K2 and Firewalls
KB001318
PRODUCT
For the latest information on port and firewall settings and K2, please see the Firewall Ports and K2 topic in the Installation and Configuration Guide.
Introduction
This document is a quick reference for the default ports likely to be used in a K2 installation and therefore opened in intermediate firewalls.
Ports by Component
K2 blackpearl/blackpoint server
- TCP 5252 [Workflow server]
- TCP 5555 [Host server]
- TCP 49599 [Discovery Service for standalone servers]
- TCP 49600 [Discovery Service for K2 server farm]
- HTTP 8888 [WCF and REST SmartObject services endpoints, K2 blackpearl only]
- HTTP or HTTPS and associated port [K2 Services, K2 blackpearl only]
- MSDTC
- RPC endpoint mapper: TCP/UDP 135
- RPC randomly allocated high TCP ports TCP 1024 - 65535* (you can choose the range)
K2 Workspace
- HTTP: TCP 80
- HTTPS: TCP 443
K2 Web Services (within K2 Workspace or SharePoint)
- HTTP: TCP 80
- HTTPS: TCP 443
K2 connect
- TCP 8085
K2 smartforms Designer
- HTTP: TCP 80
- HTTPS: TCP 443
K2 smartforms Runtime
- HTTP: TCP 80
- HTTPS: TCP 443
K2 for SharePoint 2013
- TCP 6332 (required for K2 for SharePoint App registration for versions prior to 4.7)
SQL (K2 databases)
- TCP 1433 (or specified port for SQL instance)
- UDP 1434 (for SQL Server Manager Studio to connect to DBs)
- MSDTC
- RPC endpoint mapper: TCP/UDP 135
- RPC randomly allocated high TCP ports TCP 1024 - 65535* (you choose the range)
Ports by Scenario
Active Directory events in K2 workflow
- Open from K2 server to AD
- LDAP: TCP/UDP 389
Exchange Mailbox events
- Open from K2 server to Exchange
- WinRM 1.1 and earlier: The default HTTP port is 80, and the default HTTPS port is 443.
- WinRM 2.0: The default HTTP port is 5985, and the default HTTPS port is 5986.
Exchange Scheduling events
- Open from K2 server to Exchange
- Exchange Web Services (EWS)
- HTTP: TCP 80
- HTTPS: TCP 443
- Exchange Web Services (EWS)
Email events / Client event Notifications
- Open from K2 server to Exchange/SMTP
- SMTP: TCP 25
- MSA: TCP 587 (Microsoft secured email)
K2 Studio connect to K2 server
- Open from client to K2 server
- TCP 5252, 5555
- Open from client to SharePoint
- HTTP: TCP 80
- HTTPS: TCP 443
Other Ports
A list of common ports for services K2 may need to contact.
- DNS: TCP 53
- SMTP: TCP 25
- LDAP: TCP/UDP 389
- LDAPS: TCP/UDP 636
- Kerberos: TCP/UDP 88
- SMB (file transfer): TCP/UDP 445
Problem Area | Error Message | Likely Causes |
---|---|---|
SmartObject Deployment (including during Process Deployment) | SmartObject Server Exception: Could not publish SmartObject Definition to server: Error refreshing Service Instance ’WorkflowReportingService’. Service returned : ’Workflow Reporting SO Service: Communication with the underlying transaction manager has failed. | Firewall or MSDTC config |
SmartObject Server Exception: Could not publish SmartObject Definition to server: Error refreshing Service Instance ’SmartBoxService’. Service returned : ’Unable to connect to the Database.Communication with the underlying transaction manager has failed. | ||
Dependancy could not be created: System.Transactions.TransactionManagerCommunicationException: Communication with the underlying transaction manager has failed. ---> System.Runtime.InteropServices.COMException (0x80004005): Error HRESULT E_FAIL has been returned from a call to a COM component. | ||
Dependancy could not be created: System.Transactions.TransactionManagerCommunicationException: Communication with the underlying transaction manager has failed. ---> System.Runtime.InteropServices.COMException (0x8004D02B): The MSDTC transaction manager was unable to pull the transaction from the source transaction manager due to communication problems. Possible causes are: a firewall is present and it doesn’t have an exception for the MSDTC process, the two machines cannot find each other by their NetBIOS names, or the support for network transactions is not enabled for one of the two transaction managers. (Exception from HRESULT: 0x8004D02B) | MSDTC was unreachable on the other machine. If consistent, probably NetBIOS resolution or firewall or MSDTC security settings. | |
SmartObject Server Exception: Could not publish SmartObject Definition to server: Error refreshing Service Instance ’WorkflowReportingService’. Service returned : ’Workflow Reporting SO Service: The partner transaction manager has disabled its support for remote/network transactions. (Exception from HRESULT: 0x8004D025) | Network DTC access not enabled on SQL server/cluster | |
SmartObject Service Tester | VALIDATION A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) Source: SourceCode.SmartObjects.Services.Management | Firewall or SQL config |
Host Server Log | K2Sql::UpdateLogUsers,1 Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding. The statement has been terminated. | |
Central Admin / Activate Components | A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 10.10.10.10:5555 | Port 5555 and/or 5252 not open between SharePoint and K2 |
No such host is known | ||
SharePoint web application, Central Admin, Workspace, etc. | Unable to connect to K2SERVER on port 5252. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond | Firewall, DNS, K2 service not running |
K2 Studio Object Browser | The following errors occurred while connecting to the Environment Library: No connection could be made because the target machine actively refused it No response from host. Make sure that: - K2 server is running on the target machine, - the target machine is accessible from the network and - a firewall is not blocking the K2 Server from communicating with the network. | |
K2 Setup Manager (any component except K2 server) | Connection Failed | Firewall blocking connection to SQL, install account has read permissions on DB |
Management Console | Other K2 servers not visible | Discovery Service not running, on different port, or firewall blocking 45999/46000 |