Allocating Ports for Windows Media Services

Applies To: Windows Server 2008, Windows Server 2008 R2

Most firewalls are used to control "inbound traffic" to the server; they generally do not control "outbound traffic" to clients. However, ports in your firewall for outbound traffic may be closed if a more stringent security policy is implemented on your server network. This section describes the default port allocation for Windows Media Services 2008 for both inbound and outbound traffic (shown as "In" and "Out" in the tables) so that you can configure all ports as needed.

In some scenarios, outbound traffic may be directed to one port in a range of available ports. Port ranges shown in the tables indicate the entire range of available ports; however, you can allocate fewer ports within the port range. When deciding how many ports to open, balance security with accessibility by opening just enough ports to allow all clients to make a connection. As a starting point, determine how many ports you expect to use for Windows Media Services and then open 10 percent more to account for overlap with other programs. After you've established this number, monitor your traffic to determine if adjustments are necessary.

Port range restrictions potentially affect all remote procedure call (RPC) and Distributed Component Object Model (DCOM) applications that share the system, not just Windows Media Services. If the allocated port range is not broad enough, competing services such as IIS may fail with random errors. The port range must be able to accommodate all potential system applications that use RPC, COM, or DCOM services.

To make firewall configuration easier, you can configure the server control protocol plug-ins (RTSP and HTTP) in Windows Media Services Administrator to use a specific port. If your network administrator has already opened a series of ports for use by your Windows Media server, you can allocate those ports to the control protocols accordingly. If not, you can ask the network administrator to open the default ports for each protocol. If opening ports on your firewall is not possible, Windows Media Services can stream content by using the HTTP protocol over port 80.

The default firewall port allocation for Windows Media Services is described in the following sections:

Delivering a unicast stream

Delivering a multicast stream

Streaming from an encoder

Distributing content

Administering the server remotely