SharePoint network process communication ports and directions

Introduction

Ran into a strange problem with WSS 3.0 that appeared to involve hung sockets, the sql server dynamically assigned port changing, or some other network related problem.  404 errors with some documents in the document libraries, 500 Internal Server errors, memory errors, and tons of sql server related errors in the event logs.

In this particular situation, a reboot resolved all issues but left me wondering how networking worked within the SharePoint product itself.  The following are notes on SharePoint inter-process communications, network communication protocols, ports that SharePoint Server uses during its operation, etc.

SharePoint Network Communications

Overview

SharePoint uses a wide variety of protocols to communicate all of which are described by Microsoft in great detail.  In a nutshell, SharePoint network traffic occurs over these three transport protocols:

SQL Server Tabular Data Stream (TDS)

TDS is an application layer network protocol first created by Sybase. It is used to encapsulate the SQL queries.  All traffic in and out of SQL Server is handled by TDS (see Yellow paths in diagram below).  By default this takes place on port TCP:1433 but named instances of SQL Server (any other database instances running on the server must be named instances – e.g. “myserver\instancename”) will use a dynamically assigned port instead.  The dynamic assignment occurs in a two stage process.  First, the SQL client will call the SQL Server management service on port UDP:1434.  The SQL Server Management service will respond with a dynamic port assignment that will be used for subsequent communications.  The dynamic port assignment itself is generated when the SQL Server instance is first started.  As Microsoft explains:

Upon startup, SQL Server Browser starts and claims UDP port 1434.  SQL Server Browser reads the registry, identifies all instances of SQL Server on the computer, and notes the ports and named pipes that they use.  When SQL Server clients request SQL Server resources, the client network library sends a UDP message to the server using port 1434.  SQL Server Browser responds with the TCP/IP port or named pipe of the requested instance.  The network library on the client application then completes the connection by sending a request to the server using the port or named pipe of the desired instance.

Server Message Block (SMB)

SMB, or Common Internet File System (CIFS), is an application layer network protocol mainly used to provide access to printers, file systems, and other miscellaneous communications. It also provides an authenticated inter-process communication mechanism.  SMB is used for search and query operations within SharePoint (see the Red paths in the diagram below). This occurs on port TCP:445 or TCP:137,138,139 (over NetBIOS).

 

Hypertext Transfer Protocol (HTTP)

As expected, HTTP handles all incoming traffic and web service calls. This will typically occur over ports TCP:80 or TCP:443 for secured SSL communications.  Shared Service Provider (SSP) web service calls occur on ports 56737 and 56738 (SSL).  Share Service Providers are replaced in SharePoint 2010 with Service Applications which use ports 32843, 32844 (HTTPS), 32845 instead.

 

Other Ports

Other ports that SharePoint could use to communicate to other servers include:

  • AD Authentication: Occurs on TCP:445 or TCP:88 (Kerberos)
  • LDAP: Occurs on LDAP:389 and LDAPS:636
  • DNS: occurs on TCP:53
  • SMTP: Occurs on TCP:25

 

Inter-Server Communications

This is traffic between the servers in the SharePoint farm including the SharePoint boxes and the SQL Server boxes (click drawing for full-size view).

Inter-server communications of SharePoint 2007

 

Communication with other servers

This could be communications between SharePoint and Active Directory, DNS, etc.

Extra -server communications of SharePoint 2007

 

 

SharePoint 2007 ports and directions

Inbound/Outbound From Port Type To
Inbound Client IPs (as applicable) TCP 80 or 443 (SSL) HTTP ISA Web Pub or WFE
Inbound TS Jump point RDP (TCP 3389)

For Remote Admin

 APP (Central Admin /SSP Admin)
Inbound All SharePoint Server (Depends on Central Admin configuration) Office Server Web Services, TCP 56737, SSL 56738 HTTP App – Central Admin /SSP Admin

(Web Service Control)
Inbound Index TCP 80 or 443 WFE
Outbound ALL SharePoint Servers

(Based on Authentication)

 DS (TCP 445)

RPC (TCP 135)

DNS (TCP/UDP 53)

Kerberos (UDP 88)

LDAP/S (UDP 389/636)

 DC (AD) /DNS (LDAP)
Outbound External Content DNS (TCP/UDP 53) DNS
Outbound/(Inbound if applicable) WFE

(alerts or mail enabled list)

 SMTP (TCP 25) SMTP/Exchange
Outbound ALL SharePoint Servers SQL (TCP 1433, UDP 1434) or custom port for Named SQL Instance SQL Server Tabular Data Stream (TDS) SQL Server
Outbound WFE (Search Request) Search Query, either NBT (TCP/UDP 137, 138,139) or Direct-hosted SMB (TCP/UDP 445) Server Message Block (SMB) Query
Outbound Index (Propagation) Search Query, either NBT (TCP/UDP 137, 138,139) or Direct-hosted SMB (TCP/UDP 445) Query
Outbound Index (File Shares) Either NBT (TCP/UDP 137, 138,139) or Direct-hosted SMB (TCP/UDP 445) Server Message Block (SMB) External Content
Outbound Index (BDC) SQL (TCP 1433, UDP 1434) or custom port External Content
Outbound WFE (SSO) RPC for SSO – (TCP 135), plus random high ports (Dynamic RPC) or restricted high ports (Static RPC) APP Servers
Outbound WFE TPC 80, TCP 443, TCP (custom) HTTP Index Server (search crawling)
Outbound Index (Search Crawling) TPC 80, TCP 443, TCP (custom) HTTP WDE
Outbound Index (Sites) TPC 80, TCP 443, TCP (custom) External Content

 

SharePoint 2010 Ports

SharePoint 2010 uses the same ports as SharePoint 2007 with these additions:

Inbound/Outbound From Port Type To
Inbound Service Application 32843, 32844 (HTTPS), 32845 (net.tcp binding) HTTP SharePoint Web Service
Inbound All SharePoint Servers, but where Forefront Identity Management agent is installed TCP/5725
TCP/UDP 389 (LDAP service)
TCP/UDP 88 (Kerberos)
TCP/UDP 53 (DNS)
UDP 464 (Kerberos Change Password)		 Active Directory
Outbound Web Front End Server TCP/5725
TCP/UDP 389 (LDAP service)
TCP/UDP 88 (Kerberos)
TCP/UDP 53 (DNS)
UDP 464 (Kerberos Change Password)		 Microsoft SharePoint Foundation User Code Service (for sandbox solutions)

Leave a Reply

Related Post

Jan 11

IFTTT Remote trigger system ties all your “services” together

Iftt.com. It stands for (if this then that). It’s basically a “trigger”system that ties into tons of services including RSS, Dropbox, Evernote, Gmail, Youtube, Facebook, Twitter, general email, Flickr, LinkedIn, Last.fm, Read it Later (which I love), Wordpress, etc. It even has triggers for text messages, phone calls, stocks and bonds, and the weather.

Aug 20

The Secret in the Bible book puzzle solution

The Secret in the Bible by Tony Bushby has quite a few factual errors and is more of an atheist “push my agenda” type of book rather than a historical review of the subject matter. There was one interesting aspect to the book though. It included a “puzzle” whereby each of the sixteen chapters contained a secret word that when put together in a sentence reveals ancient knowledge so secret, Bushby was not allowed to outright reveal them in his book for fear of some sort of extremely viscous retribution from someone (boy, have I got news for him).

May 21

How to hide entertainment system wiring

I ran across this photo and thought it was brilliant. A common problem, what to do with the entertainment center wires, and this guy took a tack I had never thought of – just hide the wires in plain sight but bend them in such a manner that the represent the angular lines of a circuit board. In essences, he’s taken the ugly mess of wires and turned them into “art”.