sircles.net Computer Support The sircles.net IT support & solutions blog | All posts by admin

Twitter Feed Popout byInfofru

The sircles.net IT support & solutions blog SEO, Copy Writing, Networking and Internet Safety & Security

AsiaRegistration.net and other Domain Name Registration and Scams

AsiaRegistration.net and other Domain Name Registration and Scams   For anyone 

AsiaRegistration.net and other Domain Name Registration and Scams

Look-out!!! Someone in China is going to take over our sector online!

At least I think that is the response this email is expecting.

 

So my company name is allegedly being registered in China and all of the trademarks etc. are in danger dot dot dot.

I have an email here from jim.wang@asiaregistration.net who assures me I need to act fast!

Well first of all, let us look at the email in question:

Dear CEO, Well the CEO is not likely to receive this email but this is a great way of panicking his PA or whoever may receive messages sent to 'info@'

(If you are not the person who is in charge of this, please forward this to your CEO, because this is urgent. If this email affects you, we are very sorry, please ignore this email. Thanks) This is more of the same - panic panic panic - must act now. It is a bit like finding a hotel room online (always phone around as you will pay half the price)

We are a Network Service Company which is the domain name registration center in China. OK
We received an application from Huadu Ltd on July 18, 2017. They want to register " insolvencyit " as their Internet Keyword and " insolvencyit .cn "、" insolvencyit .com.cn " 、" insolvencyit .net.cn "、" insolvencyit .org.cn " 、" insolvencyit .asia " domain names, they are in China and Asia domain names. But after checking it, we find " insolvencyit " conflicts with your company. In order to deal with this matter better, so we send you email and confirm whether this company is your distributor or business partner in China or not? No registration of any domain will affect a company in any other country - there are so many national domain suffixes and other suffixes that registering them all would be a serious drain on your company profits for no reason.

 

Best Regards,

Jim | Service Manager

Asia Registration (Head Office)I have removed the phone numbers etc. for the purposes of this email.

 

Web: www(dot)asiaregistration(dot)net This is important as they are trying to stop their email pointing to www.asiaregistration.net in order to disassociate themselves for some reason - this would indicate wrongdoing of some kind and suggests this email is spam and should be ignored.

Do not ever register domains you do not need - they are a waste of time and should not be bought defensively - unless you are an online retailer and want to prevent a specific competitor buying a certain keyword domain. Stick to your single website and invest in that and the quality of your work will be concentrated in one place to get you a good ranking. Everything else is hearsay and happenstance.

 

 

How to be 100% sure you are not opening a dangerous attachment

  If you are in the market for some new employees then you may be receiving quite a few emails

How to be 100% sure you are not opening a dangerous attachment

 

If you are in the market for some new employees then you may be receiving quite a few emails daily on the subject, but here is one to avoid:

In this case the user is viewing email using Microsoft Outlook. If we have a closer look by clicking the attachment ONCE we can see that the document suggests us opening the document fully and enabling editing:

Anything that asks you to enable content or enable editing is likely containing trouble. Microsoft Office Word and other Office documents can contain code that can harm your computer and that should be avoided. The above is not a function of Microsoft Word it is simply the page they have created to try and persuade you to enable their code, but let us go over a few quick checks that we can use to decide if we like this or not anyway:

1. Before even thinking about the attachment, look at the sender address: Karen Baltzley <Dempsey@crediblesons.com> These addresses do not make any sense, as the spammer has not thought to align the email address with the display name of the sender - this is spam.

2. Look at the signing of the email - because these spammers send email by volume they do not want to enter any text by which your IT team can filter their messages out, and so they only want to use generic words. As a result they have not signed the email Karen Baltzley, they have just left it blank - this is spam.

3. Reply to the message instead of opening the attachment if you are in any doubt - this is a great way of being 100% sure. Spammers do not send email from proper addresses, this would open them to the risk of being traced or tracked down. So if they are a spammer, the email will just bounce back an error message. If you have any doubt at all reply to the email.

4. Lastly, the risk inherent in Microsoft Office documents, what with macros and other code, means that very few legitimate businesses send them unsolicited. Any invoice or quote in a Microsoft Office document format is questionable and you should reply to them asking for a PDF copy that cannot be so easily tampered with.

If you have satisfied yourself with all of the above then you can open an attachment feeling pretty safe, and believe me, it is worth the trouble. You do not want to find yourself buying Bitcoins in the middle of the night trying to decrypt yesterdays work before the boss gets back from their holiday.

Juniper SSG5 to DrayTek Vigor 2860 IPSec VPN

Juniper SSG5 to DrayTek Vigor 2860 IPSec VPN The DrayTek Vigor router range are very straightforward

Juniper SSG5 to DrayTek Vigor 2860 IPSec VPN

The DrayTek Vigor router range are very straightforward routers with which to configure a VPN and only get really complicated to work on when dealing with multiple firewall rules that may conflict or override each other. The Junipers are highly configurable in a a very ordered manner, but this does mean that there are extra considerations and stages to configuration when programming a VPN.

The Juniper needs to be told to allow traffic through a VPN and also needs a tunnel and an endpoint configured and so let us deal with that first.

We are assuming that you already have access to the Juniper via the web browser and can reach the configuration screens.

Go to the Network menu and select Interfaces and List.

Now with the drop down top right, choose Tunnel IF and then click New.

Set the Zone to be Untrust (trust-vr)

Check the bubble for Unumbered as this is a route-based VPN

Choose the interface to be the internet facing interface with the IP address that you will be pointing the DrayTek Vigor VPN at.

Now click the Tunnel link at the right of the links at the top of your configuration panel.

Once again the destination will be left as 0.0.0.0 as this is a route-based VPN and the Gateway we define in a minute will determine the endpoint for the VPN.

Now we have the tunnel configured we move on to configure the VPN:

Click Autokey IKE and then New:

Rather than configure a gateway in advance we will simply create one in this page. Click the bubble to Create a Simple Gateway and enter a name for the remote gateway. Leave IKE as ver.1 and choose Static IP and enter the Vigor WAN IP or hostname.

Now enter the pre-shared key which is a code that you will enter into the Vigor or share with the admin of the remote Vigor by some secure means. The Outgoing Interface will be the Juniper physical interface on which the WAN IP address resides to which you will be pointing the Vigor VPN.

Now click Advanced:

Here we are choosing the Phase 2 encryption proposal which is simply the encryption types - AES 256-bit in this case with DH Group 14 PFS (Perfect Forward Secrecy) and 3600 seconds time-out, but feel free to simply select a standard choice and simply make a note of the one you are choosing. Is it AES or 3DES or DES? What is the time-out, is it in seconds, minutes or hours? What is the PFS DH group? All of these should be noted as the Vigor must be configured to accept them.

Now enter the local and remote IP / Netmask where the local is the LAN address and teh subnet and the remote is the LAN which resides behind the Vigor which we are going to have remote access to once the VPN is established. In this case both subnets are set at /24 meaning 255.255.255.0 Class-C subnets but you must obviously enter your own details for each network.

Set service to Any which will allow all traffic to pass between the sites via our VPN.

Tick VPN Monitor, Optimised and Rekey  and leave the destination as default whilst choosing the external interface to which you will point the Vigor as the Source Interface.

Now click Return and OK. Now move on to configure the policies. The Gateway settings below are just for reference.

Here are the configurations for the Gateway but these two pages have been configured already when we configured the VPN but they are included as reference if you need to troubleshoot your Gateway settings:

 

Now click Advanced:

Now we must configure the policies to allow traffic between the sites. Go to Policy then Policies and at the top select from Trusted to Untrusted and click New.

Give the policy a name and enter the local subnet in the source and the remote subnet in the destination address boxes.

Choose the service type as Any and click OK. There is no need to configure advanced options in this instance.

Now at the top of the policy screen, select from Untrusted to Trusted and New and configure the settings as above but with the Vigor remote LAN subnet as the source and the local Juniper subnet as the destination with the service set as Any.

This completes the Juniper set-up and we can now configure the DrayTek Vigor 2860.

 Log into the admin web page of the DrayTek and go to the VPN and Remote Access section on the right-hand side. Click on LAN to LAN and then click an empty profile so that you can begin to populate the necessary information:

Name the VPN, indicating where it is connecting your local subnet to.

Tick to enable the profile.

Choose which WAN port/interface the VPN will be established through.

We are allowing NetBIOS naming packets as this will be for a Windows computer network and we may wish to enable inter-site computer browser functioning etc.

Multicast via VPN we will leave disabled.

Set the direction to be Both so that either site can initiate the connection.

Set the VPN type to be IPSec and enter the WAN IP or hostname of the Juniper we are connecting to.

Populate the bubble for Pre-Shared Key and click the IKE Pre-Shared Key button. Here you must enter the same key you entered into the Juniper and click OK.

Below that, choose the bubble for High(ESP) and set the dropdown box to be AES with Authentication. Then click the Advanced button:

Here we are selecting Main mode as we did on the Juniper and out phase 1 proposal as AES256_SHA1_G14

Our phase two proposal is set as AES256_SHA1

Timeouts are once again 28800 seconds and 3600 seconds for phase one and two respectively and the Perfect Forward Secret (PFS) is enabled. Now click OK.

Moving down the VPN LAN to LAN page we come to the Dial-In setings:

Tick IPSec Tunnel as the VPN type and untick the others.

Tick the box to Specify Remote VPN Gateway and enter the Juniper WAN IP once more.

Tick the box for the Pre-Share Key and enter it as before by pressing the appropriate button.

Tick the AES button for the IPSec Security Method.

Leave section 4 blank here as we are not using GRE in this example.

Finally section 5 we enter the Vigor WAN IP in My WAN IP. The Juniper WAN IP in Remote Gateway IP.

The Juniper LAN subnet in Remote Network IP such as 192.168.10.0 and the subnet mask below, in this case 255.255.255.0 rather than /24.

The local network IP is the LAN subnet being the Vigor such as 192.168.11.0 and the subnet for the Vigor below.

The RIP direction is set to both and the traversal method is set to Route.

Now click OK.

Go to VPN and Remote Access and Connection Management and see if the VPN is up:

DrayTek Vigor 2830 Dynamic IP to Vigor 3900

3. July 2017 16:11 by sirclesadmin in Internet, Internet Security, VPN
DrayTek Vigor 2830 Dynamic IP to 3900 Static IPSec VPN There are two main points to bear in mind whe

DrayTek Vigor 2830 Dynamic IP to 3900 Static IPSec VPN

There are two main points to bear in mind when configuring the dynamic IP address connections to a static Vigor. The first is that you need to configure the IPsec shared key in two places on the static host DrayTek Vigor VPN router. Firstly under IPSec General Set-up (which is the same place as you configure the IPSec key for L2TP) and then under the VPN Profiles (or LAN to LAN if it is an older model.)

Lets configure the 3900 static IP host router first:

Go to IPSec General Setup

Enter the IPSec shared key you are going to use for your VPN, or if you are already using that shared key for other connections, look up what you are using and make a not of it as we will need to enter that shared key again shortly.

Now go to VPN Profiles and we will configure the IPSec specifics for the host static end of the VPN. To continue, click Add to open a new profile window and choose an IPSec VPN. Leave the 'For remote dial-in user' selection at disabled.

So in the above we use the wan port that the external IP being targeted by the other VPN router.

The local IP/Subnet mask is the IP range used by the internal network of the 3900 with the static external IP. In this case we are using a class C subnet of 192.168.x.0

The local next hop is left as the default to use the wan1 default gateway (in the above we are using wan1 but as stated you must use the external IP that the 2830 is pointed towards)

The remote host remains at 0.0.0.0 as the remote Vigor 2830 is on a static IP

The remote network mask is the internal IP LAN subnet of the 2830 with a dynamic WAN address - in this case we are using another 192.168.x.0 address

For the IKE phase 1 we will stick with Main Mode

The authentication type we will leave as PSK - Pre-Shared Key

The pre-shared key we entered earlier we enter again here...

The security protocol we are choosing is encrypted and so we select ESP

Now we move onto the Advanced tab:

We are sticking with the default time-outs for DrayTek Routers.

We are selecting Perfect Forward Secrecy to be enabled (PFS)

Dead peer detection can be enabled to allow for VPNs to be picked up again quickly after a brief connectivity issue.

Route/NAT mode should be: Route

Apply NAT policy should be: Disable

NetBIOS naming packets in this case I am selecting: Enable as this will allow ICMP traffic for Windows client/server communications to behave as if on the same network. 

Multicast via VPN we will leave: Disabled

RIP via VPN we will leave: Disabled to simplify getting the VPN up and running - you may wish to enable this at each end afterwards for router discovery.

Now we proceed to the Proposal Tab as we are not enabling GRE in this example:

#

Now we configure the encryption methods:

We are using AES G5 (Group 5) and AES with authentication as above and leaving the other options as accept all to bring the VPN up reliably and quickly.

To enable compatibility with the 2830 we are sticking to Group 5 but if you are using a 2860 you can use Group 14 (G14) instead as long as you match both ends.

Once all of this has been entered we can click Apply and await the router to confirm that it has accepted our VPN details...

 

Now we configure the 2830

In this example we are going to stick with using the LAN to LAN or VPN profiles tab as not all models have the VPN client and server wizard options, but either method will work as long as you get all of the encryption, LAN and endpoint data correct:

Below we have already gone to VPN>LAN to LAN and clicked on a profile number to start entering the data:

Give your profile a name and tick the box to enable it.

On this router we are using WAN 2 as it is behind another router (and yes it will still work with or without passthru as this is a dial out only configuration from the dynamic end. There is no point trying to dial back to a router you do not know the WAN IP address of.)

We are selecting the VPN type as Dial-Out only. If you wish the VPN to allow for full time connection so that you can access the remote computers then be sure to tick 'Always On' and Enable Ping to Keep Alive and use the IP address of the remote router LAN port on the other internal network (in this case the LAN port IP of the Vigor 3900.) This will basically make the VPN permanent allowing you to easily administer the computers at the dynamic WAN IP site where the 2830 is located.

Once again we are enabling the NetBIOS packets tick box.

Multicast via VPN is disabled again.

We enter the Vigor 3900 WAN IP/Host name in the server IP/Host Name box.

Click the IKE Pre-Shared and enter the same Pre-Shared key as before and click OK

Leave the dial in boxes empty as nothing can dial into a dynamic WAN router.

Do not specify the other end of the VPN as it is a dynamic IP address.

Leave the IKE authentication box as it is as there is no dial in IKE

My WAN IP should remain 0.0.0.0

The remote VPN gateway is the WAN IP of the 3900 static IP router

The remote Network IP is the subnet of the remote 3900 static IP router, in this case 192.168.x.0 and the remote network mask is a class C of 255.255.255.0 in this case which is the LAN subnet of the 3900

The Local Network IP is the LAN subnet of the router you are configuring and the subnet is once again a class C of 255.255.255.0

We are leaving RIP as disabled and Route as the method of traversal between subnets.

Now we can click OK and go to the VPN connection management page to see how our VPN is getting on:

On the 2830 the HQ VPN has come up and will stay up as we have configured 'always on' and 'ping to remote IP' meaning that when the IP changes at the 2830 WAN it will pickup and stay up allowing us to configure the remote router and PCs securely if we wish.

Now on the 3900 status we see:

Where the VPN is showing happily at the other end also proving that the VPN is encrypting data and sending and receiving successfully.

 

 

 

DrayTek Vigor 2860 to 3900 IPSec VPN

18. May 2017 10:47 by sirclesadmin in Internet, Internet Security, VPN
DrayTek Vigor 2860 to 3900 IPSec VPN Connecting a VDSL/FTTC satellite office to a Dedicated Ethernet

DrayTek Vigor 2860 to 3900 IPSec VPN

Connecting a VDSL/FTTC satellite office to a Dedicated Ethernet Fibre Hub Office with DrayTek IPSec. Both offices have a static IP in this example.

Firstly we shall configure the hub Vigor 3900 endpoint. Login as normal to see the home screen:

 

 

Now go to VPN and Remote Access and choose VPN Server Wizard and select IPSec as your VPN type:

 

 

Click to select creating a new VPN profile, choose a name - I have called this one HubOffice -  and click next:

 

 

Now we are going to enter the VPN specific information to allow our satellite office to connect:

  • Tick the Enable box to enable the VPN
  • Choose the WAN port you are using for the internet connection that will carry the VPN and for which we will be using the external IP address of
  • Enter the local subnet - this is not provided automatically so enter your local subnet that the satellite office is being provided access to - this may well be the subnet you are using
  • Leave the next hop as 0.0.0.0
  • The remote host is the external WAN IP of the satellite office Vigor 2860
  • The remote host IP/subnet mask is the internal LAN subnet of the Vigor 2860 LAN
  • If there are any other subnets hung of the back of the Satellite office - if it is a hub in itself - then you can add the extra subnets here but this can often be a hinderence in getting the VPN to come up so we shall leave it blank for now.
  • Auth type is PSK for passphrase/shred secret that we will enter momentarily
  • Pre-shared key - enter a long string that you have made a note of, as it is to be entered in the 3900 router later
  • Security protocol - leave at ESP
  • We are leaving the DPD delay and timeout boxes as default

Click finish to complete the setup...

You will be asked if you wish to proceed to the VPN status page and that is what we shall do:

 

 

Now we shall proceed to configure the 2860 which has a pretty much identical interface:

 

 

We won't use the VPN Client Wizard so that you can see all of the steps, we will configure the VP manually, click VPN and Remote Access > LAN to LAN:

 

 

then select a number corresponding to the profile you wish to configure:

 

 

 

  • Fist tick the Enable box to enable the profile
  • Give the profile a name
  • Choose the WAN1 interface for the VDSL interface if that is what you are using for the VPN external WAN IP address
  • Click the pass NetBIOS box to allow ICMP traffic between the offices
  • Leave Multicast blocked
  • To the right of that leave the call direction as Both
  • Below to the left select IPSec as the VPN type
  • Below that, enter the IP address or A record host name of the hub office Vigor 3900 WAN
  • To the right, click on the IKE Pre-Shred Key button and enter the key as you entered it into the Vigor 3900:

  • Now below that enter the IPsec method as High(ESP) AES with Authentication, then click the advanced button
  • Click the option to enable PFS - perfect forward secrecy

 

 

  • Leave the other timeouts as they are and click OK
  • Tick the box Specify Remote VPN Gateway and enter the 3900 WAN IP address
  • Leave the GRE settings as blank and proceed to the bottom section 5.

 

 

  • Enter the 2860 WAN IP in the first box
  • Enter the 3900 WAN IP in the second box
  • Enter the 3900 LAN IP network address in the third box
  • Enter the 3900 LAN subnet in the fourth box
  • Enter the 2860 LAN network address in the fifth box
  • Enter the 2860 LAN subnet in the final box
  • Leave the RIP settings as they are.

Now you should be able to go to the connection status on either router and see that the connection is live and be able to ping the other office from each respectively...

 

Event ID: 16393 Publishing Failed for RDSH Collection - RemoteApp name: Collection name: Failure: Could not create a published application instance on the server

We were receiving the following error: Log Name: Microsoft-Rdms-UI/AdminSource: Microsoft-Windows-Rd

On our Windows 2012 R2 Remote Desktop Collection, We were receiving the following error:

Log Name: Microsoft-Rdms-UI/Admin
Source: Microsoft-Windows-Rdms-UI
Date: 
Event ID: 16393
Task Category: Publishing
Level: Error
Keywords:
User: domain\user
Computer: server.domain.suffix

Description: Publishing Failed for RDSH Collection - RemoteApp name: Sage 50 Report Designer Collection name: QuickSessionCollection Failure: Could not create a published application instance on the server server.domain.suffix.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Rdms-UI" Guid="{GUID}" />
<EventID>16393</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>30</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000000</Keywords>
<TimeCreated SystemTime="2017-04-19T07:26:59.337215000Z" />
<EventRecordID>7</EventRecordID>
<Correlation ActivityID="{ActivityID}" />
<Execution ProcessID="4996" ThreadID="5604" />
<Channel>Microsoft-Rdms-UI/Admin</Channel>
<Computer>Copland.sircles.net</Computer>
<Security UserID="UserID" />
</System>
<EventData>
<Data Name="arg1">RemoteApp name: Application Name Collection name: Collection Name Failure: Could not create a published application instance on the server server.domain.suffix.</Data>
</EventData>
</Event>

 

Our issue was expired certificates in the RD server set-up which were interfering with the system even though in IIS they were all up-to-date and the server was working fine.

So under server manager we went into the RD settings and then highlighted the deployment and under tasks chose 'edit deployment properties' and went to the certificates page:

Here we chose the new certificate, one-by-one, to replace the expired certificates:

And then applied each certificate replacement before attempting the next.

Once all the certificates were showing as status OK, we re-published the RemoteApp settings:

And the publish now suceeds:

 

Google’s top 10 hidden features - with Google Chrome

10. April 2017 13:06 by sirclesadmin in Internet, Popular Sites, Online Multimedia
Google&amp;rsquo;s top 10 hidden tricks If you&amp;rsquo;re only using Google to search the web, you&amp;rsquo;r

Google’s top 10 hidden features

If you’re only using Google to search the web then you are missing out on quite a bit. Have a look at these tips to get the most from the world’s most popular search engine.

We all know that Google is the world’s most advanced search engine, but did you know there are a host of hidden features that make it even more effective to use?

 

1: The easy way to convert currency

Do you want to find out how much money is in a different currency? Don’t go searching for a dedicated currency converter; you can do it through the Google search box. Just type out your amount – 100 euros, say – followed by ‘in’ and the currency you’d like to change it to, and hey presto, it’ll convert it for you. You can also do the same with number conversions like miles to kilometres and ounces to litres etc., and even translate short phrases from one language into another.

 

2: Make calculations

Pretty much every computer and mobile device has a calculator built in, but thanks to Google you don’t need to go searching for it. Just type the sum into the Google search bar, and it will perform the calculation for you.

 

3: See news results

If you are researching something, and want the most up-to-date info available, click the News tab at the top of the results page. This will show recent news articles featuring your search term.

 

4: Find out what an image is of...

You may know you can search for images online, so if you always wanted to see what someone looks like, now’s your chance. But did you know you can find out what an image is of as well?

Stumble across an interesting picture online, and you can find out more about it by going to images.google.com and clicking the camera icon in the search bar. This brings up two options: either paste the url of the image you’ve found (i.e. what’s in the address bar when the image is the only thing on the screen), or upload an image from your computer to find out what it is.

 

5: Search a site from Google

Some websites’ own search functions are terrible, but don’t worry, you can also search them direct from the Google home page. Type your search term followed by “site:” and then the address of the website you want to search, so ‘flood warning site:bbc.co.uk’ for example. Then only results from the website you include will show up.

 

6: Search by file type

Similarly, you can search by the type of file you’re looking for, which is perfect if you’re searching for a specific PowerPoint presentation or PDF. Just type the name of the file, followed by ‘filetype:’ and then the document’s extension, so ‘pptx’ for PowerPoint, ‘docx’ for Word document or xlsx for Excel.

 

7: Google Doodles

Google regularly changes its logo on its home page to tie in with an occasion. Often to commemerate a famous person, a notable anniversary or a national holiday. Whatever it is, Google always manages to work its logo into the image.

This one pictured celebrates the birth of French architect Eugène Viollet-le-Duc, but they’re always varied, sometimes taking the form of animated films or even playable games. You can find a full archive here and even buy merchandise featuring your favourite doodle.

 

8: Get results in your locality...

If you choose to let Google know your whereabouts, you can find results in your area without having to specify where you are. Click Search Tools under the search bar and your location is listed on the right, if you are going somewhere new and need to find something, simply enter it on the right.

Search for ‘pizza restaurant’, for example, and it’ll show a list of nearby pizzerias, without you having to enter your postcode. Which is handy if you’re hungry.

 

9: Search using your voice

What if you don't fancy typing out a search query? No problem – you can just say it. You’ll need to launch Google’s Chrome browser on your computer, then go to google.co.uk and click the microphone icon in the search bar. Say what you want to find, and it’ll speak back to you with the results.

 

10:  Check flight times

If you’re planning a trip, just go to Google, type ‘flights to’ or ‘flights from’ and the name of your city or airport or three letter airport code. You will see a list of flights complete with flight times, prices, and everything else you could need to know. It’s the only way to fly.

 

DrayTek Vigor 2830 to DrayTek Vigor 3300/3300V IPSec VPN

6. April 2017 15:05 by sirclesadmin in
DrayTek Vigor 2830 to 3300/V/+ router IPSec VPN This example is for an environment with a static IP

DrayTek Vigor 2830/2860 to 3300/V/+ router IPSec VPN

This example is for an environment with a static IP at each office.

Firstly let us set-up the 3300 head office router:

After logging in, go to the VPN menu, then to IPSec and then to 'Policy Table'

 

In this example we are going to use AES encryption with authentication for the maximum security available.

Firstly we enable the profile.

 

We name the profile something that explains the VPN and then we choose preshared key, which in this example is our preferred security key. Our security protocol will be ESP and we choose NAT Traversal to be enabled. In this example I am not enabling NetBIOS but if you are adding a VPN to extend a Windows domain then you should choose Pass here.

As we are connecting to another DrayTek device we are not going to change the default time-outs but if you do, they must be mirrored at the other end to enable the VPN. We will change the security settings though as we wish to ensure AES256-sha1 encryption and authentication.

We are ticking the PFS Perfect Forward Secrecy box also:

 

Now we can click Apply and configure the DrayTek Vigor 2830/2860...

Under the VPN menu, go to Lan to LAN to set-up your connection to the DrayTek 3300

Click the number corresponding to the first available unused profile...

Now we are going to enter the details required to connect to the 3300 router:

 

We are once again giving it a name relevant to the connection. In this case we are connecting through WAN2 but you can choose WAN1 if you are using ADSL/VDSL

NetBIOS should be enabled/disabled depending on whether you are allowing file access to Windows machines across the VPN. In most cases with Windows machines you would pass NetBIOS packets.

The call direction is set to Both to allow either end to start the VPN.

Under Dial-Out settings we set the VPN type to IPSec once again.

We enter the domain name/ip address of the external interface of the other 3300 router in the box below.

We now tick the Pre-Share Key box to the right and click the Pre-Shared Key button to enter the same key as we entered into the 3300 Pre-Shared Key box.

Below that we select the High(ESP) option and choose AES with Authentication as we did on the 3300

Now click the Advanced Box:

 

We are mirroring the settings from the 3300 here so we choose the AES256-SHA1_G5 for phase one and AES-256 for the phase two proposal.

Once again we select the Perfect Forward Secret option and the timeouts are already consistent.

Click OK when done.

Now under IPSec security method, tick only the AES box and then enter the IP address details at the bottom of the page:

 

We enter the external IP of the 2860/2830 first in the My WAN IP box.

Enter the remote 3300 router external interface address in Remote Gateway IP addres box.

Then enter the remote DrayTek 3300 internal network subnet details in the two boxes below that.

Finally enter the DrayTek 2860/2830 local network subnet details in the two boxes below that.

Click OK when done.

Now under VPN and Remote Access on the 2860/2830 you should see the connection as live:

 

 

 

 

 

Now that machine learning is a major factor in planning SEO strategies, should we be thinking about something new?

6. April 2017 09:04 by sirclesadmin in
Machine learning is a form of AI that means code behaviour (and often the code itself) is constantly

Machine learning is a form of AI that means code behaviour (and often the code itself) is constantly morphing in order to be more effective in the eyes of the developers and, ultimately the eyes of the code itself. This is a different SEO prospect to those we have been considering up until now simply because the endpoint is no longer static, the code is deciding upon its own endpoint and then performing a re-evaluation based on the recent morphing of its own code.

 

The endpoint then, is something that is changing constantly, or is it? Well we can assume that if the code begins to morph in a way that makes the results unusable then the developers will intervene and change parameters concerning how the code is affected. The one safe assumption is that the code will become more and more effective in the eyes of the search engine management. So what is their endgame? Well that's easy, their endgame is to make us as satisfied as possible with the SERP as a web user rather than as an SEO professional and that means that we should increasingly treat the search engines as we would any other member of the worldwide web community. In other words, we seem to be approaching the death of SEO.

 

 

Well I can't help but feel a little relieved at this, that we can just go back to marketing with sex, shock and occasionally quality content. The search engines will presumably reflect as generic human being as possible in order to keep us all happy. Is Google is now capable of being a Radio 3 listener when scraping the Radio 3 website and a Daily Mail reader when scraping the tabloids? Will we be able to tell the difference anyhow? The fact remains that you are targeting your audience, and that this is where you should continue to concentrate your marketing effort, internet or otherwise. 

 

Forums & trusted reviews continue to be a major influence on SERP rankings and this is an obvious target as it is where a human would go to remain informed. Twitter & Facebook are becoming increasingly superfluous as less and less humans are caring about the content there. Of course they are, almost every post is by a social networking engineer which is pretty much an internet politician and we all know how much attention people pay to them.

Perhaps the best thing to do is remain true to yourself and original and not give a toss about what anyone says in their blogs, but then part of you knew that already...

 

The Following is a list of the Microsoft Windows service details. Data is sourced from Microsoft.com

5. April 2017 07:36 by sirclesadmin in
The Following is a list of the Microsoft Windows service details. Data is sourced from Microsoft.com

Service Specs

 

 

 

 

The Following is a list of the Microsoft Windows service details. Data is sourced from Microsoft.com

Active Directory (Local Security Authority)

Active Directory runs under the LSASS process and includes the authentication and replication engines for Windows 2000 and Windows Server 2003 domain controllers. Domain controllers, client computers and application servers require network connectivity to Active Directory over specific hard-coded ports in addition to a range of ephmeral TCP ports between 1024 and 65536 unless a tunneling protocol is used to encapsulate such traffic, An encapsulated solution might consist of a VPN gateway located behind a filtering router using Layer 2 Tunneling Protocol (L2TP) together with IPsec. In this encapsulated scenario, you must allow IPsec Encapsulating Security Protocol (ESP) (IP protocol 50), IPsec Network Address Translator Traversal NAT-T (UDP port 4500), and IPsec Internet Security Association and Key Management Protocol (ISAKMP) (UDP port 500) through the router as opposed to opening all the ports and protocols listed below. Finally, the port used for Active Directory replication may be hard-coded as described in 224196: Restricting Active Directory replication traffic to a specific port.

Note Packet filters for L2TP traffic are not required, because L2TP is protected by IPsec ESP.

System service name: LSASS

Application protocol

Protocol

Ports

Global Catalog Server

TCP

3269

Global Catalog Server

TCP

3268

LDAP Server

TCP

389

LDAP Server

UDP

389

LDAP SSL

TCP

636

LDAP SSL

UDP

636

IPsec ISAKMP

UDP

500

NAT-T

UDP

4500

RPC

TCP

135

RPC randomly allocated high TCP ports

TCP

1024 - 65536

Application Layer Gateway Service

This subcomponent of the Internet Connection Sharing (ICS)/Internet Connection Firewall (ICF) service provides support for plug-ins that allow network protocols to pass through the firewall and work behind Internet Connection Sharing. Application Layer Gateway (ALG) plug-ins can open ports and change data (such as ports and IP addresses) that are embedded in packets. File Transfer Protocol (FTP) is the only network protocol with a plug-in that is included with Windows Server 2003, Standard Edition, and Windows Server 2003, Enterprise Edition. The ALG FTP plug–in is designed to support active FTP sessions through the network address translation (NAT) engine that these components use. The ALG FTP plug–in supports these sessions by redirecting all traffic that passes through the NAT and that is destined for port 21 to a private listening port in the range of 3000 to 5000 on the loopback adapter. The ALG FTP plug–in then monitors and updates FTP control channel traffic so that the FTP plug-in can forward port mappings through the NAT for the FTP data channels. The FTP plug–in also updates ports in the FTP control channel stream.

System service name: ALG

Application protocol

Protocol

Ports

FTP control

TCP

21

ASP.NET State Service

ASP.NET State Service provides support for ASP.NET out-of-process session states. ASP.NET State Service stores session data out-of-process. The service uses sockets to communicate with ASP.NET that is running on a Web server.

System service name: aspnet_state

Application protocol

Protocol

Ports

ASP.NET Session State

TCP

42424

Certificate Services

Certificate Services is part of the core operating system. By using Certificate Services, a business can act as its own certification authority (CA). In this way, the business can issue and manage digital certificates for programs and protocols such as Secure/Multipurpose Internet Mail Extensions (S/MIME), Secure Sockets Layer (SSL), Encrypting File System (EFS), IPsec, and smart card logon. Certificate Services relies on RPC and on DCOM to communicate with clients by using random TCP ports that are higher than port 1024.

System service name: CertSvc

Application protocol

Protocol

Ports

RPC

TCP

135

Randomly allocated high TCP ports

TCP

random port number between 1024 - 65534

Cluster Service

The Cluster service controls server cluster operations and manages the cluster database. A cluster is a collection of independent computers that act as a single computer. Managers, programmers, and users see the cluster as a single system. The software distributes data among the nodes of the cluster. If a node fails, other nodes provide the services and data that was formerly provided by the missing node. When a node is added or repaired, the cluster software migrates some data to that node.

System service name: ClusSvc

Application protocol

Protocol

Ports

Cluster Services

UDP

3343

RPC

TCP

135

Cluster Administrator

UDP

137

Randomly allocated high TCP ports

TCP

random port number between 1024 - 65534

Computer Browser

The Computer Browser system service maintains an up-to-date list of computers on your network and supplies the list to programs that request it. The Computer Browser service is used by Windows-based computers to view network domains and resources. Computers that are designated as browsers maintain browse lists that contain all shared resources that are used on the network. Earlier versions of Windows programs, such as My Network Places, the net view command, and Windows Explorer, all require browsing capability. For example, when you open My Network Places on a computer that is running Microsoft Windows 95, a list of domains and computers appears. To display this list, the computer obtains a copy of the browse list from a computer that is designated as a browser.

System service name: Browser

Application protocol

Protocol

Ports

NetBIOS Datagram Service

UDP

138

NetBIOS Name Resolution

UDP

137

NetBIOS Session Service

TCP

139

DHCP Server

The DHCP Server service uses the Dynamic Host Configuration Protocol (DHCP) to automatically allocate IP addresses. By using this service, you can adjust the advanced network settings of DHCP clients. For example, you can configure network settings such as Domain Name System (DNS) servers and Windows Internet Name Service (WINS) servers. You can establish one or more DHCP servers to maintain TCP/IP configuration information and to provide that information to client computers.

System service name: DHCPServer

Application protocol

Protocol

Ports

DHCP Server

UDP

67

MADCAP

UDP

2535

Distributed File System

The Distributed File System (DFS) integrates disparate file shares that are located across a local area network (LAN) or wide area network (WAN) into a single logical namespace. The DFS service is required for Active Directory domain controllers to advertise the SYSVOL shared folder.

System service name: Dfs

Application protocol

Protocol

Ports

NetBIOS Datagram Service

UDP

138

NetBIOS Session Service

TCP

139

LDAP Server

TCP

389

LDAP Server

UDP

389

SMB

TCP

445

RPC

TCP

135

Randomly allocated high TCP ports

TCP

random port number between 1024 - 65534

Distributed Link Tracking Server

The Distributed Link Tracking Server system service stores information so that files that are moved between volumes can be tracked to each volume in the domain. The Distributed Link Tracking Server service runs on each domain controller in a domain. This service enables the Distributed Link Tracking Client service to track linked documents that have been moved to a location in another NTFS file system volume in the same domain.

System service name: TrkSvr

Application protocol

Protocol

Ports

RPC

TCP

135

Randomly allocated high TCP ports

TCP

random port number between 1024 - 65534

Distributed Transaction Coordinator

The Distributed Transaction Coordinator (DTC) system service is responsible for coordinating transactions that are distributed across multiple computer systems and resource managers, such as databases, message queues, file systems, or other transaction-protected resource managers. The DTC system service is required if transactional components are configured through COM+. It is also required for transactional queues in Message Queuing (also known as MSMQ) and SQL Server operations that span multiple systems.

System service name: MSDTC

Application protocol

Protocol

Ports

RPC

TCP

135

Randomly allocated high TCP ports

TCP

random port number between 1024 - 65534

DNS Server

The DNS Server service enables DNS name resolution by answering queries and update requests for DNS names. DNS servers are required to locate devices and services that are identified by using DNS names and to locate domain controllers in Active Directory.

System service name: DNS

Application protocol

Protocol

Ports

DNS

UDP

53

DNS

TCP

53

Event Log

The Event Log system service logs event messages that are generated by programs and by the Windows operating system. Event Log reports contain information that can be useful in diagnosing problems. Reports are viewed in Event Viewer. The Event Log service writes events that are sent by programs, by services, and by the operating system to log files. The events contain diagnostic information in addition to errors that are specific to the source program, the service, or the component. The logs can be viewed programmatically through the event log APIs or through the Event Viewer in an MMC snap-in.

System service name: Eventlog

Application protocol

Protocol

Ports

RPC

TCP

135

Randomly allocated high TCP ports

TCP

random port number between 1024 - 65534

Microsoft Exchange Server and Outlook clients

Versions of Microsoft Exchange Server and Exchange clients have various port and protocol requirements. These requirements depend upon which version of Exchange Server or Exchange client is in use.

For Outlook clients to connect to versions of Exchange prior to Exchange 2003, direct RPC connectivity to the Exchange server is required. RPC connections made from Outlook to the Exchange server will first contact the RPC endpoint mapper (Port TCP 135) to request information on the port mappings of the various endpoints required. The Outlook client then tries to make connections to the Exchange server directly by using these endpoint ports.

Exchange 5.5 uses two ports for client communication. One port is for the Information Store, and one port is for the Directory. Exchange 2000 and 2003 use three ports for client communication. One port is for the Information Store, one is for Directory Referral (RFR), and one port is for DSProxy/NSPI.

In most cases, these two or three ports will be mapped randomly into the range TCP 1024-65534. If required, these ports can be configured to always bind to a static port mapping rather than to use the ephemeral ports.

For more information about how to configure static TCP/IP ports in Exchange Server, click the following article number to view the article in the Microsoft Knowledge Base:

270836 (http://support.microsoft.com/kb/270836/) Exchange Server static port mappings

Outlook 2003 clients support direct connectivity to Exchange servers by using RPC. However, these clients can also communicate with Exchange 2003 servers that are hosted on Windows Server 2003-based computers on the Internet. The use of RPC over HTTP communication between Outlook and Exchange server eliminates the need to expose unauthenticated RPC traffic across the Internet. Instead, traffic between the Outlook 2003 client and the Exchange Server 2003 computer is tunneled within HTTPS packets over TCP port 443 (HTTPS).

RPC over HTTP requires that port TCP 443 (HTTPS) be available between the Outlook 2003 client and the server that is functioning as the "RPCProxy" device. The HTTPS packets are terminated at the RPCProxy server and the unwrapped RPC packets are then passed to the Exchange server on three ports, in similar fashion to the direct RPC traffic described above. These RPC over HTTP ports on the Exchange server are statically mapped to TCP 6001 (the Information Store), TCP 6002 (Directory Referral), and TCP 6004 (DSProxy/NSPI). No endpoint mapper must be exposed when using RPC over HTTP communication between Outlook 2003 and Exchange 2003, since Outlook 2003 knows to use these statically mapped endpoint ports. In addition, no global catalog needs to be exposed to the Outlook 2003 client because the DSProxy/NSPI interface on the Exchange 2003 server will provide this functionality.

There may be additional items to consider for your specific environment. For further information and for help planning an Exchange implementation, visit the following Microsoft Web site:

http://www.microsoft.com/exchange/library (http://www.microsoft.com/exchange/library)

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

270836 (http://support.microsoft.com/kb/270836/) Exchange 2000 and Exchange 2003 static port mappings

278339 (http://support.microsoft.com/kb/278339/) TCP/UDP ports used by Exchange 2000 Server

280132 (http://support.microsoft.com/kb/280132/) Exchange 2000 Windows 2000 connectivity through firewalls

282446 (http://support.microsoft.com/kb/282446/) DSProxy configuration for static ports on Exchange cluster

827330 (http://support.microsoft.com/kb/827330/) How to troubleshoot client RPC over HTTP connection issues in Office Outlook 2003

833401 (http://support.microsoft.com/kb/833401/) How to configure RPC over HTTP on a single server in Exchange Server 2003

Exchange Server can also provide support for other protocols, such as SMTP, Post Office Protocol 3 (POP3), and IMAP.

Application protocol

Protocol

Ports

IMAP

TCP

143

IMAP over SSL

TCP

993

POP3

TCP

110

POP3 over SSL

TCP

995

Randomly allocated high TCP ports

TCP

random port number between 1024 - 65534

RPC

TCP

135

RPC over HTTP

TCP

443

SMTP

TCP

25

SMTP

UDP

25

Information Store

TCP

6001

Directory Referral

TCP

6002

DSProxy/NSPI

TCP

6004

Fax Service

Fax Service, a Telephony API (TAPI)–compliant system service, provides fax capabilities. By using Fax Service, users can send and receive faxes from their desktop programs by using either a local fax device or a shared network fax device.

System service name: Fax

Application protocol

Protocol

Ports

NetBIOS Session Service

TCP

139

RPC

TCP

135

Randomly allocated high TCP ports

TCP

random port number between 1024 - 65534

SMB

TCP

445

File Replication

The File Replication service (FRS) is a file-based replication engine that automatically copies updates to files and folders between computers that are participating in a common FRS replica set. FRS is the default replication engine that is used to replicate the contents of the SYSVOL folder between Windows 2000-based and Windows Server 2003-based domain controllers that are located in a common domain. FRS may be configured to replicate files and folders between targets of a DFS root or link by using the DFS Administration tool.

System service name: NtFrs

Application protocol

Protocol

Ports

RPC

TCP

135

Randomly allocated high TCP ports

TCP

random port number between 1024 - 65534

File Server for Macintosh

By using the File Server for Macintosh system service, Macintosh computer users can store and access files on a computer that is running Windows Server 2003. If this service is turned off or blocked, Macintosh clients cannot access or store files on that computer.

System service name: MacFile

Application protocol

Protocol

Ports

File Server for Macintosh

TCP

548

FTP Publishing Service

FTP Publishing Service provides FTP connectivity. By default, the FTP control port is 21. However, you can configure this system service through the Internet Information Services (IIS) Manager snap-in. The default data (that is used for active mode FTP) port is automatically set to one port less than the control port. Therefore, if you configure the control port to port 4131, the default data port is port 4130. Most FTP clients use passive mode FTP. This means that the client initially connects to the FTP server by using the control port, the FTP server assigns a high TCP port between ports 1025 and 5000, and then the client opens a second connection to the FTP server for transferring data. You can configure the range of high ports by using the IIS metabase.

System service name: MSFTPSVC

Application protocol

Protocol

Ports

FTP control

TCP

21

FTP default data

TCP

20

Randomly allocated high TCP ports

TCP

random port number between 1024 - 65534

Group Policy

To successfully apply Group Policy, a client must be able to contact a domain controller over the DCOM, ICMP, LDAP, SMB, and RPC protocols. If any one of these protocols are unavailable or blocked between the client and a relevant domain controller, policy will not apply or refresh. For a cross-domain logon, where a computer is in one domain, and the user account is in another, these protocols may be required for the client, the resource domain, and the account domain to communicate. ICMP is used for slow link detection. For more information about slow link detection, click the following article number to view the article in the Microsoft Knowledge Base:

227260 (http://support.microsoft.com/kb/227260/) How a slow link is detected for processing user profiles and Group Policy

System service name: Group Policy

Application protocol

Protocol

Ports

DCOM

TCP + UDP

random port number between 1024 - 65534

ICMP (ping)

UCP

20

LDAP

TCP

389

SMB

TCP

445

RPC

TCP

135, random port number between 1024 - 65534

HTTP SSL

The HTTP SSL system service enables IIS to perform SSL functions. SSL is an open standard for establishing an encrypted communications channel to help prevent the interception of critical information, such as credit card numbers. Although this service is designed to work on other Internet services, it is primarily used to enable encrypted electronic financial transactions on the World Wide Web (WWW). You can configure the ports for this service through the Internet Information Services (IIS) Manager snap-in.

System service name: HTTPFilter

Application protocol

Protocol

Ports

HTTPS

TCP

443

Internet Authentication Service

Internet Authentication Service (IAS) performs centralized authentication, authorization, auditing, and accounting of users who are connecting to a network. These users can be on a LAN connection or on a remote connection. IAS implements the Internet Engineering Task Force (IETF) standard Remote Authentication Dial-In User Service (RADIUS) protocol.

System service name: IAS

Application protocol

Protocol

Ports

Legacy RADIUS

UDP

1645

Legacy RADIUS

UDP

1646

RADIUS Accounting

UDP

1813

RADIUS Authentication

UDP

1812

Internet Connection Firewall (ICF)/Internet Connection Sharing (ICS)

This system service provides NAT, addressing, and name resolution services for all computers on your home network or your small-office network. When the Internet Connection Sharing feature is enabled, your computer becomes an "Internet gateway" on the network, and other client computers can then share one connection to the Internet, such as a dial-up connection or a broadband connection. This service provides basic DHCP and DNS services but will work with the full-featured Windows DHCP or DNS services. When ICF and Internet Connection Sharing act as a gateway for the rest of the computers on your network, they provide DHCP and DNS services to the private network on the internal network interface. They do not provide these services on the external-facing interface.

System service name: SharedAccess

Application protocol

Protocol

Ports

DHCP Server

UDP

67

DNS

UDP

53

DNS

TCP

53

Kerberos Key Distribution Center

When you use the Kerberos Key Distribution Center (KDC) system service, users can log on to the network by using the Kerberos version 5 authentication protocol. As in other implementations of the Kerberos protocol, the KDC is a single process that provides two services: the Authentication Service and the Ticket-Granting Service. The Authentication Service issues ticket granting tickets, and the Ticket-Granting Service issues tickets for connection to computers in its own domain.

System service name: kdc

Application protocol

Protocol

Ports

Kerberos

TCP

88

Kerberos

UDP

88

License Logging

The License Logging system service is a tool that was originally designed to help customers manage licenses for Microsoft server products that are licensed in the Server Client Access License (CAL) model. License Logging was introduced with Microsoft Windows NT Server 3.51. By default, the License Logging service is disabled in Windows Server 2003. Because of legacy design constraints and evolving license terms and conditions, License Logging may not provide an accurate view of the total number of CALs that are purchased compared to the total number of CALs that are used on a particular server or across the enterprise. The CALs that are reported by License Logging may conflict with the interpretation of the End-User License Agreement (EULA) and with Product Use Rights (PUR). License Logging will not be included in future versions of the Windows operating system. Microsoft recommends that only users of the Microsoft Small Business Server family of operating systems enable this service on their servers.

System service name: LicenseService

Application protocol

Protocol

Ports

NetBIOS Datagram Service

UDP

138

NetBIOS Session Service

TCP

139

SMB

TCP

445

Message Queuing

The Message Queuing system service is a messaging infrastructure and development tool for creating distributed messaging programs for Windows. These programs can communicate across heterogeneous networks and can send messages between computers that may be temporarily unable to connect to each other. Message Queuing helps provide security, efficient routing, support for sending messages within transactions, priority-based messaging, and guaranteed message delivery.

System service name: MSMQ

Application protocol

Protocol

Ports

MSMQ

TCP

1801

MSMQ

UDP

1801

MSMQ-DCs

TCP

2101

MSMQ-Mgmt

TCP

2107

MSMQ-Ping

UDP

3527

MSMQ-RPC

TCP

2105

MSMQ-RPC

TCP

2103

RPC

TCP

135

Messenger

The Messenger system service sends messages to or receives messages from users and computers, administrators, and the Alerter service. This service is not related to Windows Messenger. If you disable the Messenger service, notifications that are sent to computers or users who are currently logged on the network are not received. Additionally, the net send command and the net name command no longer function.

System service name: Messenger

Application protocol

Protocol

Ports

NetBIOS Datagram Service

UDP

138

Microsoft Exchange MTA Stacks

In Microsoft Exchange 2000 Server and Microsoft Exchange Server 2003, the Message Transfer Agent (MTA) is frequently used to provide backward-compatible message transfer services between Exchange 2000 Server-based servers and Exchange Server 5.5-based servers in a mixed-mode environment.

System service name: MSExchangeMTA

Application protocol

Protocol

Ports

X.400

TCP

102

Microsoft Operations Manager 2000

Microsoft Operations Manager (MOM) 2000 delivers enterprise-class operations management by providing comprehensive event management, proactive monitoring and alerting, reporting, and trend analysis. After you install MOM 2000 Service Pack 1 (SP1), MOM 2000 no longer uses a clear text communications channel, and all traffic between the MOM agent and the MOM server is encrypted over TCP port 1270. The MOM Administrator console uses DCOM to connect to the server. This means that administrators who manage the MOM server over the network must have access to random high TCP ports.

System service name: one point

Application protocol

Protocol

Ports

MOM-Clear

TCP

51515

MOM-Encrypted

TCP

1270

Microsoft POP3 Service

Microsoft POP3 Service provides e-mail transfer and retrieval services. Administrators can use this service to store and manage e-mail accounts on the mail server. When you install Microsoft POP3 Service on the mail server, users can connect to the mail server and can retrieve e-mail by using an e-mail client that supports the POP3 protocol, such as Microsoft Outlook.

System service name: POP3SVC

Application protocol

Protocol

Ports

POP3

TCP

110

MSSQLSERVER

MSSQLSERVER is a system service in Microsoft SQL Server 2000. SQL Server provides a powerful and comprehensive data management platform. You can configure the ports that each instance of SQL Server uses by using the Server Network Utility.

System service name: MSSQLSERVER

Application protocol

Protocol

Ports

SQL over TCP

TCP

1433

SQL Probe

UDP

1434

MSSQL$UDDI

The MSSQL$UDDI system service is installed during the installation of the Universal Description, Discovery, and Integration (UDDI) feature of the Windows Server 2003 family of operating systems. MSSQL$UDDI provides UDDI capabilities in an enterprise. The SQL Server database engine is the core component of MSSQL$UDDI.

System service name: MSSQLSERVER

Application protocol

Protocol

Ports

SQL over TCP

TCP

1433

SQL Probe

UDP

1434

Net Logon

The Net Logon system service maintains a security channel between your computer and the domain controller to authenticate users and services. It passes the user's credentials to a domain controller and returns the domain security identifiers and user rights for the user. This is typically referred to as pass-through authentication. Net Logon is configured to start automatically only when a member computer or domain controller is joined to a domain. In the Windows 2000 Server and Windows Server 2003 families, Net Logon publishes service resource locator records in the DNS. When this service runs, it relies on the Server service and on the Local Security Authority service to listen for incoming requests. On domain member computers, Net Logon uses RPC over named pipes. On domain controllers, it uses RPC over named pipes, RPC over TCP/IP, mailslots, and Lightweight Directory Access Protocol (LDAP).

System service name: Netlogon

Application protocol

Protocol

Ports

NetBIOS Datagram Service

UDP

138

NetBIOS Name Resolution

UDP

137

NetBIOS Session Service

TCP

139

SMB

TCP

445

NetMeeting Remote Desktop Sharing

The NetMeeting Remote Desktop Sharing system service allows authorized users to remotely access your Windows desktop from another personal computer over a corporate intranet by using Windows NetMeeting. You must explicitly enable this service in NetMeeting. You can disable or shut down this feature by using an icon in the Windows notification area.

System service name: mnmsrvc

Application protocol

Protocol

Ports

Terminal Services

TCP

3389

Network News Transfer Protocol (NNTP)

The Network News Transfer Protocol (NNTP) system service allows computers that are running Windows Server 2003 to act as news servers. Clients can use a news client, such as Microsoft Outlook Express, to retrieve newsgroups from the server and to read the headers or the bodies of the articles in each newsgroup.

System service name: NNTPSVC

Application protocol

Protocol

Ports

NNTP

TCP

119

NNTP over SSL

TCP

563

Performance Logs and Alerts

The Performance Logs and Alerts system service collects, based on preconfigured schedule parameters, performance data from local or remote computers and then writes that data to a log or triggers a message. Based on the information that is contained in the named log collection setting, the Performance Logs and Alerts service starts and stops each named performance data collection. This service only runs if at least one performance data collection is scheduled.

System service name: SysmonLog

Application protocol

Protocol

Ports

NetBIOS Session Service

TCP

139

Print Spooler

The Print Spooler system service manages all local and network print queues and controls all print jobs. Print Spooler is the center of the Windows printing subsystem. It manages the print queues on the system and communicates with printer drivers and input/output (I/O) components, such as the USB port and the TCP/IP protocol suite.

System service name: Spooler

Application protocol

Protocol

Ports

NetBIOS Session Service

TCP

139

SMB

TCP

445

Remote Installation

You can use the Remote Installation system service to install Windows 2000, Windows XP, and Windows Server 2003 on Pre-Boot eXecution Environment (PXE) remote boot-enabled client computers. The Boot Information Negotiation Layer (BINL) service, the primary component of Remote Installation Server (RIS), answers PXE client requests, checks Active Directory for client validation, and passes client information to and from the server. The BINL service is installed when you either add the RIS component from Add/Remove Windows Components, or select it when you initially install the operating system.

System service name: BINLSVC

Application protocol

Protocol

Ports

BINL

UDP

4011

Remote Procedure Call (RPC)

The Remote Procedure Call (RPC) system service is an interprocess communication (IPC) mechanism that enables data exchange and invocation of functionality that reside in a different process. The different process can be on the same computer, on the LAN, or in a remote location, and can be accessed over a WAN connection or over a VPN connection. The RPC service serves as the RPC endpoint mapper and Component Object Model (COM) Service Control Manager. Many services depend on the RPC service to start successfully.

System service name: RpcSs

Application protocol

Protocol

Ports

RPC

TCP

135

RPC over HTTP

TCP

593

Remote Procedure Call (RPC) Locator

The Remote Procedure Call (RPC) Locator system service manages the RPC name service database. When this service is turned on, RPC clients can locate RPC servers. This service is turned off by default.

System service name: RpcLocator

Application protocol

Protocol

Ports

NetBIOS Session Service

TCP

139

SMB

TCP

445

Remote Storage Notification

The Remote Storage Notification system service notifies users when they read from or write to files that are only available from a secondary storage media. Stopping this service prevents this notification.

System service name: Remote_Storage_User_Link

Application protocol

Protocol

Ports

RPC

TCP

135

Randomly allocated high TCP ports

TCP

random port number between 1024 - 65534

Remote Storage Server

The Remote Storage Server system service stores infrequently used files on a secondary storage medium. If you stop this service, users cannot move or retrieve files from the secondary storage media.

System service name: Remote_Storage_Server

Application protocol

Protocol

Ports

RPC

TCP

135

Randomly allocated high TCP ports

TCP

random port number between 1024 - 65534

Routing and Remote Access

The Routing and Remote Access service provides multiprotocol LAN-to-LAN, LAN-to-WAN, VPN, and NAT routing services. Additionally, the Routing and Remote Access service also provides dial-up and VPN remote access services. Although Routing and Remote Access can use all the following protocols, the service typically uses only a subset of them. For example, if you configure a VPN gateway that lies behind a filtering router, you will probably use only one technology. If you use L2TP with IPsec, you must allow IPsec ESP (IP protocol 50), NAT-T (UDP on port 4500), and IPsec ISAKMP (UDP on port 500) through the router.

Note Although NAT-T and IPsec ISAKMP are required for L2TP, these ports are actually monitored by the Local Security Authority. For additional information about this, see the "References" section of this article.

System service name: RemoteAccess

Application protocol

Protocol

Ports

GRE (IP protocol 47)

GRE

n/a

IPsec AH (IP protocol 51)

AH

n/a

IPsec ESP (IP protocol 50)

ESP

n/a

L2TP

UDP

1701

PPTP

TCP

1723

Server

The Server system service provides RPC support and file, print, and named pipe sharing over the network. The Server service allows the sharing of local resources, such as disks and printers, so that other users on the network can access them. It also allows named pipe communication between programs that are running on the local computer and on other computers. Named pipe communication is memory that is reserved for the output of one process to be used as input for another process. The input-accepting process does not have to be local to the computer.

System service name: lanmanserver

Application protocol

Protocol

Ports

NetBIOS Datagram Service

UDP

138

NetBIOS Name Resolution

UDP

137

NetBIOS Session Service

TCP

139

SMB

TCP

445

SharePoint Portal Server

With the SharePoint Portal Server system service, you can develop an intelligent portal that seamlessly connects users, teams, and knowledge so that people can take advantage of relevant information across business processes. Microsoft SharePoint Portal Server 2003 provides an enterprise business solution that integrates information from various systems into one solution through single sign-on and enterprise application integration capabilities.

 

Application protocol

Protocol

Ports

HTTP

TCP

80

HTTPS

TCP

443

Simple Mail Transfer Protocol (SMTP)

The Simple Mail Transfer Protocol (SMTP) system service is an e-mail submission and relay agent. It accepts and queues e-mail for remote destinations, and it retries at specified intervals. Windows domain controllers use the SMTP service for intersite e-mail-based replication. The Collaboration Data Objects (CDO) for the Windows Server 2003 COM component can use the SMTP service to submit and to queue outbound e-mail.

System service name: SMTPSVC

Application protocol

Protocol

Ports

SMTP

TCP

25

SMTP

UDP

25

Simple TCP/IP Services

Simple TCP/IP Services implements support for the following protocols:

Echo, port 7, RFC 862

Discard, port 9, RFC 863

Character Generator, port 19, RFC 864

Daytime, port 13, RFC 867

Quote of the Day, port 17, RFC 865

System service name: SimpTcp

Application protocol

Protocol

Ports

Chargen

TCP

19

Chargen

UDP

19

Daytime

TCP

13

Daytime

UDP

13

Discard

TCP

9

Discard

UDP

9

Echo

TCP

7

Echo

UDP

7

Quotd

TCP

17

Quoted

UDP

17

SMS Remote Control Agent

SMS Remote Control Agent is a system service in Microsoft Systems Management Server (SMS) 2003. SMS Remote Control Agent provides a comprehensive solution for change and for configuration management for the Microsoft operating systems. With this solution, organizations can provide relevant software and updates to users.

System service name: Wuser32

Application protocol

Protocol

Ports

SMS Remote Chat

TCP

2703

SMS Remote Chat

UDP

2703

SMS Remote Control (control)

TCP

2701

SMS Remote Control (control)

UDP

2701

SMS Remote Control (data)

TCP

2702

SMS Remote Control (data)

UDP

2702

SMS Remote File Transfer

TCP

2704

SMS Remote File Transfer

UDP

2704

SNMP Service

SNMP Service allows incoming Simple Network Management Protocol (SNMP) requests to be serviced by the local computer. SNMP Service includes agents that monitor activity in network devices and report to the network console workstation. SNMP Service provides a method of managing network hosts (such as workstation or server computers, routers, bridges, and hubs) from a centrally-located computer that is running network management software. SNMP performs management services by using a distributed architecture of management systems and agents.

System service name: SNMP

Application protocol

Protocol

Ports

SNMP

UDP

161

SNMP Trap Service

SNMP Trap Service receives trap messages that are generated by local or by remote SNMP agents and then forwards those messages to SNMP management programs that are running on your computer. SNMP Trap Service, when configured for an agent, generates trap messages if any specific events occur. These messages are sent to a trap destination. For example, an agent can be configured to initiate an authentication trap if an unrecognized management system sends a request for information. Trap destinations include the computer name, the IP address, or the Internetwork Packet Exchange (IPX) address of the management system. The trap destination must be a network-enabled host that is running SNMP management software.

System service name: SNMPTRAP

Application protocol

Protocol

Ports

SNMP Traps Outbound

UDP

162

SQL Analysis Server

The SQL Analysis Server system service is a component of SQL Server 2000. With SQL Analysis Server, you can create and manage OLAP cubes and data mining models. The analysis server may access local or remote data sources for creating and storing cubes or data mining models.

 

Application protocol

Protocol

Ports

SQL Analysis Services

TCP

2725

SQL Server: Downlevel OLAP Client Support

This system service is used by SQL Server 2000 when the SQL Analysis Server service has to support connections from downlevel (OLAP Services 7.0) clients. These are the default ports for OLAP services that are used by SQL 7.0.

 

Application protocol

Protocol

Ports

OLAP Services 7.0

TCP

2393

OLAP Services 7.0

TCP

2394

SSDP Discovery Service

SSDP Discovery Service implements Simple Service Discovery Protocol (SSDP) as a Windows service. SSDP Discovery Service manages receipt of device presence announcements, updates its cache, and passes these notifications along to clients with outstanding search requests. SSDP Discovery Service also accepts registration of event callbacks from clients, turns these into subscription requests, and monitors for event notifications. It then passes these requests along to the registered callbacks. This system service also provides hosted devices with periodic announcements. Currently, the SSDP event notification service uses TCP port 5000. Starting with the next Windows XP service pack, it will rely on TCP port 2869.

Note At the time of this writing, the current Windows XP service pack level is Windows XP Service Pack 1 (SP1).

System service name: SSDPRSR

Application protocol

Protocol

Ports

SSDP

UDP

1900

SSDP event notification

TCP

2869

SSDP legacy event notification

TCP

5000

Systems Management Server 2.0

Microsoft Systems Management Server (SMS) 2003 provides a comprehensive solution for change and configuration management for Microsoft operating systems. With this solution, organizations can provide relevant software and updates to users quickly and cost-effectively.

Application protocol

Protocol

Ports

NetBIOS Datagram Service

UDP

138

NetBIOS Name Resolution

UDP

137

NetBIOS Session Service

TCP

139

RPC

TCP

135

Randomly allocated high TCP ports

TCP

random port number between 1024 - 65534

TCP/IP Print Server

The TCP/IP Print Server system service enables TCP/IP–based printing by using the Line Printer Daemon (LPD) protocol. The LPD service on the server receives documents from Line Printer Remote (LPR) utilities that are running on UNIX computers.

System service name: LPDSVC

Application protocol

Protocol

Ports

LPD

TCP

515

Telnet

The Telnet system service for Windows provides ASCII terminal sessions to Telnet clients. A Telnet server supports two types of authentication and supports the following four types of terminals:

American National Standards Institute (ANSI)
VT-100
VT-52
VTNT

System service name: TlntSvr

Application protocol

Protocol

Ports

Telnet

TCP

23

Terminal Services

Terminal Services provides a multi-session environment that allows client devices to access a virtual Windows desktop session and Windows-based programs that are running on the server. Terminal Services allows multiple users to be connected interactively to a computer.

System service name: TermService

Application protocol

Protocol

Ports

Terminal Services

TCP

3389

Terminal Services Licensing

The Terminal Services Licensing system service installs a license server and provides licenses to registered clients when the clients connect to a terminal server (a server that has Terminal Server enabled). Terminal Services Licensing is a low-impact service that stores the client licenses that have been issued for a terminal server, and then tracks the licenses that have been issued to client computers or terminals.

System service name: TermServLicensing

Application protocol

Protocol

Ports

RPC

TCP

135

Randomly allocated high TCP ports

TCP

random port number between 1024 - 65534

SMB (named pipes)

TCP

139, 445

Terminal Services Session Directory

The Terminal Services Session Directory system service allows clusters of load-balanced terminal servers to correctly route a user's connection request to the server where the user already has a session running. Users are routed to the first-available terminal server, regardless of whether they are running another session in the server cluster. The load-balancing functionality pools the processing resources of several servers by using the TCP/IP networking protocol. You can use this service with a cluster of terminal servers to increase the performance of a single terminal server by distributing sessions across multiple servers. Terminal Services Session Directory keeps track of disconnected sessions on the cluster and makes sure that users are reconnected to those sessions.

System service name: Tssdis

Application protocol

Protocol

Ports

RPC

TCP

135

Randomly allocated high TCP ports

TCP

random port number between 1024 - 65534

Trivial FTP Daemon

The Trivial FTP Daemon system service does not require a user name or a password and is an integral part of the Remote Installation Services (RIS). The Trivial FTP Daemon service implements support for the Trivial FTP Protocol (TFTP) that is defined by the following RFCs:

RFC 1350 - TFTP
RFC 2347 - Option extension
RFC 2348 - Block size option
RFC 2349 - Timeout interval, and transfer size options

Trivial File Transfer Protocol (TFTP) is a file transfer protocol that is designed to support diskless boot environments. The TFTP service listens on UDP port 69 but responds from a randomly allocated high port. Therefore, enabling this port will let the TFTP service receive incoming TFTP requests, but will not let the selected server respond to those requests. The service is free to respond to any such request from any source port it wishes, and the remote client will then use that port for the duration of the transfer. Communication is bidirectional. If you need to enable this protocol through a firewall, it may be useful to open UDP port 69 inbound. You can then rely on other firewall features, which dynamically allow the service to respond through temporary holes on any other port.

System service name: tftpd

Application protocol

Protocol

Ports

TFTP

UDP

69

Universal Plug and Play Device Host

The Universal Plug and Play Host discovery system service implements all the components that are required for device registration, control, and the response to events for hosted devices. The information that is registered that pertains to a device (the description, the lifetimes, and the containers) are optionally stored to disk and are announced on the network after registration, or when the operating system restarts. The service also includes the Web server that serves the device, in addition to service descriptions and a presentation page.

System service name: UPNPHost

Application protocol

Protocol

Ports

UPNP

TCP

2869

Windows Internet Name Service (WINS)

Windows Internet Name Service (WINS) enables NetBIOS name resolution. This service helps you locate network resources by using NetBIOS names. WINS servers are required unless all domains have been upgraded to the Active Directory directory service and unless all computers on the network are running Windows 2000 or later. WINS servers communicate with network clients by using NetBIOS name resolution. WINS replication is only required between WINS servers.

System service name: WINS

Application protocol

Protocol

Ports

NetBIOS Name Resolution

UDP

137

WINS Replication

TCP

42

WINS Replication

UDP

42

Windows Media Services

Windows Media Services in Windows Server 2003 replaces the following four services that are included in Windows Media Services versions 4.0 and 4.1:

Windows Media Monitor Service
Windows Media Program Service
Windows Media Station Service
Windows Media Unicast Service

Windows Media Services is now a single service that runs on Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition. Its core components were developed by using the COM, and it has a flexible architecture that you can customize for specific programs. It supports a greater variety of control protocols, including Real Time Streaming Protocol (RTSP), Microsoft Media Server (MMS) protocol, and HTTP.

System service name: WMServer

Application protocol

Protocol

Ports

HTTP

TCP

80

MMS

TCP

1755

MMS

UDP

1755

MS Theater

UDP

2460

RTCP

UDP

5005

RTP

UDP

5004

RTSP

TCP

554

Windows Time

The Windows Time system service maintains date and time synchronization on all Windows XP and Windows Server 2003-based computers on a network. This service uses Network Time Protocol (NTP) to synchronize computer clocks so that an accurate clock value, or timestamp is assigned for network validation and for resource access requests. The implementation of NTP and the integration of time providers help make Windows Time a reliable and scalable time service for your enterprise. For computers that are not joined to a domain, you can configure Windows Time to synchronize time with an external time source. If this service is turned off, the time setting for local computers is not synchronized with a time service in the Windows domain or with an externally configured time service. Windows Server 2003 uses NTP. NTP runs on UDP port 123. The Windows 2000 version of this service uses Simple Network Time Protocol (SNTP). SNTP also runs on UDP port 123.

System service name: W32Time

Application protocol

Protocol

Ports

NTP

UDP

123

SNTP

UDP

123

World Wide Web Publishing Service

World Wide Web Publishing Service provides the infrastructure that is necessary to register, to manage, to monitor, and to serve Web sites and programs that are registered with IIS. This system service contains a process manager and a configuration manager. The process manager controls the processes where custom applications and Web sites reside. The configuration manager reads the stored system configuration for World Wide Web Publishing Service and makes sure that Http.sys is configured to route HTTP requests to the appropriate application pools or operating system processes. You can configure the ports that are used by this service through the Internet Information Services (IIS) Manager snap-in. If the administrative Web site is enabled, a virtual Web site is created that uses HTTP traffic on TCP port 8098.

System service name: W3SVC

Application protocol

Protocol

Ports

HTTP

TCP

80

HTTPS

TCP

443


 

Application protocol

Protocol

Ports

HTTP

TCP

80

HTTPS

TCP

443

Ports and protocols

The following table summarizes the information from the "System services ports" section of this article. This table is sorted by port number instead of by the service name.

Port

Protocol

Application protocol

System service name

n/a

GRE

GRE (IP protocol 47)

Routing and Remote Access

n/a

ESP

IPsec ESP (IP protocol 50)

Routing and Remote Access

n/a

AH

IPsec AH (IP protocol 51)

Routing and Remote Access

7

TCP

Echo

Simple TCP/IP Services

7

UDP

Echo

Simple TCP/IP Services

9

TCP

Discard

Simple TCP/IP Services

9

UDP

Discard

Simple TCP/IP Services

13

TCP

Daytime

Simple TCP/IP Services

13

UDP

Daytime

Simple TCP/IP Services

17

TCP

Quotd

Simple TCP/IP Services

17

UDP

Quotd

Simple TCP/IP Services

19

TCP

Chargen

Simple TCP/IP Services

19

UDP

Chargen

Simple TCP/IP Services

20

TCP

FTP default data

FTP Publishing Service

21

TCP

FTP control

FTP Publishing Service

21

TCP

FTP control

Application Layer Gateway Service

23

TCP

Telnet

Telnet

25

TCP

SMTP

Simple Mail Transfer Protocol

25

UDP

SMTP

Simple Mail Transfer Protocol

25

TCP

SMTP

Exchange Server

25

UDP

SMTP

Exchange Server

42

TCP

WINS Replication

Windows Internet Name Service

42

UDP

WINS Replication

Windows Internet Name Service

53

TCP

DNS

DNS Server

53

UDP

DNS

DNS Server

53

TCP

DNS

Internet Connection Firewall/Internet Connection Sharing

53

UDP

DNS

Internet Connection Firewall/Internet Connection Sharing

67

UDP

DHCP Server

DHCP Server

67

UDP

DHCP Server

Internet Connection Firewall/Internet Connection Sharing

69

UDP

TFTP

Trivial FTP Daemon Service

80

TCP

HTTP

Windows Media Services

80

TCP

HTTP

World Wide Web Publishing Service

80

TCP

HTTP

SharePoint Portal Server

88

TCP

Kerberos

Kerberos Key Distribution Center

88

UDP

Kerberos

Kerberos Key Distribution Center

102

TCP

X.400

Microsoft Exchange MTA Stacks

110

TCP

POP3

Microsoft POP3 Service

110

TCP

POP3

Exchange Server

119

TCP

NNTP

Network News Transfer Protocol

123

UDP

NTP

Windows Time

123

UDP

SNTP

Windows Time

135

TCP

RPC

Message Queuing

135

TCP

RPC

Remote Procedure Call

135

TCP

RPC

Exchange Server

135

TCP

RPC

Certificate Services

135

TCP

RPC

Cluster Service

135

TCP

RPC

Distributed File System

135

TCP

RPC

Distributed Link Tracking

135

TCP

RPC

Distributed Transaction Coordinator

135

TCP

RPC

Event Log

135

TCP

RPC

Fax Service

135

TCP

RPC

File Replication

135

TCP

RPC

Group Policy

135

TCP

RPC

Local Security Authority

135

TCP

RPC

Remote Storage Notification

135

TCP

RPC

Remote Storage Server

135

TCP

RPC

Systems Management Server 2.0

135

TCP

RPC

Terminal Services Licensing

135

TCP

RPC

Terminal Services Session Directory

137

UDP

NetBIOS Name Resolution

Computer Browser

137

UDP

NetBIOS Name Resolution

Server

137

UDP

NetBIOS Name Resolution

Windows Internet Name Service

137

UDP

NetBIOS Name Resolution

Net Logon

137

UDP

NetBIOS Name Resolution

Systems Management Server 2.0

138

UDP

NetBIOS Datagram Service

Computer Browser

138

UDP

NetBIOS Datagram Service

Messenger

138

UDP

NetBIOS Datagram Service

Server

138

UDP

NetBIOS Datagram Service

Net Logon

138

UDP

NetBIOS Datagram Service

Distributed File System

138

UDP

NetBIOS Datagram Service

Systems Management Server 2.0

138

UDP

NetBIOS Datagram Service

License Logging Service

139

TCP

NetBIOS Session Service

Computer Browser

139

TCP

NetBIOS Session Service

Fax Service

139

TCP

NetBIOS Session Service

Performance Logs and Alerts

139

TCP

NetBIOS Session Service

Print Spooler

139

TCP

NetBIOS Session Service

Server

139

TCP

NetBIOS Session Service

Net Logon

139

TCP

NetBIOS Session Service

Remote Procedure Call Locator

139

TCP

NetBIOS Session Service

Distributed File System

139

TCP

NetBIOS Session Service

Systems Management Server 2.0

139

TCP

NetBIOS Session Service

License Logging Service

143

TCP

IMAP

Exchange Server

161

UDP

SNMP

SNMP Service

162

UDP

SNMP Traps Outbound

SNMP Trap Service

389

TCP

LDAP Server

Local Security Authority

389

UDP

LDAP Server

Local Security Authority

389

TCP

LDAP Server

Distributed File System

389

UDP

LDAP Server

Distributed File System

443

TCP

HTTPS

HTTP SSL

443

TCP

HTTPS

World Wide Web Publishing Service

443

TCP

HTTPS

SharePoint Portal Server

443

TCP

RPC over HTTP

Exchange Server 2003

445

TCP

SMB

Fax Service

445

TCP

SMB

Print Spooler

445

TCP

SMB

Server

445

TCP

SMB

Remote Procedure Call Locator

445

TCP

SMB

Distributed File System

445

TCP

SMB

License Logging Service

445

TCP

SMB

Net Logon

464

TCP

Kerberos Password V5

Net Logon

500

UDP

IPsec ISAKMP

Local Security Authority

515

TCP

LPD

TCP/IP Print Server

548

TCP

File Server for Macintosh

File Server for Macintosh

554

TCP

RTSP

Windows Media Services

563

TCP

NNTP over SSL

Network News Transfer Protocol

593

TCP

RPC over HTTP endpoint mapper

Remote Procedure Call

593

TCP

RPC over HTTP

Exchange Server

636

TCP

LDAP SSL

Local Security Authority

636

UDP

LDAP SSL

Local Security Authority

993

TCP

IMAP over SSL

Exchange Server

995

TCP

POP3 over SSL

Exchange Server

1067

TCP

Installation Bootstrap Service

Installation Bootstrap protocol server

1068

TCP

Installation Bootstrap Service

Installation Bootstrap protocol client

1270

TCP

MOM-Encrypted

Microsoft Operations Manager 2000

1433

TCP

SQL over TCP

Microsoft SQL Server

1433

TCP

SQL over TCP

MSSQL$UDDI

1434

UDP

SQL Probe

Microsoft SQL Server

1434

UDP

SQL Probe

MSSQL$UDDI

1645

UDP

Legacy RADIUS

Internet Authentication Service

1646

UDP

Legacy RADIUS

Internet Authentication Service

1701

UDP

L2TP

Routing and Remote Access

1723

TCP

PPTP

Routing and Remote Access

1755

TCP

MMS

Windows Media Services

1755

UDP

MMS

Windows Media Services

1801

TCP

MSMQ

Message Queuing

1801

UDP

MSMQ

Message Queuing

1812

UDP

RADIUS Authentication

Internet Authentication Service

1813

UDP

RADIUS Accounting

Internet Authentication Service

1900

UDP

SSDP

SSDP Discovery Service

2101

TCP

MSMQ-DCs

Message Queuing

2103

TCP

MSMQ-RPC

Message Queuing

2105

TCP

MSMQ-RPC

Message Queuing

2107

TCP

MSMQ-Mgmt

Message Queuing

2393

TCP

OLAP Services 7.0

SQL Server: Downlevel OLAP Client Support

2394

TCP

OLAP Services 7.0

SQL Server: Downlevel OLAP Client Support

2460

UDP

MS Theater

Windows Media Services

2535

UDP

MADCAP

DHCP Server

2701

TCP

SMS Remote Control (control)

SMS Remote Control Agent

2701

UDP

SMS Remote Control (control)

SMS Remote Control Agent

2702

TCP

SMS Remote Control (data)

SMS Remote Control Agent

2702

UDP

SMS Remote Control (data)

SMS Remote Control Agent

2703

TCP

SMS Remote Chat

SMS Remote Control Agent

2703

UPD

SMS Remote Chat

SMS Remote Control Agent

2704

TCP

SMS Remote File Transfer

SMS Remote Control Agent

2704

UDP

SMS Remote File Transfer

SMS Remote Control Agent

2725

TCP

SQL Analysis Services

SQL Analysis Server

2869

TCP

UPNP

Universal Plug and Play Device Host

2869

TCP

SSDP event notification

SSDP Discovery Service

3268

TCP

Global Catalog Server

Local Security Authority

3269

TCP

Global Catalog Server

Local Security Authority

3343

UDP

Cluster Services

Cluster Service

3389

TCP

Terminal Services

NetMeeting Remote Desktop Sharing

3389

TCP

Terminal Services

Terminal Services

3527

UDP

MSMQ-Ping

Message Queuing

4011

UDP

BINL

Remote Installation

4500

UDP

NAT-T

Local Security Authority

5000

TCP

SSDP legacy event notification

SSDP Discovery Service

5004

UDP

RTP

Windows Media Services

5005

UDP

RTCP

Windows Media Services

6001

TCP

Information Store

Exchange Server 2003

6002

TCP

Directory Referral

Exchange Server 2003

6004

TCP

DSProxy/NSPI

Exchange Server 2003

42424

TCP

ASP.Net Session State

ASP.NET State Service

51515

TCP

MOM-Clear

Microsoft Operations Manager 2000

1024-65534

TCP

RPC

Randomly allocated high TCP ports

 

Active Directory port and protocol requirements

Application servers, client computers and domain controllers that are located in common or external forests have service dependencies so that user and computer initiated operations like domain join, logon authentication, remote administration, and Active Directory replication work correctly. Such services and operations require network connectivity over specific port and networking protocols.

A summarized list of services, ports and protocols required for member computers and domain controllers to inter-operate with each other or for application servers to access Active Directory include but are not limited to the following:

1.

Active Directory / LSA

2.

Certificate Services (required for specific configurations)

3.

Computer Browser

4.

DHCP Server (if so configured)

5.

Distributed File System

6.

Distributed Link Tracking Server (optional but on by default on Windows 2000 computers)

7.

Distributed Transaction Coordinator

8.

DNS Server (if so configured)

9.

Event Log

10.

Fax Service (if so configured)

11.

File Replication

12.

File Server for Macintosh (if so configured)

13.

HTTP SSL

14.

Internet Authentication Service (if so configured)

15.

Kerberos Key Distribution Center

16.

License Logging (on by default)

17.

Messenger

18.

Net Logon

19.

Performance Logs and Alerts

20.

Print Spooler

21.

Remote Installation (if so configured)

22.

Remote Procedure Call (RPC)

23.

Remote Procedure Call (RPC) Locator

24.

Remote Storage Notification

25.

Remote Storage Server

26.

Routing and Remote Access

27.

Server

28.

Simple Mail Transfer Protocol (SMTP) (if so configured)

29.

SNMP Service

30.

SNMP Trap Service

31.

TCP/IP Print Server

32.

Telnet

33.

Terminal Services

34.

Terminal Services Licensing

35.

Terminal Services Session Directory

36.

WINS

37.

Windows Time

38.

World Wide Web Publishing Service