hi there, i've setup exchange 2003 server on our domain controler (win2003) all our workstations connect to the exchange server using outlook 2003 without any problems only if we turn windows firewall off on the exchange server but when i turn the firewall on no one can connect. i tried to do a search on ports that exchange uses but i only found the common onces which i tried to open like port 25smtp,110pop,143imap,389Ldap. if you could tell me which ports i need to open in order to access the exchange server from the local LAN. Thanks in advance for any suggestions

Normal Outlook uses RPC ports. That involves a port mapper and then a random port. FYI, if you're that concerned about security, you should never have installed Exchange on a DC. "Enough, enough bowing down to disillusion! Hats off & applause to rogues & evolution! The ripple effect is too good not to mention. If you’re not affected, you’re not paying attention!"

Thanks heropsycho2177 for your reply you showed the way to my answer. i've done a search in google for Exchange server static port mappings and took me to microsoft site KnowledgeBase 270836 will try and modify the registry. Thanks again

In case you're reading this... I applaud security, I really do. But think about what gains you're actually getting from Windows Firewall on this server. Since it's a DC, you must allow SMB, LDAP, etc. Since it's Exchange you have to allow SMTP, RPC, HTTP, etc. If your machine is going to be attacked from an unsolicited connection, it's gonna be on one of those ports anyway. Windows Firewall does no egress filtering. If this were a DMZ host or something, I understand using it, but on an internal LAN when you HAVE to open the ports most exploited, and you gain no egress filtering, what exactly do you think you're accomplishing with Windows Firewall on? Your vulnerabilities are you're exposing a server housing all domain accounts, including admins, to direct traffic from the internet, to any application layer vulnerabilities in Exchange, etc. That's what you should be concerned about, not unsolicited connections on random ports that are closed anyway. "Enough, enough bowing down to disillusion! Hats off & applause to rogues & evolution! The ripple effect is too good not to mention. If you’re not affected, you’re not paying attention!"