System Center Configuration Manager: What Ports are used for communication??

  • Article

I was asked in today's event in Nashville, "What ports are used by System Center Configuration Manager?", as the attendee wanted to manage clients behind a firewall.  I didnt know off the top of my head, but did find the information located in the Online Documentation.

From the link above: 

Configurable Ports

Configuration Manager 2007 allows you to configure the ports for the following types of communication:

  • Client to site system
  • Client to internet (as proxy server settings)
  • Software update point to internet (as proxy server settings)
  • Software update point to WSUS server
  • Client to reporting point

By default, the HTTP port used for client to site system communication is port 80 and the default HTTPS port is 443. Ports for client-to-site system communication over HTTP or HTTPS can be changed during Setup or in the Site Properties for your Configuration Manager site.

Reporting point site system roles have configurable port settings for HTTP and HTTPS communication defined on the reporting point site system role property page. By default, users connect to the reporting point using the HTTP port 80 and HTTPS port 443.

Non-Configurable Ports

Configuration Manager does not allow you to configure ports for the following types of communication:

  • Site to site (primary-to-primary or primary-to-secondary)
  • Site server to site system
  • Site server to site database server
  • Site system to site database server
  • Configuration Manager 2007 console to SMS Provider
  • Configuration Manager 2007 console to the Internet

About RPC connections and Configuration Manager

Configuration Manager 2007 uses RPC extensively in its communications. RPC initially connects using port 135, then negotiates a port above 1024 for subsequent communication. This port number is dynamic, and cannot be changed within Configuration Manager 2007. To limit the available “random” ports used by RPC to a pre-defined range of ports, Microsoft offers a free RPC configuration tool. You can use the RPC configuration tool to establish a limited range of ports for use by RPC, then configure your IPsec filter to include the port range. For more information about the RPC configuration tool, see https://go.microsoft.com/fwlink/?LinkId=93102 .