-
Title
What are the Port Requirements for Active Administrator? -
Description
What are the Port Requirements for Active Administrator? -
Resolution
Port requirements
NOTE: All ports need to be open (incoming/outgoing) with the exception of the Workstation Logon agent which only needs to be outgoing on the workstation's firewall and incoming on the Active Administrator Server. Figure 1 displays an example of how communication is achieved through the specified ports.
Active Administrator Console
• TCP 15600 for Active Administrator Foundation Service (AFS) communication with Active Administrator Server
• TCP 8080 for communication with Active Administrator Web Server through the Web Console (internal, http)
• TCP 9443 for communication with Active Administrator Web Server through the Web Console (external, https)
• TCP 80 and 443 for communication via the Internet with Azure Active Directory
• TCP 389 for communication with Active Directory on domain controllers
Active Administrator Server
• TCP 15600 for communication with Active Administrator Foundation Service (AFS)
• TCP 15601 incoming only communication from Workstation Logon agents
• TCP 15602 for communication with Active Administrator Data Service (ADS)
• TCP 15603 for communication with Directory Analyzer agents
• TCP 15604 for communication with Azure Active Directory Connect agents
• TCP 1433 for communication with SQL Server
• TCP 8080 for communication as a Web Server for Active Administrator Web Consoles (internal, http)
• TCP 9443 for communication as a Web Server for Active Administrator Web Consoles (external, https)
• TCP 389 for communication with Active Directory on domain controllers
Active Administrator database server
• TCP 1433 for SQL communication with Active Administrator Server and domain controllers with auditing agents
Domain controller with no installed agents
• TCP 389 for communication with Active Administrator Server and Active Administrator Consoles
Domain controller with auditing agent
• TCP 1433 for communication with SQL Server
Domain controller with Active Directory Health Directory Analyzer agent
• TCP 15602 for communication with Active Administrator Data Service (ADS)
• TCP 15603 for communication through the Directory Analyzer agent
Domain controller with Azure Active Directory Connect agent
• TCP 15604 for communication through the Azure Active Directory Connect agent
Member server with Active Directory Health Directory Analyzer agent (pool agent)
• TCP 15602 for communication with Active Administrator Data Service (ADS)
• TCP 15603 for communication through Directory Analyzer Agent
SMTP server
• TCP 25 for sending email notifications via SMTP
Workstation with logon agent
• TCP 15601 outgoing only for communication to Active Administrator Server through Workstation Logon agent
Additional requirements
Remote Procedure Call (RPC) must be open between the AFS Server and the target.
When installing the audit agent on a member server instead of a domain controller, the following inbound firewall exceptions for Windows Management Instrumentation must be enabled:
▪ ASync-In
▪ DCOM-In
▪ WMI-In
If you are using the Certificate Management feature, Remote Registry Service must be enabled on all Windows computers on which certificates are managed.
If you want to access the DNS event logs in Active Administrator, the following inbound firewall exceptions are required on each DNS server:
▪ COM+ Network Access (DCOM-In)
▪ Remote Event Log Management (NP-In)
▪ Remote Event Log Management (RPC)
▪ Remote Event Log Management (RPC-EPMAP)
HTTP Port 8080 must be open on the computer running the Web Server.
IMPORTANT: It is recommended that you only use the Web Console internal to the network. If you want to use the Web Console externally, use HyperText Transfer Protocol Secure (HTTPS) by enabling Secure Sockets Layer (SSL). You need to select a certificate, which must be installed in the Personal or My store on the local computer. The default port is 9443.
For more information, please visit our online technical documentation for port requirements:
https://support.quest.com/technical-documents/active-administrator/8.6.3/release-notes/4#TOPIC-1935559
