Microsoft KB Archive/189416

= Firewalls and ports used by Windows Media Services =

Article ID: 189416

Article Last Modified on 8/5/2005

-

APPLIES TO


 * Microsoft Windows Media Services 4.1

-



This article was previously published under Q189416



SUMMARY
The following article outlines the ports used by Windows Media Services.



MORE INFORMATION
Stream type: Multicast

Protocol used: UDP multicast

Ports used: 1-65000

Special notes: Multicast streams are broadcast on IPs specified by the Windows Media Administrator within the following range: 224.0.0.1 to 239.255.255.255. The UDP port used for multicast streams is specified by the Windows Media Administrator and falls within the following range: 1 - 65000.

Stream type: UDP unicast stream Protocols used: UDP and TCP Ports used: TCP-1755 and a UDP port within the following range: 1024 - 5000 Special notes: When using UDP streams, the client first makes a connection to the Windows Media server using TCP port 1755. After this connection is established, the client and the server choose the UDP port that will be used by the server to stream the Windows Media content down to the client.

Stream type: TCP unicast stream

Protocol used: TCP

Port used: 1755

Special notes: None

Stream type: HTTP unicast stream

Protocol used: TCP

Port used: 80

Special notes: In most cases, this port will already be opened for Web traffic. The Windows Media Player is also capable of using an HTTP Web proxy to receive an HTTP unicast stream.

Stream type: MSBD distribution stream

Protocol used: TCP MSBD 1

Port used: 7007

Special notes: For server-to-server communication, TCP7007 is the default. However, when you are doing server-to-server MSBD connections and one server is already using port 7007, additional connections can be made on a random port in the 1024-5000 range. In some cases, such as Windows Media Encoder to server, this port can be changed to use a value between 1 and 65000. If you are using a Windows Media Encoder configured to use a stream alias to connect to a Windows Media server, you must open the appropriate ports for DCOM to pass through the firewall. See the DCOM notes below for more information.

Stream type: HTTP distribution stream

Protocol used: TCP

Port used: 80

Special notes: In most cases this port will already be opened for Web traffic.

Special DCOM Considerations
Some of the Windows Media components use DCOM, specifically the Windows Media Administrator and the Windows Media Encoder, which is configured to use a stream alias.

Protocol used: TCP, UDP

Port used: TCP-135, UDP-135, and UDP1-65000

Special notes: DCOM dynamically allocates one port per process. You must decide how many ports you want to allocate, which is equivalent to the number of simultaneous DCOM processes through the firewall. You must open all of the UDP and TCP ports corresponding to the port numbers you choose. In addition, you must open TCP/UDP 135, which is used for RPC End Point Mapping, among other things. In addition, you must tell DCOM which ports you reserved using the following registry key:      HKEY_LOCAL_MACHINES\Software\Microsoft\Rpc\Internet You probably will have to create this key.

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD).

Here is an example of how to restrict DCOM to a range of 10 ports:

Named value: Ports

Type: REG_MULTI_SZ

Setting: Range of port. Can be multiple lines such as: 3001-3010 135.

Named value: PortsInternetAvailable

Type: REG_MULTI_SZ

Setting: "Y"

Named value: UseInternetPorts

Type: REG_MULTI_SZ

Setting: "Y"

One last caveat: Computers outside the firewall must be able to access the inside computers by their real IP addresses. Address translation, proxying, and so on are not allowed.

Keywords: kbinfo kbdswmm2003swept KB189416

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.