locked
Ports needed by SCCM and to be opened on our firewall RRS feed

  • Question

  • Hi Guys

    I have been looking at the following article which lists all the ports used by SCCM.

    http://technet.microsoft.com/en-us/library/bb632618.aspx

    My question is that I have opened port 80 for communications and the SCCM agents are currently getting deployed by my still existing SMS 2003 server.  I want to use remote desktop so I guess I need to open port 3389 too between all the clients and the SCCM server.  Do I need to open this port for each administrator that uses remote desktop using the SCCM console from their own computers?

    Also my WSUS server is installed on my SCCM.  I want to deploy updates using it.  The port I chose was 8530 for WSUS.  Do I need to open this port up between the server and clients or is this communication all still done over port 80?

    Any other ports you think I should open?

    Thanks for any assistance.
    Thursday, June 18, 2009 6:22 AM

Answers

  • No need to hurry ...

    Clients to SUP = 8530. Clients to DP: see in the link (either SMB or http(s)).
    The software updates scan uses the SUP. The actual patch installation uses DPs.
    Thursday, June 18, 2009 10:14 AM

All replies

  • It's all listed in the article you mentioned:
    RDP to Client: #34 (yes, from each computer where the admin console is installed and you want to initiate remote control)
    Client to SUP: #6
    Thursday, June 18, 2009 6:47 AM
  • Hi Torsten

    Thanks.  However I dont understand the Client to SUP side.  Do the clients not update using port 80 their communications port?

    The reason is that if I open up port 8530 from all clients to the SCCM server where the WSUS is installed, then do I need to do the same to my serveral distribution points?  The distribution points only have the packages that are replicated to them for software updates and no WSUS components.
    Thursday, June 18, 2009 6:56 AM
  • Hi Guys

    Any Ideas on my above question?
    Thursday, June 18, 2009 9:43 AM
  • No need to hurry ...

    Clients to SUP = 8530. Clients to DP: see in the link (either SMB or http(s)).
    The software updates scan uses the SUP. The actual patch installation uses DPs.
    Thursday, June 18, 2009 10:14 AM
  • you right, no need to hurry

    Thank you very much for the answers.  I appreciate it very much.

    Kind Regards

    Robert
    Thursday, June 18, 2009 10:17 AM