How to Configure Static RPC Ports Exchange 2010

I recently had a customer decide to place a firewall between his servers and users. After installing the Firewall he noticed that hundreds of different ports were being used to for communications between his users and Exchange server. He asked me why this was and I explained to him that Exchange communication is performed using dynamic RPC ports. Now to harden his firewall he wanted to narrow this down to a single (or a handful) of ports. So this is what you have to do to configure Static RPC ports on your Exchange 2010 Server.

By default the RPC Client Access service on an Exchange 2010 Client Access server uses the TCP End Point Mapper port (TCP/135) and the dynamic RPC port range (6005-59530) for outgoing connections, every time an Outlook clients establish a connection to Exchange.

1. To set a static port for the RPC Client Access service on an Exchange 2010 Client Access server, you need to open the registry on the respective server and navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchangeRPC

Here, you need to create a new key named ParametersSystem, and under this key create a REG_DWORD named TCP/IP Port. The Value for the DWORD should be the port number you want to use.

Once you’ve configured the port, you need to restart the Microsoft Exchange RPC Client Access service.

2. By default the Exchange Address Book service on an Exchange 2010 Client Access server uses the TCP End Point Mapper (TCP/135) and the dynamic RPC port range (6005-59530) for outgoing connections, every time an Outlook client establishes a connection to Exchange.

To set a static RPC port for the Exchange Address Book Service, create a new REG_SZ registry key named “RpcTcpPort” under:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchangeAB\Parameters

Once you’ve configured the port, you need to restart the Microsoft Exchange Address Book service.

3. By default public folder connections uses the TCP End Point Mapper (TCP/135) and the dynamic RPC port range (49152-65535) for outgoing connections, every time an Outlook client establish a connection to Exchange.

To set a static port for public folder connections, follow the same steps as those required for configuring static ports for the RPC CA service. Just bear in mind you need to perform them on the Exchange 2010 servers that stores public folder databases. This is because public folder connections from an Outlook client occur against the RPC Client Access service on the Mailbox server role.

Once you’ve configured the port, it’s required to restart the Microsoft Exchange RPC Client Access service on the Mailbox server.

4. In order to verify that the static ports configured are used, the netstat.exe tool can be used:

Netstat -an -p tcp

Hope this helps you, If your ever in the same situation.

Advertisements

One thought on “How to Configure Static RPC Ports Exchange 2010

  1. Pingback: NetScaler/ Exchange RPC – TCP syn sent, reset received « rakhesh.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s