Archive
TCP/IP Ports of SharePoint 2016
SharePoint 2016 huh?!
(Long time since I last posted anything real here…)
Actually, this post is by popular demand 🙂 This is the 2016 version of the post a wrote when SHarePoint 2013 was new, as you can see, not much has changed…I have updated a few lines with what I know now that I did not know then, thats it. Please let me know if I missed something.
The recommended approach is to create a GPO with these firewall rules and apply that rule to the SharePoint servers in your farm. Add all of them, best that way to avoid extreme t-shooting in the future.
Another but related recommendation is to configure the Loopback check funktion in Windows server to allow the FQDN’s of your web applications (Use the Loopback check tool).
List of ports used by SharePoint 2013 and its related services.
Reference links at the end.
| Protocol | Port | Usage | Comment |
| TCP | 80 | http | Client to SharePoint web server traffic (SharePoint – Office Online Server/Office Web Apps communication) |
| TCP | 443 | https/ssl | Encrypted client to SharePoint web server traffic (Encrypted SharePoint – Office Online Server/Office Web Apps communication) |
| TCP | 1433 | SQL Server default communication port. | May be configured to use custom port for increased security |
| UDP | 1434 | SQL Server default port used to establish connection | May be configured to use custom port for increased security |
| TCP | 445 | SQL Server using named pipes | When SQL Server is configured to listen for incoming client connections by using named pipes over a NetBIOS session, SQL Server communicates over TCP port 445 |
| TCP | 25 | SMTP for e-mail integration | Cannot in 2016 be configured (Use SMTP ports other than the default (25).) |
| TCP | 16500-16519 | Ports used by the search index component | Intra-farm only Inbound rule Added to Windows firewall by SharePoint. (GPO may override this change) |
| TCP | 22233-22236 | Ports required for the AppFabric Caching Service | Used by the Distributed Cache… |
| TCP | 808 | Search – Query processing component Windows Communication Foundation communication |
Search – Query processing component (WCF) |
| TCP | 32843 | Communication between Web servers and service applications | http (default) To use custom port, see references section Inbound rule Added to Windows firewall by SharePoint |
| TCP | 32844 | Communication between Web servers and service applications | https Inbound rule Added to Windows firewall by SharePoint |
| TCP | 32845 | net.tcp binding: TCP 32845 (only if a third party has implemented this option for a service application) | Custom Service Applications Inbound rule Added to Windows firewall by SharePoint |
| TCP | 32846 | Microsoft SharePoint Foundation User Code Service (for sandbox solutions) | Inbound on all Web Servers Inbound rule Added to Windows firewall by SharePoint Outbound on all Web and App servers with service enabled. |
| TCP | 636 | User Profile Synchronization Service/Active Directory Import | Synchronizing profiles between SharePoint 2016 and AD using SLDAP (Secure LDAP) |
| TCP | 5725 | User Profile Synchronization Service | Synchronizing profiles between SharePoint 2016 and Active Directory Domain Services (AD DS) |
| TCP + UDP | 389 | User Profile Synchronization Service | LDAP Service |
| TCP + UDP | 88 | User Profile Synchronization Service | Kerberos |
| TCP + UDP | 53 | User Profile Synchronization Service | DNS |
| UDP | 464 | User Profile Service | Kerberos change password |
| TCP | 809 | Office Online Server/Office Web Apps | Office Online Server/Office Web Apps intra-farm communication. |
References:
Security for SharePoint Server 2016
https://technet.microsoft.com/en-us/library/mt683473(v=office.16).aspx
TCP/IP Ports of SharePoint 2013
https://blog.blksthl.com/2013/02/21/tcpip-ports-of-sharepoint-2013/
___________________________________________________________________________________________________
Enjoy!
Regards
Twitter | Technet Profile | LinkedIn
Office 365 News – admin.onedrive.com
https://admin.onedrive.com
‘ ‘Say no more!
‘
‘
References and Credits
Credits & many thanks to
Everyone!‘
_________________________________________________________ Enjoy!
Regards
Office 365 News – OneDrive for Business now supports 10GB files and much more
Short story: The OneDrive for Business improvements are here!
This was promised to us a long time ago, and it has now finally come to be. At the same time, the 20.000 file limit from before has also been removed (Improved)
Here is the proof:
The file was in addition, uploaded using the new OneDrive sync client!
(Dropped the file in the local cache and let the sync do its stuff)
- The OneDrive for Business Next Generation Sync Client is available for Windows 7, 8 and 10 (8.1 support will be added in the first quarter of 2016) and Mac OS X 10.9 and above.
- Storage, rolling out is an increase from 1TB to 5TB, upon request, more will be made available until unlimited is achieved? (Valid for: Enterprise E3, E4 and E5, Government E3, E4 and E5, Education, OneDrive for Business Plan 2 and SharePoint Online Plan 2)
- 10GB filesize limit
- No more 20.000 file limit
- !! With this first release of several, the Next Generation Sync Client supports OneDrive for Business only, but we will add support for SharePoint document libraries in future releases. (This is the best news in a long time)
- In the interim, if customers require sync for both OneDrive for Business and SharePoint document libraries, the Next Generation Sync Client is designed to work side-by-side with the existing sync client.
- the OneDrive for iOS app will support offline storage. You can selectively flag files for local availability and open them when disconnected
- For developers: https://dev.onedrive.com/ (OneDrive developer portal)
References:
Read the official story on the Office 365 blog about the (then upcoming) news here:
OneDrive for Business update on storage plans and Next Generation Sync Client
https://blogs.office.com/2015/12/16/onedrive-for-business-update-on-storage-plans-and-next-generation-sync-client/
_________________________________________________________
Enjoy!
Regards
SharePoint Online – Missing Web Parts with custom script disabled
Missing Web Parts with custom script disabled…
‘ ‘
The Custom Script setting (Default disabled)
‘
‘
As I have posted about before, during the end of 2014, beginning of 2015, a new security feature in SharePoint Online has been rolled out. The feature in itself is a great security feature if that is what you want.
Missing example:
Expected webparts:
Note: changes to this setting might take up to 24 hours to take effect.
In my previous post on this setting, I listed the missing features, however this is not all that will go missing. In addition, quite a few webparts will be gone from your SharePoint Online environment. This may or may not be expected by you and your users/editors/developers…
Below is the list of webparts that you will not find with the Custom script setting off/disabled.
| Web part category | Web part |
| Blog | Blog Archives
Blog Notifications Blog Tools |
| Business Data | Business Data Actions
Business Data Item Business Data Item Builder Business Data List Business Data Related List Excel Web Access Indicator Details Status List Visio Web Access |
| Community | About This Community
Join My Membership Tools What’s Happening |
| Content Rollup | Categories
Project Summary Relevant Documents RSS Viewer Site Aggregator Sites in Category Term Property Timeline WSRP Viewer XML Viewer |
| Document Sets | Document Set Contents
Document Set Properties |
| Forms | HTML Form Web Part |
| Media and Content | Content Editor
Script Editor Silverlight Web Part |
| Search | Refinement
Search Box Search Navigation Search Results |
| Search-Driven Content | Catalog-Item Reuse |
| Social Collaboration | Contact Details
Note Board Organization Browser Site Feed Tag Cloud User Tasks |
Find Microsofts support article on the setting here:
Turn scripting capabilities on and off (Microsoft support article)
https://support.office.com/en-us/article/Turn-scripting-capabilities-on-and-off-1f2c515f-5d7e-448a-9fd7-835da935584f?ui=en-US&
The complete list of settings affected and webparts missing: Save Site as Template, Save document library as template, Solution Gallery, Web Designer Galleries, Theme Gallery, Help Settings, Sandbox solutions, the Blog Archives, Blog Notifications, Blog tools Blog Webparts, the Business Data Actions, Business Data Item, Business Data Item Builder, Business Data List, Business Data Related List, Excel Web Access, Indicator Details, Status List, Visio Web Access Business Data Webparts, the About This Community, Join, My Membership, Tools, What’s Happening Community Webarts, the Categories, Project Summary, Relevant Documents, RSS Viewer, Site Aggregator, Sites in Category, Term Property, Timeline, WSRP Viewer, XML Viewer Content Rollup Webparts, the Document Set Contents, Document Set Properties Document Sets Webparts, the HTML Form Webpart, the Content Editor, Script Editor, Silverlight Webpart Media and Content Webparts, the Refinement, Search Box, Search Navigation, Search Results Search Webparts, the Catalog-Item Reuse Search-Driven Content Webparts and the Contact Details, Note Board, Organization Browser, Site Feed, Tag Cloud, User Tasks Social Collaboration Webparts.
References and Credits
None at this time…
Credits & many thanks to
Everyone!‘ _________________________________________________________ Enjoy!
Regards
Sweet app launcher custom tiles now available in Office 365
Really nice this, long awaited…
‘
”
Add shortcuts straight to your external website, to your portal, your teamsite of choice or project-web portal, now all in the Office 365 admin GUI, no hazzle.
Follow these simple steps:
1. Go to the Office 365 admin portal (https://portal.office.com/admin/default.aspx)
2. In the top left corner, click on your organization name link.
3. Next, select option no.3 – Custom tiles.
4. Click on the rather large plus sign to create a custom tile. Add a Name, URL, Description and a image URL (Pre-uploaded to a SharePoint asset lib?)
5. Repeat until you have your tiles.
6. Allow some delay for timer jobs to run, things to happen in the background, this may take a while.
7. Go to your App launcher, My Apps.
8. Your custom tiles will be located at the bottom of the list.
9. Click on the ‘dots’ and select ‘Pin to launcher’ – this will make them show up in your personal App Launcher.
10. Viola!
Pretty good huh?
References and Credits
Only me this time…I actually found this one out all by myself! Never seen it in the Office blogs, never looked for it either.
Credits & many thanks to
My team, my collegues and all of you!!
‘
_________________________________________________________
Enjoy!
Regards
Right-click is here for SharePoint Online AND OneDrive for Business
Yeey! right-click is here for SharePoint Online AND OneDrive for Business (but…)
‘
”
Recently, right-click functionality was introduced in SharePoint Online and OneDrive for Business both, it really is a great feature that simplifies the lives of all users.
I will show in Pictures what I mean, no more ‘three dots’ or select and then ‘three dots’ again. Now, with right-click, we can easily access the properties and functions to manage a file or folder simply by right-clicking on it. (I assume though, that the dots and More will be left in Place, not all devices have a right button…)
So, here is what its all about, right-click and you can now access:
Open in Word, Open in Word Online, Download, Share, Rename, Delete, Move or Copy, Version History, Properties, Check out, Follow, Workflows, Shared with and Compliance details.
This is how it looks:
1. Right-click in OneDrive for Business
2. Right-click in SharePoint Online
4. Caveat no 1 – Right-click breaks with Managed Metadata columns in view *
5. Caveat no 2 – Copy shortcut is gone
* Right-click does work with Content types, site columns with non Managed metadata datatypes and views with multiple columns
‘
1. Right-click in OneDrive for Business
‘
2. Right-click in SharePoint Online
3. Right-click on Multiselect
4. Caveat no 1 – Right-click breaks with Managed Metadata columns in view
Yes, add an Managed Metadata column is fine, but if you show it in a view, right-click breaks and goes back to IE default.
In the example below I created and added a column actually named Managed Metadata…
When the Managed Metadata based column is added to the view, right-click breaks.
5. Caveat no 2 – Copy shortcut is gone
This may not seem like a big deal…but for admins, developers or designers, this is a bit cumbersome. You often want to get the URL from a resource file (js, css or similar) and now you can’t. Type it in folks….
Thats it. The news is out.
References and Credits
Only me this time…
Credits & many thanks to
My team, my collegues and Mattias Gutke! A good friend!
‘ _________________________________________________________
Enjoy!
Regards
Office 365 – DTD is prohibited in this document issue
Got trouble Connection PowerShell to SharePoint online? This could be the resolution to your troubles.
I had this myself, or we had it in our Company tenant. This is what the issue was and this is how I fixed it:
When trying to connect to PowerShell for SharePoint Online, using the Connect-SPOService command, we got a error that did not tell us anything.
The error is:
Connect-SPOService : For security reasons DTD is prohibited in this document. To enable DTD processing set DtdProcessing property on XmlReaderSettings to Parse and pass the settings into XmlReader.Create method.
Well, its almost a joke right…
When searching the web for information on this particular, I struck zero…all I could find related to the ISP and the default search provider something. I quickly dismissed them as unrelated.
Then after some time had passed, I found a similar issue, this seemed related and it was a connectivity issue same as mine (If I still had the link I would give credit to where credit is due). This fellow had resolved the issue by adding a missing DNS record.
This made me think, since our tenant has existed since way Before Office 365 existed (BPOS) perheps we were also missing some of the required DNS records?
I checked with my collegues, and apparently we were missing the record as well.
So, if you ever see or get the ‘DTD prohibited’ issue, remember to check the DNS for the following record:
Type: CNAME
Alias: MSOID
Target: clientconfig.microsoftonline-p.net
Info: Used by Office 365 to direct authentication to the correct identity platform More Information
After I added this to DNS, Connect-SPOService works just fine!
| Microsoft’s official explaination on the DNS record: What’s the purpose of the additional Office 365 CNAME record? If Office 365 manages your domain’s DNS records,, Office 365 sets up this CNAME record for you. If you are managing DNS records for your domain at your DNS host, to create this record, you create this record yourself by following the instructions for your DNS host. |
References and Credits‘
Nope, not this time…Credits & many thanks to To all of you.
_________________________________________________________
Enjoy!
Regards
