none
Load Balancing MAPI ports RRS feed

  • Question

  • I'm in the process of setting up a 2 node DAG with a hardware load balancer.  I've gotten the balancer working with certain ports opened up but when reading this page: http://msexchangeteam.com/archive/2009/11/20/453272.aspx, they specifiy that I need to have a bunch of ports open on the load balancer. 

    • Configure your load balancing array to load balance the MAPI RPC ports:
      • TCP 135
      • UDP/TCP 1024-65535

    I don't understand what these ports are used for.  I know that none of our external users have access  to these ports so why would the internal users need them?  At this time, i have only 25, 80, and 443 open on the load balancer and don't see why I'd need any more.

    I'd appreciate anyone opinions on this, especially if you have the implemented in 2010.

    Thanks,

    Friday, March 5, 2010 4:25 PM

Answers

All replies

  • The reason for the large port range for MAPI is that the client and the CAS first connect on 135 then decide on a high port to communicate.  You can configure MAPI to connect over a specific port, read this article for the steps to configure on the CAS role and Outlook clients
    http://www.msexchange.org/articles_tutorials/exchange-server-2007/planning-architecture/uncovering-new-rpc-client-access-service-exchange-2010-part2.html
    Friday, March 5, 2010 4:56 PM
  • If you want to reduce the # of ports you can use NetSH to make the dynamic port range smaller on each CAS server. You can't specify *what* ports to use if you want more than one, but at least it can be a smaller known range.
    Brian Day, Overall Exchange & AD Geek
    MCSA 2000/2003, CCNA
    MCITP: Enterprise Messaging Administrator 2010
    Friday, March 5, 2010 4:58 PM
  • I will probably reduce the number or ports but one more question, is this just for the internal network?  I don't have to open 135 and the huge range for the external people do I?

    Thanks again for your help,
    Friday, March 5, 2010 7:02 PM
  • No this is for internal MAPI connections.  I believe you are asking about Outlook Anywhere (RPC over HTTPS) connections from the outside and that is all done via Port 443.
    Friday, March 5, 2010 7:56 PM
  • Thanks for your help, last question.  Is there anything wrong with restricting it down to 1 port like in the article above?  I'd restrict it for both mailbox connections and public folder connections.  We have 500 exchange users and are going to be adding 200 users in the coming weeks because of acquisitions.  We'll all be on the same 2 node exchange 2010 cluster.
    Friday, March 5, 2010 8:14 PM
  • 1 port for 700 people should be fine. I haven't seen any guidance on when 1 port isn't sufficient yet though.
    Brian Day, Overall Exchange & AD Geek
    MCSA 2000/2003, CCNA
    MCITP: Enterprise Messaging Administrator 2010
    Friday, March 5, 2010 8:32 PM
  •  

    Hi,

     

    I agree with the friends above. The official KB for your reference:

     

    Exchange Server static port mappings

    http://support.microsoft.com/kb/270836

     

    Note: the article is for Exchange 2003/2007.

     

    Thanks,

     

    Elvis

    Monday, March 8, 2010 7:26 AM
    Moderator
  • Elvis, http://support.microsoft.com/kb/270836 states the setting is

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeSA\Parameters

    This article also states 2000,3,7 only

    While this article claims support for 2010 specifically

    http://www.msexchange.org/articles_tutorials/exchange-server-2007/planning-architecture/uncovering-new-rpc-client-access-service-exchange-2010-part2.html

    but it suggests the key is

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeRPC\ParametersSystem

    Can you provide an “official” answer for 2010?

     


    Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
    Wednesday, April 21, 2010 6:01 PM
    Moderator
  • Hi Mike,

     

    Thank you for your attention. That article is for Exchange 2003/2007. I've updated a note there.

     

    In Exchange 2010. the following registry key should be set on each Client Access Server to the value of the port that you wish to use for TCP connections.

     

    Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeRPC\ParametersSystem
    Value: TCP/IP Port
    Type: DWORD

     

    Note that this will only affect connections for “internal” connections via TCP and will not affect Outlook Anywhere connections that take advantage of RPC/HTTP tunneling. Outlook Anywhere connections to the RPC Client Access Service will occur on port 6001 and this is not configurable. 

     

    Thanks,

     

    Elvis

    Thursday, April 22, 2010 7:01 AM
    Moderator
  • Thanks for your reply.  You said you updated a note "there".  Where?

    Will kb 270836 be updated?  I fear many people are going to assume it still applies (as this thread did) and configure Exchange improperly.

    Also, your Outlook Anywhere comment interests me.  Are you saying 6001 is made out the "back" of a client access server to the mailbox server?  Otherwise, it was my understanding the OA traffic was internalized by the LBS feature and sent to the mailbox server directly.

     


     

    Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
    Check out the new virtualization exams!

    Thursday, April 22, 2010 12:53 PM
    Moderator
  • Thanks for your help, last question.  Is there anything wrong with restricting it down to 1 port like in the article above?  I'd restrict it for both mailbox connections and public folder connections.  We have 500 exchange users and are going to be adding 200 users in the coming weeks because of acquisitions.  We'll all be on the same 2 node exchange 2010 cluster.


    That's not how it works.  Ports do not have anything to do with performance.  Besides, Exchange only uses 1 port for this connection anyway.  Setting a static port just means it won't change.

    see here:

    http://support.microsoft.com/kb/833799/


    Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
    Check out the new virtualization exams!

    Tuesday, April 27, 2010 4:45 PM
    Moderator
  • Looks like Henrik Walther has now posted it here:

    http://social.technet.microsoft.com/wiki/contents/articles/configuring-static-rpc-ports-on-an-exchange-2010-client-access-server.aspx

     

    and its burried here too:

    http://technet.microsoft.com/en-us/library/ff625248.aspx


     

    Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
    Check out the new virtualization exams!

    Friday, May 14, 2010 12:01 AM
    Moderator
  • I've gotten the balancer working with certain ports opened up but when reading this page: http://msexchangeteam.com/archive/2009/11/20/453272.aspx, they specify that I need to have a bunch of ports open on the load balancer. 

    • Configure your load balancing array to load balance the MAPI RPC ports:
      • TCP 135
      • UDP/TCP 1024-65535


    UDP is wrong, but they seem to have updated that information. Still the port ranges here are 6005-59530, according to Henrik Walther. As to answers in this thread, MCNS10 and Mike Crowley are correct; Brian Day is not. I've been using Henrik Walther's guides to configure two KEMP LoadMaster devices. The current firmware does not support port ranges (a future version is supposed to do so), so you need to map the dynamic ports used by the RPC Client Access Service and Exchange Address Book Service to two static TCP ports. (The ports for public folders is of no interest in this scenario.) All this works very well.

    Henrik Walther's latest article on Wiki gives the best and most detailed explanation of these port mappings.


    MCTS: Messaging | MCSE: S+M | Small Business Specialist
    Friday, May 14, 2010 1:47 AM
  • Hi Mike,

     

    Thank you for your attention. That article is for Exchange 2003/2007. I've updated a note there.

     

    In Exchange 2010. the following registry key should be set on each Client Access Server to the value of the port that you wish to use for TCP connections.

     

    Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeRPC\ParametersSystem
    Value: TCP/IP Port
    Type: DWORD

     

    Note that this will only affect connections for “internal” connections via TCP and will not affect Outlook Anywhere connections that take advantage of RPC/HTTP tunneling. Outlook Anywhere connections to the RPC Client Access Service will occur on port 6001 and this is not configurable. 

     

    Thanks,

     

    Elvis


    Looks like this has changed once again in 2010 SP1.  See Henrik's post here: http://blogs.msexchange.org/walther/2010/06/09/exchange-2010-sp1-change-to-how-static-ports-are-assigned-on-a-cas-server/ 

    Mike Crowley
    Check out My Blog!

    Wednesday, June 9, 2010 3:42 PM
    Moderator
  • I used his guide to set up two KEMP 2200 LoadMasters using static ports.  Everything is working well except I am having an issue with MAPI sessions being dropped on my BES 5.0.1 server.  RIM has acknowledged they have an issue and are in the process of addressing it.  RIM say, as a work around for now,  add the KeepAliveInterval key to the registry of the CAS servers and set it lower than the default timeout on the Load Balancer.  I spoke with KEMP and they said they dont have a default timeout.  I read F5 has a 5 minute timeout.  I made the setting 4 minutes and now there are less errors but they are still there.  I think the session times out and BES still tries to sent MAPI commands.  Maybe BES will check the connection before sending commands as a workaround.  I am testing different values between the CAS servers and the load balancers and haven't found the magic configuration yet.  I assume this could potentially be an issue with other apps used behind a load balancer.  I am going to try and lower the KeepAliveInterval to 1 minute.

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
    "KeepAliveInterval"=dword:0000ea60

    Note: 60000 is 1 minute

    Friday, July 2, 2010 6:46 PM
  • KEMP is working on their own guide for Exchange 2010 and a firmware update to 5.1. Perhaps this will solve the remaining matters for you.

     


    MCTS: Messaging | MCSE: S+M | Small Business Specialist
    Friday, July 2, 2010 9:00 PM
  • Hi, have you found a workarround for your issue with the Kemp loadmaster?

    I experience the same problem but with the outlook client: I've got to wait a couple of minute or restart the outlook client when I stop a server and switch to the CAS failover server.

    Friday, November 26, 2010 4:09 PM