Dcom Port Range Assignment Sheet

There are many services associated with the Windows 2000 operating system. These services might require more than one TCP or UDP port for the service to be functional. Table C.3 shows the default ports that are used by each service mentioned.

Table C.3 Default Port Assignments for Common Services

Service Name

UDP

TCP

Browsing datagram responses of NetBIOS over TCP/IP

138

Browsing requests of NetBIOS over TCP/IP

137

Client/Server Communication

135

Common Internet File System (CIFS)

445

139, 445

Content Replication Service

560

Cybercash Administration

8001

Cybercash Coin Gateway

8002

Cybercash Credit Gateway

8000

DCOM (SCM uses udp/tcp to dynamically assign ports for DCOM)

135

135

DHCP client

67

DHCP server

68

DHCP Manager

135

DNS Administration

139

DNS client to server lookup (varies)

53

53

Exchange Server 5.0

   Client Server Communication

   135

   Exchange Administrator

   135

   IMAP

   143

   IMAP (SSL)

   993

   LDAP

   389

   LDAP (SSL)

   636

   MTA - X.400 over TCP/IP

   102

   POP3

   110

   POP3 (SSL)

   995

   RPC

   135

   SMTP

   25

   NNTP

   119

   NNTP (SSL)

   563

File shares name lookup

137

File shares session

139

FTP

21

FTP-data

20

HTTP

80

HTTP-Secure Sockets Layer (SSL)

443

Internet Information Services (IIS)

80

IMAP

143

IMAP (SSL)

993

IKE (For more information, see Table C.4)

500

IPSec Authentication Header (AH) (For more information, see Table C.4)

IPSec Encapsulation Security Payload (ESP) (For more information, see Table C.4)

IRC

531

ISPMOD (SBS 2nd tier DNS registration wizard)

1234

Kerberos de-multiplexer

2053

Kerberos klogin

543

Kerberos kpasswd (v5)

464

464

Kerberos krb5

88

88

Kerberos kshell

544

L2TP

1701

LDAP

389

LDAP (SSL)

636

Login Sequence

137, 138

139

Macintosh, File Services (AFP/IP)

548

Membership DPA

568

Membership MSN

569

Microsoft Chat client to server

6667

Microsoft Chat server to server

6665

Microsoft Message Queue Server

1801

1801

Microsoft Message Queue Server

3527

135, 2101

Microsoft Message Queue Server

2103, 2105

MTA - X.400 over TCP/IP

102

NetBT datagrams

138

NetBT name lookups

137

NetBT service sessions

139

NetLogon

138

NetMeeting Audio Call Control

1731

NetMeeting H.323 call setup

1720

NetMeeting H.323 streaming RTP over UDP

Dynamic

NetMeeting Internet Locator Server ILS

389

NetMeeting RTP audio stream

Dynamic

NetMeeting T.120

1503

NetMeeting User Location Service

522

NetMeeting user location service ULS

522

Network Load Balancing

2504

NNTP

119

NNTP (SSL)

563

Outlook (see for ports)

Pass Through Verification

137, 138

139

POP3

110

POP3 (SSL)

995

PPTP control

1723

PPTP data (see Table C.4)

Printer sharing name lookup

137

Printer sharing session

139

Radius accounting (Routing and Remote Access)

1646 or 1813

Radius authentication (Routing and Remote Access)

1645 or 1812

Remote Install TFTP

69

RPC client fixed port session queries

1500

RPC client using a fixed port session replication

2500

RPC session ports

Dynamic

RPC user manager, service manager, port mapper

135

SCM used by DCOM

135

135

SMTP

25

SNMP

161

SNMP Trap

162

SQL Named Pipes encryption over other protocols name lookup

137

SQL RPC encryption over other protocols name lookup

137

SQL session

139

SQL session

1433

SQL session

1024 - 5000

SQL session mapper

135

SQL TCP client name lookup

53

53

Telnet

23

Terminal Server

3389

UNIX Printing

515

WINS Manager

135

WINS NetBios over TCP/IP name service

137

WINS Proxy

137

WINS Registration

137

WINS Replication

42

X400

102

Top Of Page

Access It! Universal Client / Server Configuration


Firewall Setup

Firewall settings only need to be set on the Server (the computer hosting the dongle). For more information on Windows Firewall, see the following Microsoft TechNet Article

  1. Exceptions need to be made for DCOM RPC port 135 and port 3030
  2. Exceptions need to be made for the AIUniSvc.exe located in the Access It! Universal installation directory
  3. Exceptions may also need to be added for client/server communications. By default, DCOM is free to randomly use any port between 1024 and 65535. This range may be manually configured to limit the selection of specified ports Manually Configuring DCOM Ports. It is important to determine the range of ports to be opened. For instance, Microsoft SQL Server uses port 1433 for incoming requests and ports 1024-5000 for outgoing calls. Considering these factors, it is recommended that you open a minimum of 100 ports and use a port range that is above 5000. For example, configure DCOM to use port range 5000-5100. When limiting the range of DCOM ports, other applications may be adversely affected
    It is recommended these values are left at their default settings. For more information on manually limiting ports, see the following http://support.microsoft.com/kb/300083
  4. Other applications such as DVR interfaces, etc. will be application specific. Please reference the specific vendor’s installation and configuration notes as needed

General Notes

  1. The client workstation must be able to ping the Server (the computer hosting the dongle) by name or IP address
  2. The file and printer sharing wizard may need to be run
    For more information on file and print sharing, see the following Microsoft Windows Article
  1. If the service is running as local system account and the SQL Server is on another machine, the .AIUniversal.udl needs to be setup for SQL authentication. The AIUniversal.udl file is configured to use the authentication account entered when the Database Configuration Utility is launched
  2. If the AIUniversal Service is set to run as a specific account, the username must be a local Administrator, have the Log on as a batch job permission (Start Menu | Run | gpedit.msc), and the username must have access to the SQL server

Configuration A

The Access It! Universal Server and Access It! Universal Client are members of the same Microsoft Windows Domain.

More information on Domain and Workgroups can be found: here

DCOM Setup

The following steps only need to be completed on the Server (the computer hosting the dongle).

  1. Select Run from the Start Menu
  2. Type DCOMCNFG and click OK
  3. Expand Component Services
  4. Expand Computers
  5. Right click My Computer and select properties
  6. Select the COM Security tab
  7. Click Edit Limits for Access Permissions
  8. Select Everyone from the Group or user names: list
  9. Verify Local Access and Remote Access are checked for Allow from the Permissions for Everyone list
  10. Click OK
  11. Click Edit Limits for Launch and Activation Permissions
  12. Select Everyone from the Group or user names list
  13. Verify Local Launch, Local Activation and Remote Activation are checked for Allow from the Permissions for Everyone list
  14. Click OK
  15. Click OK
  16. Close out of the Configuration Services window

If the Everyone group is not allowed for the above permissions, a custom group or specific user(s) may be added instead. For more information on DCOM, see the following Microsoft Article KB180384

Configuration B

The Access It! Universal Server and Access It! Universal Client are not members of the same Microsoft Windows Domain, or are members of a Workgroup environment.

More information on Domain and Workgroups can be found: here

DCOM Setup

The following steps only need to be completed on the Server (the computer hosting the dongle).

  1. Select Run from the Start Menu
  2. Type DCOMCNFG and click OK
  3. Expand ‘Component Services
  4. Expand Computers
  5. Right click My Computer and select properties
  6. Select the COM Security tab
  7. Click Edit Limits for Access Permissions
  8. Select Everyone from the Group or user names: list
  9. Verify Local Access and Remote Access are checked for Allow from the Permissions for Everyone list
  10. Click OK
  11. Click Edit Limits for Launch and Activation Permissions
  12. Select Everyone from the Group or user names: list
  13. Verify Local Launch, Local Activation and Remote Activation are checked for Allow from the Permissions for Everyone list
  14. Click OK
  15. Click OK
  16. Close out of the Configuration Services window

If the Everyone group is not allowed for the above permissions, a custom group or specific user(s) may be added instead. For more information on DCOM, see the following Microsoft Article KB180384

Windows Setup Part 1 - Disabling Simple File Sharing

The following steps only need to be completed on the Server (the computer hosting the dongle).

Windows 7

  1. Open Windows Explorer (i.e., Computer)
  2. From the File Menu, select Organize
  3. Select Folder and Search Options
  4. Select the View tab
  5. Uncheck Use Sharing Wizard (Recommended)
    This option is typically last in the list.
  6. Click OK

Windows 8 / Windows 10

  1. Open Control Panel
  2. Select Folder Options
  3. Select the View tab
  4. Uncheck Use Sharing Wizard (Recommended)
    This option is typically last in the list.
  5. Click OK

Windows Setup Part 2 - Managing Windows Usernames and Passwords

The Windows Username and Password that is being used to log into the Client computer must exist and match exactly as a Local User on the Server (the computer hosting the dongle).

  1. Right click My Computer and select Manage
  2. Double click Local Users and Groups
  3. Select Users
  4. Right click on the right pane of the window and select New User

For more information on creating and managing user accounts, see the followingMicrosoft TechNet Article

Troubleshooting Errors

  1. Error 462: The remote server machine does not exist or is unavailable
    1. Check firewall settings
    2. Make sure you can ping the Server (the computer hosting the dongle) from the Client by IP address
    3. If the Server (the computer hosting the dongle) is a computer name, make sure you can ping it from the Client by name
  2. Error 91: Object variable or with block variable not set
    1. Check firewall settings
  3. Error 70: Permission Denied
    1. Verify the DCOM settings are correct on the Server (the computer hosting the dongle)
    2. If the Server (the computer hosting the dongle) and the Client are NOT in the same domain, verify the Client computers Windows Username and Password match exactly that of the Server (the computer hosting the dongle). If the Windows Username and Password match, you should be able to log onto the local machine of the Server (the computer hosting the dongle) with the same credentials being used on the Client

Manually Configuring DCOM Ports

It is recommended these steps only be performed if DCOM port ranges must be limited.

  1. Click Start | Run and type DCOMCNFG, then click OK
  2. Expand Component Services
  3. Expand Computers
  4. Right click My Computer and select Properties
  5. Select the Default Properties tab
  6. Select Connection oriented TCP/IP
  7. Select Properties
  8. Click Add
  9. Enter a range of ports and click OK
  10. Restart the computer for changes to take effect

Illustration Of A Server And Client Both On The Same Domain

Illustration Of A Server In A Workgroup And A Client On A Domain

 

Illustration of a Server In A Workgroup And Client In A Workgroup

 


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *