Home > SCCM / SMS > SCCM OSD Port requirements for private networks

SCCM OSD Port requirements for private networks

We’ve been considering building servers using SCCM in remote offices (Brussels, New York etc)
For now, it will be a limited number of servers, so we do not want to duplicate the SCCM infrastructure, but this will mean that we need to open some ports for this to run.

Looking around, it seems we have the following port requirements. (See http://technet.microsoft.com/en-us/library/bb632618.aspx

Client — > Distribution Point
Description         UDP            TCP
HTTP                —            80 (See note 2, Alternate Port Available)
HTTPS                —            443 (See note 2, Alternate Port Available)
SMB                    —            445
Multicast Protocol 63000-64000    —
TFTP                69            —

Client — > Management Point
Description            UDP            TCP
HTTP                —            80 (See note 2, Alternate Port Available)
HTTPS                —            443(See note 2, Alternate Port Available)

Client — > State Migration Point
Description         UDP            TCP
HTTP                —            80
HTTPS                —            443
SMB                    —            445

Client — > PXE Service Point
Description            UDP            TCP
DHCP                67&68        —
TFTP                69*            —
BINL                4011        —

Site Server < — > PXE Service Point
Description            UDP            TCP
SMB                    —            445
RPC Endpoint Mapper    135            135
RPC                    —            DYNAMIC

Note: Trivial File Transfer Protocol is designed to support diskless boot environments. TFTP Daemons listen on UDP port 69 but respond from a dynamically allocated high port. Therefore, enabling this port will allow the TFTP service to receive incoming TFTP requests but will not allow the selected server to respond to those requests. Allowing the selected server to respond to inbound TFTP requests cannot be accomplished unless the TFTP server is configured to respond from port 69.
Note: 2 Alternate Port Available: An alternate port can be defined within Configuration Manager for this value. If a custom port has been defined, substitute that custom port when defining the IP filter information for IPsec policies or for configuring firewalls.

Categories: SCCM / SMS Tags:
  1. No comments yet.
  1. No trackbacks yet.
You must be logged in to post a comment.