Firewalls and Ports Used by Windows Media Services

ID: Q189416

The information in this article applies to:
  • Microsoft NetShow, version 2.0
  • Microsoft Windows NT Server NetShow Services version 3.0
  • Microsoft Windows Media Services versions 4.0, 4.1

SUMMARY

The following article outlines the ports used by Windows Media Services.


MORE INFORMATION

Stream type: Multicast
Protocol used: UDP multicast
Ports used: 1-65000
Special notes: Multicast streams are broadcast on IPs specified by the Windows Media Administrator within the following range: 224.0.0.1 to 239.255.255.255. The UDP port used for multicast streams is specified by the Windows Media Administrator and falls within the following range: 1 - 65000.

Stream type: UDP unicast stream Protocols used: UDP and TCP Ports used: TCP-1755 and a UDP port within the following range: 1024 - 5000 Special notes: When using UDP streams, the client first makes a connection to the Windows Media server using TCP port 1755. After this connection is established, the client and the server choose the UDP port that will be used by the server to stream the Windows Media content down to the client.

Stream type: TCP unicast stream
Protocol used: TCP
Port used: 1755
Special notes: None

Stream type: HTTP unicast stream
Protocol used: TCP
Port used: 80
Special notes: In most cases, this port will already be opened for Web traffic. The Windows Media Player is also capable of using an HTTP Web proxy to receive an HTTP unicast stream.

Stream type: MSBD distribution stream
Protocol used: TCP MSBD 1
Port used: 7007
Special notes: For server-to-server communication, TCP7007 is the default. However, when you are doing server-to-server MSBD connections and one server is already using port 7007, additional connections can be made on a random port in the 1024-5000 range. In some cases, such as Windows Media Encoder to server, this port can be changed to use a value between 1 and 65000. If you are using a Windows Media Encoder configured to use a stream alias to connect to a Windows Media server, you must open the appropriate ports for DCOM to pass through the firewall. See the DCOM notes below for more information.

Stream type: HTTP distribution stream
Protocol used: TCP
Port used: 80
Special notes: In most cases this port will already be opened for Web traffic.

Special DCOM Considerations

Some of the Windows Media components use DCOM, specifically the Windows Media Administrator and the Windows Media Encoder, which is configured to use a stream alias.

Protocol used: TCP, UDP
Port used: TCP-135, UDP-135, and UDP1-65000
Special notes: DCOM dynamically allocates one port per process. You must decide how many ports you want to allocate, which is equivalent to the number of simultaneous DCOM processes through the firewall. You must open all of the UDP and TCP ports corresponding to the port numbers you choose. In addition, you must open TCP/UDP 135, which is used for RPC End Point Mapping, among other things. In addition, you must tell DCOM which ports you reserved using the following registry key: 

      HKEY_LOCAL_MACHINES\Software\Microsoft\Rpc\Internet
You probably will have to create this key.

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD).

Here is an example of how to restrict DCOM to a range of 10 ports:

Named value: Ports
Type: REG_MULTI_SZ
Setting: Range of port. Can be multiple lines such as: 3001-3010 135.

Named value: PortsInternetAvailable
Type: REG_MULTI_SZ
Setting: "Y"

Named value: UseInternetPorts
Type: REG_MULTI_SZ
Setting: "Y"

One last caveat: Computers outside the firewall must be able to access the inside computers by their real IP addresses. Address translation, proxying, and so on are not allowed.

Additional query words:

Keywords :
Version : :2.0,4.0,4.1; winnt:3.0
Platform : winnt
Issue type : kbinfo


Last Reviewed: January 5, 2000
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.