-
Title
What ports are required for the CMN Directory Connector to communicate with AD? [CMN 3.4 onwards] -
Description
What network ports are required for communication between the CMN Directory Connector server and the Active Directory Domain Controller?
-
Cause
Beginning with version 3.4, Coexistence Manager for Notes began using Quick Connect as the underlying directory synchronization engine. The port requirements for the CMN Directory Connector now mirror those of Quick Connect. -
Resolution
COMMUNICATION PORTS USED BY QUICKCONNECT TO ACCESS AN ACTIVE DIRECTORY DOMAIN
1) Port number: 53Protocol: TCP/UDP
Traffic: DNS
Traffic direction: Inbound, outbound
2) Port number: 88Protocol: TCP/UDP
Traffic: Kerberos
Traffic direction: Inbound, outbound
3) Port number: 135Protocol: TCP
Traffic: RPC endpoint mapper
Traffic direction: Inbound, outboundNote: Port 135 is a dynamically allocated TCP port for RPC communication with the domain controller. For more information about ports used for RPC communication, see the following Microsoft Support Knowledge Base articles at support.microsoft.com:
- Restricting Active Directory replication traffic and client RPC traffic to a specific port (article ID: 224196)
- How to configure RPC dynamic port allocation to work with firewalls (article ID: 154596)
- How to configure RPC to use certain ports and how to help secure those ports by using IPsec (article ID: 908472)
- The default dynamic port range for TCP/IP has changed in Windows Vista and in Windows Server 2008 (article ID: 929851)
4) Port number: 139Protocol: TCP
Traffic: SMB/CIFS
Traffic direction: Inbound, outbound
5) Port number: 445Protocol: TCP
Traffic: SMB/CIFS
Traffic direction: Inbound, outbound
6) Port number: 389Protocol: TCP/UDP
Traffic: LDAP
Traffic direction: Outbound
7) Port number: 3268Protocol: TCP
Traffic: LDAP
Traffic direction: Outbound
8) Port number: 636Protocol: TCP
Traffic: SSL
Traffic direction: Outbound
Note: This port is only required if SSL is used to manage the Active Directory domain.
9) Port number: 3269Protocol: TCP
Traffic: SSL
Traffic direction: Outbound
Note: This port is only required if SSL is used to manage the Active Directory domain.
COMMUNICATION PORTS USED BY QUICKCONNECT CAPTURE AGENT TO FORWARD CATCHED PASSWORD TO QC SYNC ENGINE10) Port number: 808
Protocol: TCP
Traffic: LDAP
Traffic direction: Inbound, outboundNote: This port is only required if you want the Active Directory domain to participate in the password synchronization operations performed with Quick Connect.
-
Additional Information
Note: In a secure environment, you may want to enable the "Use Specific Domain Controller" option in the CMN Directory Connector wizard and enter the FQDN of a specific domain controller to which the required ports are open. Otherwise, the CMN Directory Connector will query for the available Domain Controllers in the environment and could connect to any, so the ports would to be opened for all Domain Controllers.