If you are deploying Exchange in an environment with load balancers or firewalls which aren’t able to handle dynamic RPC port ranges, chances are you’ll be defining static ports for the RPC Client Access Service and the Address Book Service on each CAS server. If you’re using Public Folders, you’ll want a third static port on the Mailbox servers hosting Public Folders. I typically use these ports for this:
- RPC Client Access Service – TCP 60,000
- Address Book Service – TCP 60,001
- RPC Client Access (Public Folders) – TCP 60,002
For the first two, I’ve included a script below which makes quick work of setting the ports. Just run it on the CAS server to make the required changes.
param([int32]$MAPIPort = 60000, [int32]$AddressBookPort = 60001, [bool]$RestartServices = $true) # ============================================================================================== # NAME: Configure Exchange Static Ports # # AUTHOR: Brian Desmond, brian@briandesmond.com # DATE : 4/9/2012 # # COMMENT: # # ============================================================================================== Set-PSDebug -Strict:$true function CheckProcessElevation() { $identity = [System.Security.Principal.WindowsIdentity]::GetCurrent() $principal = New-Object System.Security.Principal.WindowsPrincipal($identity) return $principal.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator) } function CreateRegistryKeyIfNecessary([string]$path) { if (Test-Path -Path $path) { return } else { [void](New-Item -Path $path) } } Function Test-RegistryValue($regkey, $name) { Get-ItemProperty $regkey $name -ErrorAction SilentlyContinue | Out-Null $? } function CreateOrUpdateRegistryValue([string]$path, [string]$valueName, [Microsoft.Win32.RegistryValueKind]$valueType, $value) { if ((Test-Path -Path $path) -ne $true) { CreateRegistryKeyIfNecessary $path } if ((Test-RegistryValue $path $valueName) -eq $false) { [void](New-ItemProperty -Path $path -Name $valueName -PropertyType $valueType -Value $value) } else { [void](Set-ItemProperty -Path $path -Name $valueName -Value $value) } } if ((CheckProcessElevation) -eq $false) { Write-Warning "Script must be run from an elevated prompt. Exiting..." exit 1 } $domtParamsPath = "HKLM:\System\CurrentControlSet\Services\MSExchangeAB\Parameters" $momtParamsPath = "HKLM:\System\CurrentControlSet\Services\MSExchangeRPC\ParametersSystem" Write-Host "Setting Address Book Service Port to $($AddressBookPort)" CreateOrUpdateRegistryValue $domtParamsPath "RpcTcpPort" "String" $AddressBookPort.ToString() Write-Host "Setting RPC Client Access Port to $($MAPIPort)" CreateOrUpdateRegistryValue $momtParamsPath "TCP/IP Port" "DWord" $MAPIPort if ($RestartServices) { Write-Host "Restarting Services..." Restart-Service -Name "MSExchangeAB" -Confirm:$false Restart-Service -Name "MSExchangeRPC" -Confirm:$false } Write-Host "Complete." -ForegroundColor Green
If you’re looking to restrict the port used for Public Folder access, you’ll need to do this in addition to the script above. The registry setting you want is below:
Key: “HKLM\System\CurrentControlSet\Services\MSExchangeRPC\ParametersSystem”
Value Name: "TCP/IP Port”
Value Type: REG_DWORD
Value Data: “60002” (decimal)