Cette liste peut s’avérer bien pratique lors de déploiements d’Exchange Server, ports utilisés, authentification supportée et cryptage supporté ou non.
Voici la liste suivant les rôles
Les serveurs de transport :
Data path |
Required ports |
Default authentication |
Supported authentication |
Encryption supported? |
Encrypted by default? |
Hub Transport server to Hub Transport server |
25/TCP (Transport Layer Security [TLS]) |
Kerberos |
Kerberos |
Yes (TLS) |
Yes |
Hub Transport server to Edge Transport server |
25/TCP (TLS) |
Direct trust |
Direct trust |
Yes (TLS) |
Yes |
Edge Transport server to Hub Transport server |
25/TCP (TLS) |
Direct trust |
Direct trust |
Yes (TLS) |
Yes |
Edge Transport server to Edge Transport server |
25/TCP (SSL) |
Anonymous, Certificate |
Anonymous, Certificate |
Yes (TLS) |
Yes |
Mailbox server to Hub Transport server via the Microsoft Exchange Mail Submission Service |
135/TCP (RPC) |
NTLM. If the Hub Tranpsort and the Mailbox server roles are on the same server, Kerberos is used. |
NTLM/Kerberos |
Yes (RPC encryption) |
Yes |
Hub Transport to Mailbox server via MAPI |
135/TCP (RPC) |
NTLM. If the Hub Tranpsort and the Mailbox server roles are on the same server, Kerberos is used.. |
NTLM/Kerberos |
Yes (RPC encryption) |
Yes |
Unified Messaging server to Hub Transport server |
25/TCP (TLS) |
Kerberos |
Kerberos |
Yes (TLS) |
Yes |
Microsoft Exchange EdgeSync service from Hub Transport server to Edge Transport server |
50636/TCP (SSL) |
Basic |
Basic |
Yes (LDAPS) |
Yes |
Active Directory directory service access from Hub Transport server |
389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon) |
Kerberos |
Kerberos |
Yes (Kerberos encryption) |
Yes |
Active Directory Rights Management Services (AD RMS) access from Hub Transport server |
443/TCP (HTTPS) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (SSL) |
Yes* |
SMTP clients to Hub Transport server (for example, end-users using Outlook Express) |
587 (TLS) 25/TCP (TLS) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (TLS) |
Yes |
Serveur de boîte aux lettres :
Data path |
Required ports |
Default authentication |
Supported authentication |
Encryption supported? |
Encrypted by default? |
Active Directory access |
389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon) |
Kerberos |
Kerberos |
Yes (Kerberos encryption) |
Yes |
Admin remote access (Remote Registry) |
135/TCP (RPC) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (IPsec) |
No |
Admin remote access (SMB/File) |
445/TCP (SMB) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (IPsec) |
No |
Availability Web service (Client Access to Mailbox) |
135/TCP (RPC) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (RPC encryption) |
Yes |
Clustering |
135/TCP (RPC) See « Notes on Mailbox Servers » after this table. |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (IPsec) |
No |
Content indexing |
135/TCP (RPC) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (RPC encryption) |
Yes |
DSAccess to Active Directory |
389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon) |
Kerberos |
Kerberos |
Yes (Kerberos encryption) |
Yes |
Log shipping |
64327 (customizable) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes |
No |
Seeding |
64327 (customizable) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes |
No |
Volume shadow copy service (VSS) backup |
Local Message Block (SMB)l |
NTLM/Kerberos |
NTLM/Kerberos |
No |
No |
Mailbox Assistants |
135/TCP (RPC) |
NTLM/Kerberos |
NTLM/Kerberos |
No |
No |
MAPI access |
135/TCP (RPC) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (RPC encryption) |
Yes |
Microsoft Exchange Active Directory Topology service access |
135/TCP (RPC) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (RPC encryption) |
Yes |
Microsoft Exchange System Attendant service legacy access (Listen to requests) |
135/TCP (RPC) |
NTLM/Kerberos |
NTLM/Kerberos |
No |
No |
Microsoft Exchange System Attendant service legacy access to Active Directory |
389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon) |
Kerberos |
Kerberos |
Yes (Kerberos encryption) |
Yes |
Microsoft Exchange System Attendant service legacy access (As MAPI client) |
135/TCP (RPC) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (RPC encryption) |
Yes |
Offline Address Book (OAB) accessing Active Directory |
135/TCP (RPC) |
Kerberos |
Kerberos |
Yes (RPC encryption) |
Yes |
Outlook accessing Offline Address Book (OAB) |
80/TCP, 443/TCP (SSL) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (HTTPS) |
No |
Recipient Update Service RPC access |
135/TCP (RPC) |
Kerberos |
Kerberos |
Yes (RPC encryption) |
Yes |
Recipient update to Active Directory |
389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon) |
Kerberos |
Kerberos |
Yes (Kerberos encryption) |
Yes |
WebDav |
80/TCP, 443/TCP (SSL) |
Basic, NTLM, Negotiate |
Basic, NTLM, Negotiate |
Yes (HTTPS) |
Yes |
Le client Access Servers :
Data path |
Required ports |
Default authentication |
Supported authentication |
Encryption supported? |
Encrypted by default? |
Autodiscover service |
80/TCP, 443/TCP (SSL) |
Basic/Integrated Windows authentication (Negotiate) |
Basic, Digest, NTLM, Negotiate (Kerberos) |
Yes (HTTPS) |
Yes |
Availability service |
80/TCP, 443/TCP (SSL) |
NTLM/Kerberos |
NTLM, Kerberos |
Yes (HTTPS) |
Yes |
Outlook Web Access |
80/TCP, 443/TCP (SSL) |
Forms Based Authentication |
Basic, Digest, Forms Based Authentication, NTLM (v2 only), Kerberos, Certificate |
Yes (HTTPS) |
Yes using self-signed certificate |
POP3 |
110/TCP (TLS), 995/TCP (SSL) |
Basic, NTLM, Kerberos |
Basic, NTLM, Kerberos |
Yes (SSL, TLS) |
Yes |
IMAP4 |
143/TCP (TLS), 993/TCP (SSL) |
Basic, NTLM, Kerberos |
Basic, NTLM, Kerberos |
Yes (SSL, TLS) |
Yes |
Outlook Anywhere (formerly known as RPC over HTTP ) |
80/TCP, 443/TCP (SSL) |
Basic |
Basic or NTLM |
Yes (HTTPS) |
Yes |
Exchange ActiveSync application |
80/TCP, 443/TCP (SSL) |
Basic |
Basic, Certificate |
Yes (HTTPS) |
Yes |
Client Access server to Unified Messaging server |
5060/TCP, 5061/TCP, 5062/TCP, a dynamic port |
By IP address |
By IP address |
Yes (Session Initiation Protocol [SIP] over TLS) |
Yes |
Client Access server to a Mailbox server that is running an earlier version of Exchange Server |
80/TCP, 443/TCP (SSL) |
NTLM/Kerberos |
Negotiate (Kerberos with fallback to NTLM or optionally Basic,) POP/IMAP plain text |
Yes (IPsec) |
No |
Client Access server to Exchange 2010 Mailbox server |
RPC. See « Notes on Client Access Servers » after this table. |
Kerberos |
NTLM/Kerberos |
Yes (RPC encryption) |
Yes |
Client Access server to Client Access server (Exchange ActiveSync) |
80/TCP, 443/TCP (SSL) |
Kerberos |
Kerberos, Certificate |
Yes (HTTPS) |
Yes using self-signed certificate |
Client Access server to Client Access server (Outlook Web Access) |
80/TCP, 443/TCP (SSL) |
Kerberos |
Kerberos |
Yes (HTTPS) |
Yes |
WebDAV |
80/TCP, 443/TCP (SSL) |
HTTP Basic or Outlook Web Access forms-based authentication |
Basic, Outlook Web Access forms-based authentication |
Yes (HTTPS) |
Yes |
Le serveur de messagerie unifiée :
Data path |
Required ports |
Default authentication |
Supported authentication |
Encryption supported? |
Encrypted by default? |
Unified Messaging Phone interaction (PBX) |
5060/TCP, 5061/TCP, 5062/TCP, a dynamic port |
By IP address |
By IP address |
SIP over TLS, but Media is not encrypted |
Yes for SIP |
Unified Messaging Web Service |
80/TCP, 443/TCP (SSL) |
Integrated Windows authentication (Negotiate) |
Basic, Digest, NTLM, Negotiate (Kerberos) |
Yes (SSL) |
Yes |
Unified Messaging server to Client Access server |
5075, 5076, 5075 (TCP) |
Integrated Windows authentication (Negotiate) |
Basic, Digest, NTLM, Negotiate (Kerberos) |
Yes (SSL) |
Yes |
Unified Messaging to Hub Transport |
25/TCP (TLS) |
Kerberos |
Kerberos |
Yes (TLS) |
Yes |
Unified Messaging server to Mailbox server |
135/TCP (RPC) |
NTLM/Kerberos |
NTLM/Kerberos |
Yes (RPC encryption) |
Yes |
Vous trouverez des informations supplémentaires sur le TechNet Microsoft !
http://technet.microsoft.com/en-us/library/bb331973(EXCHG.140).aspx
Bonne lecture !