none
Port 445 between Sharepoint and DC

    Question

  • We would like to set up a SharePoint farm (1 DC, 3 SharePoint server and 1 SQL -Server) in the DMZ. The IT-Security pointed out, that the port 445 between SharePoint server and DC is a security risk. Does SharePoint 2013 server really need this port? Is there any work around to avoid using this port?
    Sunday, December 25, 2016 11:28 AM

Answers

  • Thanks for your reply, but can I use port 389 LDAP for authentication and disabled 445 ? 

    NO, you can't disabled it , because netlogon service which ensure secure schannel between domaine controller use it.

    You can refer to the following link to get more détails :

    Network Ports Used by Key Microsoft Server Products

    • Marked as answer by KAROUACH AMINE Sunday, December 25, 2016 2:59 PM
    Sunday, December 25, 2016 2:47 PM
  • Its still the same answer really. Use wireshark and or network monitor to learn what's possible.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    • Marked as answer by KAROUACH AMINE Sunday, December 25, 2016 3:29 PM
    Sunday, December 25, 2016 2:48 PM

All replies

  • Hi

    445 port is required for authentication and group Policy.

    If you avoid openning this between SharePoint and domain controller, It is possible that you will have authentication problems.

    Sunday, December 25, 2016 2:04 PM
  • Thanks for your reply, but can I use port 389 LDAP for authentication and disabled 445 ? 
    Sunday, December 25, 2016 2:13 PM
  • Thanks for your reply, but can I use port 389 LDAP for authentication and disabled 445 ? 

    NO, you can't disabled it , because netlogon service which ensure secure schannel between domaine controller use it.

    You can refer to the following link to get more détails :

    Network Ports Used by Key Microsoft Server Products

    • Marked as answer by KAROUACH AMINE Sunday, December 25, 2016 2:59 PM
    Sunday, December 25, 2016 2:47 PM
  • Its still the same answer really. Use wireshark and or network monitor to learn what's possible.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    • Marked as answer by KAROUACH AMINE Sunday, December 25, 2016 3:29 PM
    Sunday, December 25, 2016 2:48 PM
  • Yes actually i use wireshark, and its this way port 445 and 386 is required
    Sunday, December 25, 2016 3:29 PM
  • Hi,
    Appreciate for your share, it will be greatly helpful to others who have the same question.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, December 26, 2016 6:58 AM
    Moderator