Required ports and protocols
The ports and protocols for DRA communication are provided in the component tables listed in this section.
-
Configurable ports are indicated with one asterisk *
-
Ports requiring a certificate are indicated with two asterisks **
DRA Administration Servers
|
Protocol and Port |
Direction |
Destination |
Usage |
|---|---|---|---|
|
TCP 135 |
Bi-directional |
DRA Administration Servers |
End-point mapper, a basic requirement for DRA communication; enables Administration servers to locate each other in MMS |
|
TCP 445 |
Bi-directional |
DRA Administration Servers |
Delegation model replication; file replication during MMS synchronization (SMB) |
|
Dynamic TCP port range * |
Bi-directional |
Microsoft Active Directory domain controllers |
By default, DRA assigns ports dynamically from the TCP port range of 1024 through 65535. You can, however, configure this range by using Component Services. |
|
TCP 50000 * |
Bi-directional |
DRA Administration Servers |
Attribute replication and DRA server-AD LDS communication. (LDAP) |
|
TCP 50001 * |
Bi-directional |
DRA Administration Servers |
SSL attribute replication (AD LDS) |
|
TCP/UDP 389 |
Outbound |
Microsoft Active Directory domain controllers |
Active Directory object management (LDAP) |
|
Outbound |
Microsoft Exchange Server |
Mailbox management (LDAP) |
|
|
TCP/UDP 53 |
Outbound |
Microsoft Active Directory domain controllers |
Name resolution |
|
TCP/UDP 88 |
Outbound |
Microsoft Active Directory domain controllers |
Allows authentication from the DRA Server to the domain controllers (Kerberos) |
|
TCP 80 |
Outbound |
Microsoft Exchange Server |
Needed for all on-premises Exchange servers 2016 and later (HTTP) |
|
Outbound |
Microsoft Office 365 |
Remote PowerShell access (HTTP) |
|
|
TCP 443 |
Outbound |
Microsoft Office 365, Change Guardian |
Graph API access and Change Guardian Integration (HTTPS) |
|
TCP 443, 5986, 5985 |
Outbound |
Microsoft PowerShell |
Native PowerShell cmdlets (HTTPS) and PowerShell Remoting |
|
TCP 5984 |
Localhost |
DRA Administration Servers |
IIS access to the Replication Service to support temporary group assignments |
| TCP 5000 * | Localhost | DRA Administration Servers | Default port for DRA Continuous Cache Refresh Service. For more information and steps to modify the default port see, NetIQ DRA Continuous Cache Refresh Service. |
|
TCP 8092 * ** |
Outbound |
Workflow Server |
Workflow status and triggering (HTTPS) |
|
TCP 50101 * |
Inbound |
DRA Core Service |
Right-Click Change History report to UI Audit Report. Can be configured during installation. |
|
TCP 50102 |
Bi-directional |
Log Archive Service |
Log Archive Service |
|
TCP 50105 |
Localhost |
DRA Cache DB Service |
Cache service communication on the DRA server (does not need to be opened through the firewall) |
|
TCP 1433 |
Outbound |
Microsoft SQL Server |
Reporting data collection |
|
UDP 1434 |
Outbound |
Microsoft SQL Server |
SQL Server browser service uses this port to identify the port for the named instance. |
|
TCP 8443 |
Bi-directional |
Change Guardian Server |
Unified Change History |
|
TCP 8898 |
Bi-directional |
DRA Administration Servers |
DRA Replication Service communication between DRA servers for temporary group assignments |
|
TCP 636 |
Outbound |
Microsoft Active Directory domain controllers |
Active Directory object management (LDAP SSL). |
DRA REST Server
|
Protocol and Port |
Direction |
Destination |
Usage |
|---|---|---|---|
|
TCP 8755 * ** |
Inbound |
IIS Server, DRA PowerShell cmdlets |
Execute DRA REST-based workflow activities (ActivityBroker) |
|
TCP 135 |
Outbound |
Microsoft Active Directory domain controllers |
Autodiscovery using Service Connection Point (SCP) |
|
TCP 443 |
Outbound |
Microsoft AD Domain Controllers |
Autodiscovery using Service Connection Point (SCP) |
Web Console (IIS)
|
Protocol and Port |
Direction |
Destination |
Usage |
|---|---|---|---|
|
TCP 8755 * ** |
Outbound |
DRA REST Service |
For communication between DRA Web Console, and DRA PowerShell |
|
TCP 443 |
Inbound |
Client Browser |
Opening a DRA website |
|
TCP 443 ** |
Outbound |
Advanced Authentication Server |
Advanced Authentication |
DRA Delegation and Administration Console
|
Protocol and Port |
Direction |
Destination |
Usage |
|---|---|---|---|
|
TCP 135 |
Outbound |
Microsoft Active Directory domain controllers |
Autodiscovery using SCP |
|
Dynamic TCP port range * |
Outbound |
DRA Administration Servers |
DRA Adapter workflow activities. By default, DCOM assigns ports dynamically from the TCP port range of 1024 through 65535. You can, however, configure this range by using Component Services. |
|
TCP 50102 |
Outbound |
DRA Core Service |
Change History report generation |
Workflow Server
|
Protocol and Port |
Direction |
Destination |
Usage |
|---|---|---|---|
|
TCP 8755 |
Outbound |
DRA Administration Servers |
Execute DRA REST-based workflow activities (ActivityBroker) |
|
Dynamic TCP port range * |
Outbound |
DRA Administration Servers |
DRA Adapter workflow activities. By default, DCOM assigns ports dynamically from the TCP port range of 1024 through 65535. You can, however, configure this range by using Component Services. |
|
TCP 1433 |
Outbound |
Microsoft SQL Server |
Workflow data storage |
|
TCP 8091 |
Inbound |
Operations Console and Configuration Console |
Workflow BSL API (TCP) |
|
TCP 8092 ** |
Inbound |
DRA Administration Servers |
Workflow BSL API (HTTP) and (HTTPS) |
|
TCP 2219 |
Localhost |
Namespace Provider |
Used by the Namespace Provider to run adapters |
|
TCP 9900 |
Localhost |
Correlation Engine |
Used by the Correlation Engine to communicate with the Workflow Automation Engine and Namespace Provider |
|
TCP 10117 |
Localhost |
Resource Management Namespace Provider |
Used by the Resource Management Namespace Provider |