Communications Ports
There are several ports that are used in the Shopping application. These must be enabled in the firewalls for the relevant computers.
The distribution of Shopping components and their associated ports are shown in the picture.
Ports used by the Shopping Website
Port | Traffic | Notes | Configurable |
|---|---|---|---|
TCP 443 (HTTPS) | Inbound | For browsers on clients and Shopping receivers to communicate with the Shopping Website. | Yes, during installation when specifying the IIS port used by the Website. |
TCP 1433 (ADO.NET) | Outbound | Communication with a remote Shopping database. | Yes, during installation when specifying the SQL Server instance used by the Shopping database. |
TCP 389 (LDAP) | Outbound | Communication with Active Directory to verify user, computer and AD groups and resolution of each user's manager and email address. NoteEnsure that all secured (636 and 3269) and unsecured (389 and 3268) ports on the domain controller are not blocked. If, for any particular reason, they are restricted, then all the servers hosting Shopping components must be added to the exception list so that Shopping can execute the specific LDAP calls. | No |
TCP 636 and 3269 (LDAPS) | Inbound/Outbound | Communication with Active Directory. NoteEnsure that all secured (636 and 3269) and unsecured (389 and 3268) ports on the domain controller are not blocked. If, for any particular reason, they are restricted, then all the servers hosting Shopping components must be added to the exception list so that Shopping can execute the specific LDAP calls. | No |
Ports used by the Shopping Central Service
Port | Traffic | Notes | Configurable |
|---|---|---|---|
TCP 389 (LDAP) | Outbound | Communication with Active Directory to verify user, computer and AD groups and resolution of each user's manager and email address. | No |
TCP 1433 (ADO.NET) | Outbound | Communication with a remote Shopping database. | Yes, during installation when specifying the SQL Server instance used by the Shopping database. |
TCP 1433 (ADO.NET) | Outbound | Communication with the remote Configuration Manager Site database if the Shopping RBAC feature is not used. RBAC uses WMI (DCOM) instead of SQL. | Yes, indirectly. The port is determined by querying the SMS Provider on the Configuration Manager site server |
WMI (DCOM) TCP 135 and 445 (initially) | Outbound | Remote access to the SMS Provider role on the Configuration Manager site server. TCP 135 and 445 are used to initiate communications and negotiate dynamic RPC and MSDTC ports. The dynamic ranges depend on the Windows OS version. | No |
TCP 25 (SMTP) | Outbound | Communication with a remote SMTP gateway to send emails. | Yes, during installation when specifying the SMTP server. |
TCP 110 (POP3) | Outbound | This port is required in a lab environment only if Exchange is not available and a remote POP3 server is used instead. | Yes, during installation when specifying the SMTP server. |
TCP 8335 | Outbound | Communication with a remote AppClarity server. This is only required only if Shopping uses AppClarity integration. | No |
TCP 636 and 3269 (LDAPS) | Inbound/Outbound | Communication with Active Directory | No |
Ports used by the Shopping Admin Console
Required if the Shopping Admin console is installed on a client remote from the Shopping central server.
Port | Traffic | Notes | Configurable |
|---|---|---|---|
TCP 1433 (ADO.NET) | Outbound | Communication with a remote Shopping database. | Yes, when specifying the SQL Server instance used by the Shopping database. |
TCP 1433 (ADO.NET) | Outbound | Communication with the remote Configuration Manager site database if the Shopping RBAC feature is not used. RBAC uses WMI (DCOM) instead of SQL. | Yes, indirectly. The port is determined by querying the SMS Provider on the Configuration Manager Site server |
TCP 389 (LDAP) | Outbound | Communication with Active Directory to verify user, computer and AD groups and resolution of each user's manager and email address. | No |
WMI (DCOM) TCP 135 and 445 (initially) | Outbound | Required for remote access to the SMS Provider role on Configuration Manager site servers. TCP 135 and 445 are used to initiate communications and negotiate a dynamic RPC port. The dynamic range depends on the Windows OS version. | No |
TCP 636 and 3269 (LDAPS) | Inbound/Outbound | Communication with Active Directory | No |
Ports used by the Shopping receiver
The Shopping Receiver is expected to be installed on the Configuration Manager Site server that has a local SMS Provider role.
Port | Traffic | Notes | Configurable |
|---|---|---|---|
TCP 443 (HTTPS) | Outbound | Communication with the Shopping central Website. | Yes, during the Shopping receiver installation when you specify the location of the Shopping central server. |
WMI (DCOM) TCP 135 and 445 (initially) | Outbound | Required for communication with the Configuration Manager SMS Provider. NoteShopping Receiver service expects the Configuration Manager SMS Provider role exists on the local server, and communicates with it using WMI (DCOM). TCP 135 and 445 are used to initiate communications and negotiate a dynamic RPC port. The dynamic range depends on the Windows OS version. | No. |
TCP 1433 (ADO.NET) | Outbound | Communication with the Configuration Manager site database, if remote. NoteIn addition, if the Configuration Manager site database is on the default instance of SQL Server and using a custom port, you must configure a SQL alias using both the 32-bit and 64-bit versions of | Yes, indirectly. The port is determined by querying the SMS Provider on the local server. |
Ports used by Shopping clients
The following table is for the Shopping client. It does not include ports required for other 1E products (for example Nomad, WakeUp and Tachyon) nor does it list ports required by Microsoft's Configuration Manager.
Port | Traffic | Notes | Configurable |
|---|---|---|---|
TCP 443 (HTTPS) | Outbound | For browsers on clients to communicate with the Shopping central website (Shopping Portal). http://<ShoppingCentralServer>/shopping | Yes. If a port of other than port 80 is used, it must be specified on the URL used by users when connecting to the Shopping Website. |
SMTP and POP3 | Outbound | These ports are required in a lab environment only if Exchange is not available, and an alternative email application is used to send and receive emails. | Yes. |
TCP 389 (LDAP) | Outbound | Communication with Active Directory to verify user, computer and AD groups and resolution of each user's manager and email address. | No |
TCP 636 and 3269 (LDAPS) | Inbound/Outbound | Communication with Active Directory. | No |
TCP 8000 (HTTP) | Inbound (loopback) | For browsers on clients to communicate with the Shopping agent to retrieve machine information. | Yes. You specify the port in the 1E Tachyon Agent loopback URL setting in the Shopping Console. On startup, the Shopping client queries the following URL to get the loopback URL. http://<ShoppingCentralServer>/shopping/WindowsServicingAssistant/GetTachyonAgentUrl |
Note
A new feature in Shopping 5.6 and later means that Shopping Receivers no longer require remote WMI (DCOM) TCP 135 and 445 connection to Shopping clients. Instead policy refreshes for new requests and re-shopping are now done using the Client Notification feature of Configuration Manager.