Exchange 2000, Exchange 2007, Exchange 2010

Ports used by Exchange

Leave a comment

 

 

 

Protocol: LDAPPort (TCP/UDP): 389 (TCP)Description: Lightweight Directory Access Protocol (LDAP), used by Active Directory, Active Directory Connector, and the Microsoft Exchange Server 5.5 directory.

Protocol: LDAP/SSLPort (TCP/UDP): 636 (TCP)Description: LDAP over Secure Sockets Layer (SSL). When SSL is enabled, LDAP data that is transmitted and received is encrypted. To enable SSL, you must install a Computer certificate on the domain controller or Exchange Server 5.5 computer.

Protocol: LDAPPort (TCP/UDP): 379 (TCP)Description: The Site Replication Service (SRS) uses TCP port 379.

Protocol: LDAPPort (TCP/UDP): 390 (TCP)Description: While not a standard LDAP port, TCP port 390 is the recommended alternate port to configure the Exchange Server 5.5 LDAP protocol when Exchange Server 5.5 is running on a Microsoft Windows 2000 Active Directory domain controller.

Protocol: LDAPPort (TCP/UDP): 3268 (TCP)Description: Global catalog. The Windows 2000/2003 Active Directory global catalog listens on TCP port 3268. When you are troubleshooting issues that may be related to a global catalog, connect to port 3268 in LDP.

Protocol: LDAP/SSLPort (TCP/UDP): 3269 (TCP)Description: Global catalog over SSL. Applications that connect to TCP port 3269 of a global catalog server can transmit and receive SSL encrypted data. To configure a global catalog to support SSL, you must install a Computer certificate on the global catalog.

Protocol: IMAP4Port (TCP/UDP): 143 (TCP)Description: Internet Message Access Protocol version 4, may be used by “standards-based” clients such as Microsoft Outlook Express or Netscape Communicator to access the e-mail server. IMAP4 runs on top of the Microsoft Internet Information Service (IIS) Admin Service (Inetinfo.exe), and enables client access to the Exchange 2000/2003 information store.

Protocol: IMAP4/SSLPort (TCP/UDP): 993 (TCP)Description: IMAP4 over SSL uses TCP port 993. Before an Exchange 2000 server supports IMAP4 (or any other protocol) over SSL, you must install a Computer certificate on the Exchange 2000/2003 server.

Protocol: POP3Port (TCP/UDP): 110 (TCP)Description: Post Office Protocol version 3, enables “standards-based” clients such as Outlook Express or Netscape Communicator to access the e-mail server. As with IMAP4, POP3 runs on top of the IIS Admin Service, and enables client access to the Exchange 2000/2003 information store.

Protocol: POP3/SSLPort (TCP/UDP): 995 (TCP)Description: POP3 over SSL. To enable POP3 over SSL, you must install a Computer certificate on the Exchange 2000/2003 server.

Protocol: NNTPPort (TCP/UDP): 119 (TCP)Description: Network News Transport Protocol, sometimes called Usenet protocol, enables “standards-based” client access to public folders in the information store. As with IMAP4 and POP3, NNTP is dependent on the IIS Admin Service.

Protocol: NNTP/SSLPort (TCP/UDP): 563 (TCP)Description: NNTP over SSL. To enable NNTP over SSL, you must install a Computer certificate on the Exchange 2000/2003 Server.

Protocol: HTTPPort (TCP/UDP): 80 (TCP)Description: the protocol used primarily by Microsoft Outlook Web Access (OWA), but also enables some administrative actions in Exchange System Manager. HTTP is implemented through the World Wide Web Publishing Service (W3Svc), and runs on top of the IIS Admin Service.

Protocol: HTTP/SSLPort (TCP/UDP): 443 (TCP)Description: HTTP over SSL. To enable HTTP over SSL, you must install a Computer certificate on the Exchange 2000/2003 server.

Protocol: SMTPPort (TCP/UDP): 25 (TCP)Description: Simple Mail Transfer Protocol, is the foundation for all e-mail transport in Exchange 2000/2003. The SMTP Service (SMTPSvc) runs on top of the IIS Admin Service. Unlike IMAP4, POP3, NNTP, and HTTP, SMTP in Exchange 2000/2003 does not use a separate port for secure communication (SSL), but rather, employs an “in-band security sub-system” called Transport Layer Security (TLS).

Protocol: SMTP/LSAPort (TCP/UDP): 691 (TCP)Description: The Microsoft Exchange Routing Engine (also known as RESvc) listens for routing link state information on TCP port 691. Exchange 2000/2003 uses routing link state information to route messages and the routing table is regularly updated. The Link State Algorithm (LSA) propagates outing status information between Exchange 2000/2003 servers. This algorithm is based on the Open Shortest Path First (OSPF) protocol from networking technology, and transfers link state information between routing groups by using the X-LSA-2 command verb over SMTP and by using a Transmission Control Protocol (TCP) connection to port 691 in a routing group.

Protocol: X.400Port (TCP/UDP): 102 (TCP)Description: ITU-T Recommendation X.400 is really a series of recommendations for what an electronic message handling system (MHS) should look like. TCP port 102 is defined in IETF RFC-1006, which describes OSI communications over a TCP/IP network. In brief, TCP port 102 is the port that the Exchange message transfer agent (MTA) uses to communicate with other X.400-capable MTAs.

Protocol: MS-RPCPort (TCP/UDP): 135 (TCP)Description: Microsoft Remote Procedure Call is a Microsoft implementation of remote procedure calls (RPCs). TCP port 135 is actually only the RPC Locator Service, which is like the registrar for all RPC-enabled services that run on a particular server. In Exchange 2000/2003, the Routing Group Connector uses RPC instead of SMTP when the target bridgehead server is running Exchange 5.5. Also, some administrative operations require RPC. To configure a firewall to enable RPC traffic, many more ports than just 135 must be enabled. Please take note… however, you can static the port by changing the registry. Let me share with you all in future articles…

Protocol: DNSPort (TCP/UDP): 53 (TCP)Description: Domain Name System (DNS) is at the heart of all of the services and functions of Windows 2000/2003 Active Directory and Exchange 2000/2003 Server. You cannot underestimate the impact that a DNS issue can have on the system. Therefore, when service issues arise, it is always good to verify proper name resolution.

This definately clear all of your mind when you want to put in Front End in DMZ…

Last not least, we will always recommend to put in ISA rather than opening ports. This is also the recommended way from MSFT.

Other

Back up your Facebook profile

Leave a comment

 

 

 

 

 

 

If you’re an avid Facebook use you’ll have a lot of information on the site.  It’s a good idea to make a backup so, should Facebook fail, you won’t lose  everything

To backup your data on Facebook:

  • Login to your account.
  • then open the Account menu on the top right. Choose Account Settings. At the  next screen, scroll down to the Download your information option and click the ‘learn more’ link

 

 

 

 

 

 

 

  • It is on this screen as you confirm that you want to save your data.
  • A popup window appears, click Download.
  • Your request has been sent to Facebook.
  • Within a few hours or days you will receive an email with a link allowing you to download your data.
    • Windows 2008, Windows Vista

    Windows update error code 80072ee6

    Leave a comment

    1st try this

    Click “Start”

    Then Click “Run”

    Copy and Paste this ” regsvr32 MSXML3.dll ”

    Click “OK”

    You should see a dialog box stating that the operation has suceeded.

    Then open Messenger again and sign in.

    If this doesn’t work then try to clear your DNS cache by:

    Click “Start” then “Run” and type “cmd.exe”

    Then type “ipconfig /flushdns”. You should get a message stating that the cache has been cleared.

     

    if thats not working try this

     

    edit the registry and find for this key ‘UseWUServer’ if the value is ‘1’ ). I changed it to ‘0’, rebooted, and Run Windows Update

    wsus

    How to manually remove all of WSUS

    Leave a comment

    1. Please download and install the Windows Installer Cleanup Utility msicuu2.  To install it simply run msicuu2.exe.

    2. Once it is installed go to Start>All Programs>Windows Install Clean Up

    3. Scroll through the options and highlight Microsoft Windows Server Update Services 3.0

    4. Click remove

    5. Open a command prompt and run the following commands:

    net stop wsusservice

    net stop wsuscertserver

    sc delete wsusservice

    sc delete wsuscertserver

    6. When complete, go back to the Windows Installer Cleanup Utility and highlight Windows Internal Database (MICROSOFT##SSEE) and click remove.

    7. Go back to the command line and run the following commands

    net stop mssql$microsoft##ssee

    sc delete mssql$microsoft##ssee

    8. Delete or edit the associated reg keys as noted below:

    a. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server and edit the “InstalledInstances” value and remove “MICROSOFT##SSEE”

    b. Remove the “MICROSOFT##SSEE” subkey under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server

    c. Remove the “MSSQL.2005” subkey under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server

    d. Rename the following folder:

    \%Windir%\SYSMSI\SSEE\MSSQL.2005\MSSQL\Data

    to

    \%Windir%\SYSMSI\SSEE\MSSQL.2005\MSSQL\Data.old

    At the completion of this you should be at a point where you can reinstall WSUS from scratch if you like.

    Other, Windows 7

    How to turn your Windows 7 laptop into a wireless hotspot

    Leave a comment

    thanks to a new Windows 7 feature called Virtual Wi-Fi.

    The idea is a simple one: the operating system can virtualise any compatible wireless adapter, to make it appear as though you’ve as many additional adapters as you need.

    The effect is dramatic. Once it’s set up, then any Wi-Fi compatible device that can connect to you – another desktop, laptop, or an iPod Touch, say – will immediately be able to get online, by sharing your internet connection through a duplicate of your wireless adapter.

    Getting this working isn’t too difficult, either, as long as you can get over the first hurdle: finding a virtual Wi-Fi-compatible driver for your wireless adapter.

    Intel’s latest 32-bit and 64-bit drivers now include support, as do various others for Atheros, Broadcom, Realtek and other big players, but these don’t apply to every chipset. Check the support site for your wireless adapter to see what’s available.

    If you’re in luck and manage to find and install an up-to-date Windows 7 driver for your adapter, then the next step is to set it up, and for that you’ll need an elevated command prompt. Click Start, type CMD, right-click the Cmd.exe link and select “Run as Administrator”.

    Now type the following command:

    netsh wlan set hostednetwork mode=allow ssid=MyNet key=MyPassword

    and press [Enter]. Replace “MyNet” with the name you’d like to use for your custom network, and “MyPassword” with a password that’s a little harder to guess.

    Still at the command line, type

    netsh wlan start hostednetwork

    and press [Enter] to fire up the virtual adapter.

    Now click Control Panel > Network and Internet > Network and Sharing Centre > Change Adapter Settings, right-click your internet connection and select Properties. Click the Sharing tab, check “Allow other network users to connect…”, choose your virtual Wi-Fi adaptor – and that’s it.

    Any nearby Wi-Fi enabled device should see a new network appear with the SSID you defined above. They’ll be able to connect to it using your password, and can then immediately share your internet connection

    Windows 2008, Windows 7

    The “Desktop Wallpaper” Group Policy setting is not applied in Windows 7 or in Windows Server 2008 R2

    Leave a comment

    n an Active Directory domain network environment, you apply a “Desktop Wallpaper” Group Policy setting to the domain users. However, the setting is not applied to domain users who log on to client computers that are running Windows 7 or Windows Server 2008 R2.

    This issue varies if the following conditions are true:

    • If the domain user logs on the domain after you deploy the “Desktop Wallpaper” Group Policy setting, the desktop background changes to black.
      Note The color of the desktop background varies, depending on the color scheme that you set.
    • If the domain user logs on the domain before you apply the “Desktop Wallpaper” Group Policy setting, the desktop background does not change.

    Additionally, in the Personalization window of the client computer, the desktop background is displayed as being changed to the setting that you applied.

    Hotfix Download Available

    windows 7 / windows 2008 R2 x64

    Download

    windows 7 / windows 2008 R2 x86

    Download

    Tech Doc source
    http://support.microsoft.com/kb/977944

    Other

    Forgot the Administrator’s Password? Change Domain Admin Password in Windows Server 2003 AD

    Leave a comment

    Requirements

    1. Local access to the Domain Controller (DC).
    2. The Local Administrator password.
    3. Two tools provided by Microsoft in their Resource Kit: SRVANY and INSTSRV. Download them from HERE (24kb).

    Step 1

    Restart Windows 2003 in Directory Service Restore Mode.

    Note: At startup, press F8 and choose Directory Service Restore Mode. It disables Active Directory. When the login screen appears, log on as Local Administrator. You now have full access to the computer resources, but you cannot make any changes to Active Directory.

     

    safemodead 

    Step 2

    You are now going to install SRVANY. This utility can virtually run any programs as a service. The interesting point is that the program will have SYSTEM privileges (LSA) (as it inherits the SRVANY security descriptor), i.e. it will have full access on the system. That is more than enough to reset a Domain Admin password. You will configure SRVANY to start the command prompt (which will run the ‘net user’ command).

    Copy SRVANY and INSTSRV to a temporary folder, mine is called D:\temp. Copy cmd.exe to this folder too (cmd.exe is the command prompt, usually located at %WINDIR%\System32).

    Start a command prompt, point to d:\temp (or whatever you call it), and type:

    instsrv PassRecovery “d:\temp\srvany.exe”
    (change the path to suit your own).
    It is now time to configure SRVANY.

     
    Start Regedit, and navigate to

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PassRecovery
    Create a new subkey called Parameters and add two new values:
    name: Application
    type: REG_SZ (string)
    value: d:\temp\cmd.exe

    name: AppParameters
    type: REG_SZ (string)
    value: /k net user administrator 123456 /domain
    Replace 123456 with the password you want. Keep in my mind that the default domain policy require complex passwords (including digits, respecting a minimal length etc) so unless you’ve changed the default domain policy use a complex password such as P@ssw0rd
    Now open the Services applet (Control Panel\Administrative Tools\Services) and open the PassRecovery property tab. Check the starting mode is set to Automatic.

    servicemode

     

    Go to the Log On tab and enable the option Allow service to interact with the desktop.
    Restart Windows normally, SRVANY will run the NET USER command and reset the domain admin password.
    Step 3
    Log on with the Administrator’s account and the password you’ve set in step #2.
    Use this command prompt to uninstall SRVANY (do not forget to do it!) by typing:
    net stop PassRecovery

    sc delete PassRecovery
    Now delete d:\temp and change the admin password if you fancy.
    Done!