Contents

Shopping communication ports

Connections diagram

There are several ports that are used in the Shopping application. These must be enabled in the firewalls for the relevant computers. The distribution of Shopping components and their associated ports is illustrated as follows:


Ports used by the Shopping Website

PortTrafficNotesConfigurable
TCP 80 (HTTP)InboundFor browsers on clients and Shopping receivers to communicate with the Shopping Website.Yes, during installation when specifying the IIS port used by the Website.
TCP 1433 (ADO.NET)OutboundCommunication with a remote Shopping database. Yes, during installation when specifying the SQL Server instance used by the Shopping database.
TCP 389 (LDAP)Outbound

Communication with Active Directory to verify user, computer and AD groups and resolution of each user's manager and email address.

Ensure that all secured (636 and 3269) and unsecured (389 and 3268) ports on the domain controller are not blocked. If, for any particular reason, they are restricted, then all the servers hosting Shopping components must be added to the exception list so that Shopping can execute the specific LDAP calls.
No
TCP 636 and 3269 (LDAPS)Inbound/Outbound

Communication with Active Directory.

Ensure that all secured (636 and 3269) and unsecured (389 and 3268) ports on the domain controller are not blocked. If, for any particular reason, they are restricted, then all the servers hosting Shopping components must be added to the exception list so that Shopping can execute the specific LDAP calls.
No

Ports used by the Shopping Central Service

PortTrafficNotesConfigurable
TCP 80 (HTTP)OutboundCommunication with a remote ActiveEfficiency Server.Yes, during installation when specifying the location of the ActiveEfficiency server.
TCP 389 (LDAP)OutboundCommunication with Active Directory to verify user, computer and AD groups and resolution of each user's manager and email address.No
TCP 1433 (ADO.NET)OutboundCommunication with a remote Shopping database.Yes, during installation when specifying the SQL Server instance used by the Shopping database.
TCP 1433 (ADO.NET)OutboundCommunication with the remote Configuration Manager Site database if the Shopping RBAC feature is not used. RBAC uses WMI (DCOM) instead of SQL.Yes, indirectly. The port is determined by querying the SMS Provider on the Configuration Manager site server
WMI (DCOM) TCP 135 and 445 (initially)OutboundRemote access to the SMS Provider role on the Configuration Manager site server. TCP 135 and 445 are used to initiate communications and negotiate dynamic RPC and MSDTC ports. The dynamic ranges depend on the Windows OS version.No
TCP 25 (SMTP)OutboundCommunication with a remote SMTP gateway to send emails.Yes, during installation when specifying the SMTP server.
TCP 110 (POP3)OutboundThis port is required in a lab environment only if Exchange is not available and a remote POP3 server is used instead.Yes, during installation when specifying the SMTP server.
TCP 8335OutboundCommunication with a remote AppClarity server. This is only required only if Shopping uses AppClarity integration.No
TCP 636 and 3269 (LDAPS)Inbound/OutboundCommunication with Active DirectoryNo

Ports used by the Shopping Admin Console

Required if the Shopping Admin console is installed on a client remote from the Shopping central server.

PortTrafficNotesConfigurable
TCP 1433 (ADO.NET)OutboundCommunication with a remote Shopping database.Yes, when specifying the SQL Server instance used by the Shopping database.
TCP 1433 (ADO.NET)OutboundCommunication with the remote Configuration Manager site database if the Shopping RBAC feature is not used. RBAC uses WMI (DCOM) instead of SQL.Yes, indirectly. The port is determined by querying the SMS Provider on the Configuration Manager Site server
TCP 389 (LDAP)OutboundCommunication with Active Directory to verify user, computer and AD groups and resolution of each user's manager and email address.No
WMI (DCOM) TCP 135 and 445 (initially)OutboundRequired for remote access to the SMS Provider role on Configuration Manager site servers. TCP 135 and 445 are used to initiate communications and negotiate a dynamic RPC port. The dynamic range depends on the Windows OS version. No
TCP 636 and 3269 (LDAPS)Inbound/OutboundCommunication with Active DirectoryNo

Ports used by the Shopping receiver

The Shopping Receiver is expected to be installed on the Configuration Manager Site server that has a local SMS Provider role.

PortTrafficNotesConfigurable
TCP 80 (HTTP)OutboundCommunication with the Shopping central Website.Yes, during the Shopping receiver installation when you specify the location of the Shopping central server.
WMI (DCOM) TCP 135 and 445 (initially)Outbound

Required for communication with the Configuration Manager SMS Provider.

Shopping Receiver service expects the Configuration Manager SMS Provider role exists on the local server, and communicates with it using WMI (DCOM).

TCP 135 and 445 are used to initiate communications and negotiate a dynamic RPC port. The dynamic range depends on the Windows OS version.

No.
TCP 1433 (ADO.NET)Outbound

Communication with the Configuration Manager site database, if remote.

In addition, if the Configuration Manager site database is on the default instance of SQL Server and using a custom port, you must configure a SQL alias using both the 32-bit and 64-bit versions of cliconfg.exe described in our KB. This is not applicable if the database is on a named instance.
Yes, indirectly. The port is determined by querying the SMS Provider on the local server.

Ports used by Shopping clients

The following table is for the Shopping client. It does not include ports required for other 1E products (for example Nomad, WakeUp and Tachyon) nor does it list ports required by Microsoft's Configuration Manager.

PortTrafficNotesConfigurable
TCP 80 (HTTP)Outbound

For browsers on clients to communicate with the Shopping central website (Shopping Portal).

http://<ShoppingCentralServer>/shopping

Yes. If a port of other than port 80 is used, it must be specified on the URL used by users when connecting to the Shopping Website.
SMTP and POP3OutboundThese ports are required in a lab environment only if Exchange is not available, and an alternative email application is used to send and receive emails.Yes.
TCP 389 (LDAP)OutboundCommunication with Active Directory to verify user, computer and AD groups and resolution of each user's manager and email address.No
TCP 636 and 3269 (LDAPS)Inbound/OutboundCommunication with Active Directory.No
TCP 8000 (HTTP)Inbound (loopback)For browsers on clients to communicate with the Shopping agent to retrieve machine information. 

Yes. You specify the port in the 1E Tachyon Agent loopback URL setting in the Shopping Console.

On startup, the Shopping client queries the following URL to get the loopback URL. http://<ShoppingCentralServer>/shopping/WindowsServicingAssistant/GetTachyonAgentUrl

A new feature in Shopping 5.6 and later means that Shopping Receivers no longer require remote WMI (DCOM) TCP 135 and 445 connection to Shopping clients. Instead policy refreshes for new requests and re-shopping are now done using the Client Notification feature of Configuration Manager.