The following ports need to be opened bi-directionally
1. Microsoft file sharing SMB (TCP/UDP 135-139)
2. Direct-hosted SMB traffic (TCP/UDP 445)
3. LDAP - AD Lookups (TCP/389)
4. Kerberos (TCP/UDP 88)
5. LDAP Global Catalog (TCP/3268)
6. DNS (TCP/UDP 53)
7. WINS (TCP/UDP 137)
8. Remote Powershell for Exchange (TCP Port 80 and access to the IIS /powershell virtual directory on your Exchange 2010 servers)
9. Remote Powershell for Lync (TCP Port 443 and access to the IIS /OcsPowershell virtual directory on your Lync Servers)
Note: If you have a multiple distributed server deployment of UCA and there are firewalls between the UCA servers open the following TCP ports. 1223, 1336, 1337, 7299, 9260, 7100, 7101, 9042, 9260 and 10099 These ports are required for service to service communication.