OWA on SBS 2003 - you just need port 443?

**driverdownloads** · 22-May-2007, 08:38 AM

I am working with SBS 2003 in my lab. I want to double check my notes with you guys. While on the one hand I found these lists of ports to open on your router for incoming connections to the SBS box:

SMTP 25 - Simple Mail Transfer Protocol
HTTP 80 - Home Page Web
SSL 443 - Home Page Web Secured
RWW 444 - Second SSL Secured on alternate port
PPTP 1723 - VPN Connections
RDP 3389 - Remote Desktop Protocol
RWW2 4125 - Remote Web Workpla

Also add?:

21 FTP Enables external and internal file transfer
110 POP3 Enables Exchange to accept incoming POP3 mail
123 (UDP port) NTP Enables the system to synchronize time with an external Network Time Protocol (NTP) server
143 IMAP4 Enables Exchange to accept incoming IMAP4-compliant messages
220 IMAP3 Enables Exchange to accept incoming IMAP3-compliant messages
500 IPSec Enables external VPN connections by using IPSec
1701 L2TP clients Enables external L2TP VPN connections
4500 IPSec Internet Key Exchange (IKE) Network Address Translation (NAT) traversal

But at this point, learning slowly, I only want OWA... that seems to be working with just 443 open?! And while it's only a lab, the other steps I would want when we do this in a production server is a) get a paid certificate (not home grown) b) rename (disable?) administrator account and c) other users use complex passwords that expire every so often?

**driverdownloads** · 22-May-2007, 08:38 AM

>>"OWA... that seems to be working with just 443 open?! "
Correct

>>"a) get a paid certificate (not home grown) "
Homegrown work fine, however if you have a paid certificate the users do not have to accept or install it, and it resolves a lot of issues with the newest mobile devices that will not readily accept certificates from unknown authorities

>>" b) rename (disable?) administrator account "
Though this is often a common practice with 2003 std, most will recommend against this with SBS. You could disable, but I don't believe you can rename it in SBS.
>>"c) other users use complex passwords that expire every so often?"
Absolutely. There is actually a wizard to do this; Server management | Users | Configure password Policies

as for your port list the first is bang on. The second list should not be necessary.
21 very risky on a SBS
110 POP exchange accounts are not set up as a rule
123 NTP service on SBS is an outgoing service, no need to allow
143, 220 Exchange/SBS does not use IMAP
500, 1701, 4500 chances are if you are using IPSec or IPSec over L2TP it will be an IPSec VPN and you will use a VPN router rather than the SBS

22-May-2007, 08:38 AM	#1 (permalink)
driverdownloads Fixed Error! Posts: 1,672 Join Date: Mar 2007 Rep Power: 3 IM:	OWA on SBS 2003 - you just need port 443? I am working with SBS 2003 in my lab. I want to double check my notes with you guys. While on the one hand I found these lists of ports to open on your router for incoming connections to the SBS box: SMTP 25 - Simple Mail Transfer Protocol HTTP 80 - Home Page Web SSL 443 - Home Page Web Secured RWW 444 - Second SSL Secured on alternate port PPTP 1723 - VPN Connections RDP 3389 - Remote Desktop Protocol RWW2 4125 - Remote Web Workpla Also add?: 21 FTP Enables external and internal file transfer 110 POP3 Enables Exchange to accept incoming POP3 mail 123 (UDP port) NTP Enables the system to synchronize time with an external Network Time Protocol (NTP) server 143 IMAP4 Enables Exchange to accept incoming IMAP4-compliant messages 220 IMAP3 Enables Exchange to accept incoming IMAP3-compliant messages 500 IPSec Enables external VPN connections by using IPSec 1701 L2TP clients Enables external L2TP VPN connections 4500 IPSec Internet Key Exchange (IKE) Network Address Translation (NAT) traversal But at this point, learning slowly, I only want OWA... that seems to be working with just 443 open?! And while it's only a lab, the other steps I would want when we do this in a production server is a) get a paid certificate (not home grown) b) rename (disable?) administrator account and c) other users use complex passwords that expire every so often?

22-May-2007, 08:38 AM	#2 (permalink)
driverdownloads Fixed Error! Posts: 1,672 Join Date: Mar 2007 Rep Power: 3 IM:	Re: OWA on SBS 2003 - you just need port 443? >>"OWA... that seems to be working with just 443 open?! " Correct >>"a) get a paid certificate (not home grown) " Homegrown work fine, however if you have a paid certificate the users do not have to accept or install it, and it resolves a lot of issues with the newest mobile devices that will not readily accept certificates from unknown authorities >>" b) rename (disable?) administrator account " Though this is often a common practice with 2003 std, most will recommend against this with SBS. You could disable, but I don't believe you can rename it in SBS. >>"c) other users use complex passwords that expire every so often?" Absolutely. There is actually a wizard to do this; Server management \| Users \| Configure password Policies as for your port list the first is bang on. The second list should not be necessary. 21 very risky on a SBS 110 POP exchange accounts are not set up as a rule 123 NTP service on SBS is an outgoing service, no need to allow 143, 220 Exchange/SBS does not use IMAP 500, 1701, 4500 chances are if you are using IPSec or IPSec over L2TP it will be an IPSec VPN and you will use a VPN router rather than the SBS

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)