC) mechanism that enables data exchange and invocation of functionality that is located in a different process. In addition, the Microsoft LDAP client uses ICMP pings to verify that an LDAP server it has a pending request with is still present on the network. The different process can be on the same computer, on the LAN, or in a remote location, and it can be accessed over a WAN connection or over a VPN connection. Die folgenden Registrierungseinträge gelten für Windows NT 4,0 und höher. For example, an agent can be configured to start an authentication trap if an unrecognized management system sends a request for information. ³ It's the range in Windows Server 2012, Windows 8, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista. The list of services on which Active Directory depends: The list of services that require Active Directory services: The Help files for each Microsoft product that is described in this article contain more information that you may find useful to help configure your programs. If the administrative website is enabled, a virtual website is created that uses HTTP traffic on TCP port 8098. The Ports and protocols section includes a table that summarizes the information from the System services ports section. This tool aggregates all previous security recommendations and security documentation into a single utility for all support Microsoft operating systems: For more information about operating system services, security settings, and IPsec filtering, see one of the following Threats and Countermeasures Guides: The Internet Assigned Numbers Authority coordinates the use of well-known ports. You can then rely on other firewall features that dynamically let the service respond through temporary holes on any other port. Sie ermöglicht den Aufruf von Funktionen in anderen Adressräumen. To successfully apply Group Policy, a client computer must be able to contact a domain controller over the Kerberos, LDAP, SMB, and RPC protocols. This worksheet is available for download from the Microsoft Download Center. When you use RPC with TCP/IP or with UDP/IP as the transport, incoming ports are frequently dynamically assigned to system services as required. ³ The NETBIOS ports are optional and are not required when DFSN is using FQDN Server names. The Event Log system service logs event messages that are generated by programs and by the Windows operating system. ¹ For more information about how to customize this port, see Distributed Transaction Coordinator in the References section. Additionally, unless a tunneling protocol is used to encapsulate traffic to Active Directory, a range of ephemeral TCP ports between 1024 to 5000 and 49152 to 65535 are required. The Remote Procedure Call (RPC) Locator system service manages the RPC name service database. In der Antwort ist auch die IP-Adresse des Hosts hinterle… When SNMP Trap Service is configured for an agent, the service generates trap messages if any specific events occur. For example, many services rely on the Remote Procedure Call (RPC) or DCOM features in Microsoft Windows to assign them dynamic TCP ports. Earlier versions of Windows-based programs, such as My Network Places, the net view command, and Windows Explorer, all require browsing capability. Offline Files and Roaming User Profiles cache user data to computers for offline use. These users can be on a LAN connection or on a remote connection. The default dynamic port range for TCP/IP has changed, Restricting Active Directory RPC traffic to a specific port, 3.2.2.6.2.1.4.5.9 msPKI-Certificate-Name-Flag, Installation and Configuration for Windows Remote Management, How to configure a firewall for Active Directory domains and trusts, Threats and Countermeasures Guide: Security Settings in Windows Server 2008 R2 and Windows 7, Threats and Countermeasures Guide: Security Settings in Windows Server 2008 and Windows Vista, Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP, Network Ports Used by Key Microsoft Server Products, Active Directory and Active Directory Domain Services Port Requirements, Service Name and Transport Protocol Port Number Registry, How to configure RPC dynamic port allocation to work with firewalls, Windows 2000 Startup and Logon Traffic Analysis, Restricting Active Directory replication traffic and client RPC traffic to a specific port, Network ports for clients and mail flow in Exchange, Configure Outlook Anywhere in Outlook 2013, TCP ports, UDP ports, and RPC ports that are used by Message Queuing, System Center Developer Documentation Library, Ports that Systems Management Server 2003 uses to communicate through a firewall or through a proxy server, INF: TCP Ports Used by OLAP Services when Connecting Through a Firewall, Change the listening port for Remote Desktop on your computer, Using Windows Server 2003 with Service Pack 1 in a Managed Environment: Controlling Communication with the Internet, Allocating Ports for Windows Media Services, Active Directory Management Gateway Service, Lightweight Directory Access Protocol (LDAP) Server, 3343 (This port is required during a node join operation. TCP/IP protocols operate at a lower level than the application protocols. It's also required for transactional queues in Message Queuing (also known as MSMQ) and SQL Server operations that span multiple systems. Wer einem Windows Server schon mal mit NetMon 3 oder WireShark/Ethereal auf die Finger geschaut hat, wird gesehen haben, dass neben klassischen Protokollen wie DNS, WINS, NTP sehr viel über \"RPC\" abgewickelt wird. This service has the same firewall requirements as the File and Printer Sharing feature. To use Dfsrdiag.exe to set the server RPC port, follow this example: dfsrdiag StaticRPC/port:nnnnn/Member:Branch01.sales.contoso.com. World Wide Web Publishing Service provides the infrastructure that you must have to register, manage, monitor, and serve websites and programs that are registered with IIS. The table is sorted by the port number instead of by the service name. ¹ Cluster Service UDP traffic over port 3343 requires the Datagram Transport Layer Security (DTLS) protocol, version 1.0 or version 1.2. Quelle: Netlogon These include Real Time Streaming Protocol (RTSP), Microsoft Media Server (MMS) protocol, and HTTP. The Distributed Link Tracking Server service runs on each domain controller in a domain. Darüber verrichten das Betriebssystem und die Programme Ihre Dienste, beispielweise indem Sie Informationen senden oder empfangen. By using Certificate Services, a business can act as its own certification authority (CA). The Windows 2000 version of this service uses Simple Network Time Protocol (SNTP). ² It's the range in Windows Server 2012, Windows 8, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista. The Windows Server system includes a comprehensive and integrated infrastructure to meet the requirements of developers and information technology (IT) professionals. Message Queuing helps provide security, efficient routing, support for sending messages within transactions, priority-based messaging, and guaranteed message delivery. Ports in der Windows-Firewall öffnen Die Firewall in Windows 10 ist standardmäßig aktiviert und schützt Ihren Rechner vor unauthorisierten Zugriffen. If this service is turned off, the time setting for local computers is not synchronized with a time service in the Windows domain or with an externally configured time service. The software distributes data among the nodes of the cluster. For information about ports in IIS 6.0, see TCP/IP Port Filtering. Ursprüngliche KB-Nummer:   154596. (See the Event Log section in this article for port requirements.) Net Logon is configured to start automatically only when a member computer or domain controller is joined to a domain. Bei Computern mit einem höheren Datenverkehr kann es zu einer Port Erschöpfung kommen, wenn die dynamischen RPC-Ports eingeschränkt sind. The FTP plug-in also updates ports in the FTP control channel stream. Mit vielen RPC-Servern in Windows können Sie den Serverport in benutzerdefinierten Konfigurationselementen wie Registrierungseinträgen angeben. Remote Procedure Call (RPC) dynamic port allocation is used by server applications and remote administration applications such as Dynamic Host Configuration Protocol (DHCP) Manager, Windows Internet Name Service (WINS) Manager, and so on. For more information about how to restrict Active Directory replication and client logon traffic, see Restricting Active Directory replication traffic and client RPC traffic to a specific port. This system runs programs and solutions that you can use to obtain, analyze, and share information quickly and easily. In diesem Fall wird das Ereignis 5820 protokolliert: Protokoll Name: System Therefore, when you enable this port, the TFTP service receives incoming TFTP requests, but it does not let the selected server respond to those requests. Dies ist keine Empfehlung einer minimalen Anzahl von Ports, die für ein bestimmtes System benötigt werden. This service has the same firewall requirements as the File and Printer Sharing feature. What is the sequence of Windows RPC ports 135, 137, 139 (and higher ports)? License Logging is not included in Windows Server 2008 and later operating systems. Die dynamische Portzuweisung (Remote Procedure Call, RPC) wird von Serveranwendungen und Remoteverwaltungsanwendungen wie dem DHCP-Manager (Dynamic Host Configuration Protocol), dem WINS-Manager (Windows Internet Name Service) usw. Active Directory runs under the Lsass.exe process and includes the authentication and replication engines for Windows domain controllers. Sie gelten nicht für frühere Versionen von Windows NT. These Microsoft client, server, and server program products use different network ports and protocols to communicate with client systems and with other server systems over the network. You can use the Internet Information Services (IIS) Manager snap-in to configure the ports that are used by this service. Although NAT-T and IPsec ISAKMP are required for L2TP, these ports are monitored by the Local Security Authority. TCP/IP and UDP/IP ports that are higher than port 1024 are used. This port was originally part of the TACO project. System service name: LSASS. This system service contains a process manager and a configuration manager. The service is free to respond to any such request from any source port, and the remote client then uses that port during the transfer. The IPAM client UI communicates with the IPAM server to perform remote management. Port 5722 is only used on a Windows Server 2008 domain controller or a Windows Server 2008 R2 domain controller; it is not used on a Windows Server 2012 domain controller. To begin, run the following command to query the RPC Port Mapper on the remote machine, this will return the ports in the ephemeral range that the machine is actively listening on for RPC services: (PARTIAL OUTPUT BELOW) Querying target system called: 169.254.0.10 Attempting to resolve IP address to a name… IP address resolved to DC1.contoso.… You can disable or shut down this feature by using an icon that is displayed in the Windows notification area. SSDP Discovery Service also accepts the registration of event callbacks from clients. Firewall not allowing DNS resolution. The way I normally troubleshoot this type of network connectivity is with the SysInternals PortQry.exe utility, which can be downloaded from the Microsoft website. Other client computers can then share one connection to the Internet, such as a dial-up connection or a broadband connection. ¹ It's the range in Windows Server 2012, Windows 8, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista. For information about ports, authentication, and encryption for all data paths that are used by Microsoft Exchange Server, see Network ports for clients and mail flow in Exchange. 0. If IPv6 is installed on computers that are running Windows Server 2003 or Windows XP operating systems, port 445 communications do not trigger ICMP requests. Fax Service, a Telephony API (TAPI) compliant system service, provides fax capabilities. ¹ For more information about how to customize this port, see Distributed File Replication Service in the References section. When ICF and Internet Connection Sharing act as a gateway for the rest of the computers on your network, they provide DHCP and DNS services to the private network on the internal network interface. Bei Microsoft-Kunden, die Server unter Windows Server 2008 bereitstellen und im internen Netzwerk Firewalls verwenden, können Probleme auftreten, die sich auf die RPC-Kommunikation zwischen Servern auswirken. For an explanation of how the Directory System Agent, LDAP, and the local system authority are related, see Directory System Agent. Application servers, client computers, and domain controllers that are located in common or external forests have service dependencies so that user-initiated and computer-initiated operations such as domain join, logon authentication, remote administration, and Active Directory replication work correctly. Additionally, for successful validation on Windows Failover Clusters on 2008 and above, allow inbound and outbound traffic for ICMP4, ICMP6, and port 445/TCP for SMB. Named pipe communication is memory that is reserved for the output of one process to be used as input for another process. By default, this service is turned off. Use this section to quickly determine which services listen on a particular port. Original Version des Produkts:   Windows Server 2012 R2 For example, if you configure a VPN gateway that is behind a filtering router, you will probably use only one protocol. Wenn Y ist, werden die Prozesse, die die Standardeinstellung verwenden, Ports aus der Gruppe der Ports zugewiesen, die im Internet verfügbar sind (wie zuvor definiert). By default, the TCP binding is performed on port 48885 on the IPAM server. Test-RPC: Testing RPC Connectivity Like A Boss This script tests TCP network connectivity to not just the RPC Endpoint Mapper on port 135, but it also checks TCP network connectivity to each of the registered endpoints returned by querying the EPM. Original KB number:   832017. Windows XP and Windows Server 2003 additionally require the ICMP protocol. Sie können DCOM nicht über Firewalls verwenden, bei denen es sich um eine Adressübersetzung handelt (beispielsweise, wenn ein Client eine Verbindung mit der virtuellen Adresse 198.252.145.1 herstellt, die von der Firewall transparent an die tatsächliche Adresse des Servers von, sprich, 192.100.81.101) zugeordnet wird. Die naheliegende Voraussetzung dafür, dass WMI-Abfragen remote funktionieren, besteht darin, dass die dafür nötigen Windows-Dienste auf dem Zielrechner gestartet wurden. Clients connect to RPC Endpoint Mapper on port 135. It helps people take advantage of relevant information across business processes. 1. Although this information may also apply to Windows XP and to Microsoft Windows 2000 Professional, this article is focused on server-class operating systems. Außerdem zeigen frühere Erfahrungen, dass mindestens 100 Ports geöffnet werden sollten, da mehrere Systemdienste diese RPC-Ports für die Kommunikation miteinander verwenden. The trap destination must be a network-enabled host that is running SNMP management software. Windows Server 2012 support the initiation of remote group policy update against Windows Server 2012 computers. This system was added in Windows Server 2012. For example, when you open My Network Places on a computer that is running Microsoft Windows 95, a list of domains and computers appears. In this example, nnnnn represents a single, static RPC port that DFSR will use for replication. Simple TCP/IP Services implements support for the following protocols: SNMP Service lets the local computer service incoming SNMP requests. SSL is an open standard for establishing an encrypted communications channel to help prevent the interception of extremely important information, such as credit card numbers. Port 445 is used by DFSR only when creating a new empty replicated folder. Then the SNMP Trap Service forwards those messages to SNMP management programs that are running on your computer. Erforderlich sind dafür neben dem WMI-Service winmgmt auch DCOM. Although this service works on other Internet services, it is primarily used to enable encrypted electronic financial transactions on the World Wide Web (WWW). Although many services may rely on a particular TCP or UDP port, only one service or process at a time can listen on that port. Windows Internet Name Service (WINS) enables NetBIOS name resolution. ¹ For more information about how to customize this port, see Remote Procedure Calls and DCOM in the References section. Starting with Windows XP Service Pack 2 (SP2), the SSDP event notification service uses TCP port 2869. Managers, programmers, and users see the cluster as a single system. The Event Log service uses RPC over named pipes. für \"Remote Registry\", Druckdienste, Backup, Eventlog, Taskplaner und auch Outlook/Exchange bedient sich der Dienste des \"Portmappers\" um die aktuellen Ports für die gewünschten Dienste zu erhalten. Wenn Sie einen dedizierten Serverport angeben können, wissen Sie, welcher Datenverkehr zwischen den Hosts über die Firewall fließt, und Sie können definieren, welcher Datenverkehr in einer gezielteren Weise zulässig ist. Bei N sind die Ports, die im Schlüssel Ports aufgeführt sind, alle Ports, die nicht Internet verfügbar sind. RPC dynamic port allocation will instruct the RPC program to use a particular random port in the range configured for TCP and UDP, based on the … System service names: ProfSvc, CscService. Wenn ein Fehler in der Portkonfiguration vorliegt oder unzureichende Ports im Pool vorhanden sind, kann der Endpunktzuordnungsdienst keine RPC-Server mit dynamischen Endpunkten registrieren. System services support the different tasks that the operating system must perform. Table of Contents. Standardisierte Ports (0–1023) Auf Unix-artigen Betriebssystemen darf nur das Root-Konto Dienste betreiben, die auf Ports unter 1024 liegen. Its core components were developed by using COM, and it has a flexible architecture that you can customize for specific programs. ISA 2004 and 2006 use TCP. System services: System services are programs that load automatically as part of an application's startup process or as part of the operating system startup process. The Collaboration Data Objects (CDO) for the Windows Server 2003 COM component can use the SMTP service to submit and to queue outgoing email messages. Sie sollten eine Reihe von Ports oberhalb von Port 5000 öffnen. Many other services rely on network basic input/output system (NetBIOS) or SMBs, protocols that are provided by the Server service. In diesem Beispiel wurden die Ports 5000 bis einschließlich 6000 willkürlich ausgewählt, um zu veranschaulichen, wie der neue Registrierungsschlüssel konfiguriert werden kann. Windows domain controllers use the SMTP service for intersite e-mail-based replication. Einige Firewalls erlauben auch eine UUID-Filterung, bei der Sie von einer RPC-Endpunkt Zuordnungsanforderung für eine UUID der RPC-Schnittstelle erfahren. License Logging was introduced with Microsoft Windows NT Server 3.51. Primary Computer uses LDAP to determine the configuration and does not perform any data transfer using SMB; it instead alters the default Offline Files and Roaming User Profile behaviors. You can use the Remote Installation system service to install Windows 2000, Windows XP, and Windows Server 2003 on Pre-Boot Execution Environment (PXE) remote boot-enabled client computers. They do not provide these services on the external network interface. Die Antwort hat die Portnummer des Servers, und eine nachfolgende RPC-Bindung an diesem Port kann dann übergeben werden. UseInternetPorts REG_SZ Y oder N (Groß-/Kleinschreibung wird nicht beachtet. You can configure the ports for this service through the Internet Information Services (IIS) Manager snap-in. The TFTP service listens on UDP port 69, but it responds from a randomly allocated high port. Therefore, the ports for Kerberos and DNS are required. System service name: Remote_Storage_User_Link. By default, DTLS is enabled. This port is also used for intra-array traffic. ¹ For more information about how to customize this port, see Domain controllers and Active Directory in the References section. The DHCP Server service uses the DHCP to automatically allocate IP addresses. If your computer network environment uses Windows Server 2012 together with versions of Windows earlier than Windows Server 2008 and Windows Vista, you must enable connectivity over both the following port ranges: Contains a brief description of each service. If your computer network environment uses only Windows Server 2012, you must enable connectivity over the high port range of 49152 through 65535. This means that the client first connects to the FTP server by using the control port. Italian (it-IT) Brazilian Portuguese; Spanish (es-MX) Related Knowledge Base topics; Related Topics; List of Ports. FTP is the only network protocol that has a plug-in that is included with Windows Server. The ephemeral port range depends on the server operating system that the client operating system is connected to. IPsec Encapsulating Security Protocol (ESP) (IP protocol 50), IPsec Network Address Translator Traversal NAT-T (UDP port 4500), IPsec Internet Security Association and Key Management Protocol (ISAKMP) (UDP port 500), Secure/Multipurpose Internet Mail Extensions (S/MIME). Die restlichen Ports zwischen 49152 und 65535 sind dynamisch. This article discusses the required network ports, protocols, and services that are used by Microsoft client and server operating systems, server-based programs, and their subcomponents in the Microsoft Windows Server system.