locked
Is there any way to narrow down dynamic port range between Exchange 2010 CAS and Exchange 2010 CAS MBX servers communication RRS feed

  • Question

  • Hello there,

    We are looking a way to narrow down a port range used for Exchange 2010 SP2 CAS and Exchange 2010 SP2 MBX commnucation. Anyone has any comment about this: Doable or not, advantage or disadvantage? Note: I am not talking about Outlook static mapping port and CAS.

    Exchange 2010 SP2, Windows 2008 R2 SP1.

    I have checked following MS links:

    The Client Access servers use many ports to communicate with Mailbox servers. With some exceptions, those ports are determined by the RPC service and aren't fixed.

    http://technet.microsoft.com/en-us/library/bb331973.aspx

    By default Windows Server 2008 and 2008 R2 are configured with a dynamic RPC range of 49152-65535 for outbound connections. Earlier versions of Windows Server by default used port 1025-65535 (for more details about this change see Microsoft KB article (http://support.microsoft.com/kb/929851 )

    Also, when the Exchange 2010 Client Access server role is installed on Windows Server 2008 or 2008 R2, the dynamic RPC port range is changed to 6005-59530 (previous version using 1025-65535) and the highest usable port number is set to 60554.

    and the following link about to change port range for Microsoft RPC:

    http://zmq503o1.wordpress.com/2005/07/20/limiting-rpc-port-mapper-service-ports/

    Thanks in advance!


    • Edited by exadmin818 Tuesday, June 5, 2012 3:34 PM
    Tuesday, June 5, 2012 2:43 PM

Answers

All replies

  • I have a comment.  I think what you're trying to do is unsupported.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Wednesday, June 6, 2012 5:08 AM
  • According to Ed's post: just in case you plan to place a CAS server into a DMZ -> Microsoft stated officially in one of my own past advisory calls that filtering between CAS and MBX is not supported.

    Regards,

    Markus


    MCSE:Messaging

    Wednesday, June 6, 2012 9:04 AM
  • Here is a related thread for you, hope can give you some help:

    Reducing the dynamic ports range between Exchange 2010 servers?
    http://social.technet.microsoft.com/Forums/en-US/exchangesvrdeploy/thread/0620f0d8-dc06-43db-a9fe-282e7274f5a9

    Thanks,

    Evan

     


    Evan Liu

    TechNet Community Support

    • Marked as answer by exadmin818 Wednesday, June 6, 2012 7:34 PM
    Wednesday, June 6, 2012 9:36 AM
    Moderator
  • Thanks Evan! That's what I am looking for. BTW, do you know if it will cause any issue if we narrow it down to 1000? The poster mentioned, narrow it down to 250 should be OK.
    • Edited by exadmin818 Wednesday, June 6, 2012 7:38 PM
    Wednesday, June 6, 2012 7:35 PM
  • HI Exaadmin818, how many users do you have?  I recommend you reserve 3 to 4 ports per users, 250 didn't work for us. 

    Friday, July 20, 2012 1:44 AM
  • The range depends, keep in mind with win 2008 the rpc port range and the ephemeral port range is the same and shared unlike 2003, you need to take this into account when sizing the range. I was able to get by using 1000 ports 500 was too small and got bit. To size the range you need to use netstat. Here are the instructions when I sized my port range usage.

    1. Use netsh or regedit to determine the start/stop/number of ports the system is using for ephemeral/dynamic rpc ports.
    2. Then…
      • Open a command window
        • netstat -an | findstr /v /c:"[" /c:"UDP" > output.txt
        • notepad output.txt
      • In notepad
        • press Ctrl+H
        • In the Find/Replace dialog, Find “:” (the colon), replace with “ “ (a single space character, no quotes)
        • Press Ctrl+A, Ctrl+C
      • Open Excel
        • select cell A1,
        • press Ctrl+V
        • click “Data” to show the data ribbon
        • click “Text to Columns” in the Data ribbon to open the Text to Columns Wizard
          • click “Delimited”, then Next
          • In the delimiters area,
            • select the “space” checkbox
            • deselect the others,
            • click Next
          • click “Finish”
          • (Note: Normally, you will NOT be prompted to replace contents of destination cells. If you are, you may have made a mistake.)
      • In Excel,
        • click inside the netstat output you just worked with
        • press Ctrl+A
      • In the Data ribbon
        • click “Filter”
      • In the Excel worksheet
        • click on the drop-down for the “Address” column (which should be the local ports (the third column).  )
        • sort the table by this column, smallest to largest.
      • Use the mouse to select ONLY the “Address” column (the one with the local ports)
      • Press Ctrl+C, then Paste the Address column to a different worksheet in the workbook.
      • Select the entire (new) Address column that you just pasted.
      • In the Data ribbon
        • click the “Remove Duplicates” button
      • In the list of ports where you have just removed the duplicates,
        • count the number of ports in the “Address” column that are inside the range the system is using.  

    That’s how many ports are in use from the range


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Friday, July 20, 2012 2:41 PM