K2 and Firewalls

  • 16 February 2021
  • 0 replies
  • 731 views

Badge +2
 

K2 and Firewalls

KB001318

PRODUCT
K2 blackpearl RTM to 4.6.11
K2 smartforms 1.0 to 4.6.11
K2 connect 4.5 to 4.6.11
BASED ON
K2 blackpearl 0807
SEE ALSO
 
LEGACY/ARCHIVED CONTENT
This article has been archived, and/or refers to legacy products, components or features. The content in this article is offered "as is" and will no longer be updated. Archived content is provided for reference purposes only. This content does not infer that the product, component or feature is supported, or that the product, component or feature will continue to function as described herein.

 

 

This topic is considered legacy content. It is available for archival purposes only, is provided "as is" and will no longer be updated.
For the latest information on port and firewall settings and K2, please see the Firewall Ports and K2 topic in the Installation and Configuration Guide.

Introduction

This document is a quick reference for the default ports likely to be used in a K2 installation and therefore opened in intermediate firewalls.

This article is intended as a general guide and is not intended to be a complete list of all firewall settings you may need in your environment. Default ports are listed but can vary by environment.

 

 

Ports by Component

K2 blackpearl/blackpoint server

  • TCP 5252 [Workflow server]
  • TCP 5555 [Host server]
  • TCP 49599 [Discovery Service for standalone servers]
  • TCP 49600 [Discovery Service for K2 server farm]
  • HTTP 8888 [WCF and REST SmartObject services endpoints, K2 blackpearl only]
  • HTTP or HTTPS and associated port [K2 Services, K2 blackpearl only]
  • MSDTC
    • RPC endpoint mapper: TCP/UDP 135
    • RPC randomly allocated high TCP ports TCP 1024 - 65535* (you can choose the range)

K2 Workspace

  • HTTP: TCP 80
  • HTTPS: TCP 443

K2 Web Services (within K2 Workspace or SharePoint)

  • HTTP: TCP 80
  • HTTPS: TCP 443

K2 connect

  • TCP 8085 

K2 smartforms Designer

  • HTTP: TCP 80
  • HTTPS: TCP 443

K2 smartforms Runtime

  • HTTP: TCP 80
  • HTTPS: TCP 443

K2 for SharePoint 2013

  • TCP 6332 (required for K2 for SharePoint  App registration for versions prior to 4.7)

SQL (K2 databases)

  • TCP 1433 (or specified port for SQL instance)
  • UDP 1434 (for SQL Server Manager Studio to connect to DBs)
  • MSDTC
    • RPC endpoint mapper: TCP/UDP 135
    • RPC randomly allocated high TCP ports TCP 1024 - 65535* (you choose the range)

Ports by Scenario

Active Directory events in K2 workflow

  • Open from K2 server to AD
    • LDAP: TCP/UDP 389

Exchange Mailbox events

  • Open from K2 server to Exchange
    • WinRM 1.1 and earlier: The default HTTP port is 80, and the default HTTPS port is 443.
    • WinRM 2.0: The default HTTP port is 5985, and the default HTTPS port is 5986.

Exchange Scheduling events

  • Open from K2 server to Exchange
    • Exchange Web Services (EWS)
      • HTTP: TCP 80
      • HTTPS: TCP 443

Email events / Client event Notifications

  • Open from K2 server to Exchange/SMTP
    • SMTP: TCP 25
    • MSA: TCP 587 (Microsoft secured email)

K2 Studio connect to K2 server

  • Open from client to K2 server
    • TCP 5252, 5555
  • Open from client to SharePoint
    • HTTP: TCP 80
    • HTTPS: TCP 443

Other Ports

A list of common ports for services K2 may need to contact.

  • DNS: TCP 53
  • SMTP: TCP 25
  • LDAP: TCP/UDP 389
  • LDAPS: TCP/UDP 636
  • Kerberos: TCP/UDP 88
  • SMB (file transfer): TCP/UDP 445
Common Error Messages
Problem Area Error Message Likely Causes
SmartObject Deployment (including during Process Deployment) SmartObject Server Exception: Could not publish SmartObject Definition to server: Error refreshing Service Instance ’WorkflowReportingService’. Service returned : ’Workflow Reporting SO Service: Communication with the underlying transaction manager has failed.

Firewall or MSDTC config

SmartObject Server Exception: Could not publish SmartObject Definition to server: Error refreshing Service Instance ’SmartBoxService’. Service returned : ’Unable to connect to the Database.Communication with the underlying transaction manager has failed.
Dependancy could not be created: System.Transactions.TransactionManagerCommunicationException: Communication with the underlying transaction manager has failed. ---> System.Runtime.InteropServices.COMException (0x80004005): Error HRESULT E_FAIL has been returned from a call to a COM component.
Dependancy could not be created: System.Transactions.TransactionManagerCommunicationException: Communication with the underlying transaction manager has failed. ---> System.Runtime.InteropServices.COMException (0x8004D02B): The MSDTC transaction manager was unable to pull the transaction from the source transaction manager due to communication problems. Possible causes are: a firewall is present and it doesn’t have an exception for the MSDTC process, the two machines cannot find each other by their NetBIOS names, or the support for network transactions is not enabled for one of the two transaction managers. (Exception from HRESULT: 0x8004D02B) MSDTC was unreachable on the other machine. If consistent, probably NetBIOS resolution or firewall or MSDTC security settings.
SmartObject Server Exception: Could not publish SmartObject Definition to server: Error refreshing Service Instance ’WorkflowReportingService’. Service returned : ’Workflow Reporting SO Service: The partner transaction manager has disabled its support for remote/network transactions. (Exception from HRESULT: 0x8004D025) Network DTC access not enabled on SQL server/cluster
SmartObject Service Tester VALIDATION A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)

Source: SourceCode.SmartObjects.Services.Management

Firewall or SQL config
Host Server Log K2Sql::UpdateLogUsers,1 Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.

The statement has been terminated.

Central Admin / Activate Components A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 10.10.10.10:5555 Port 5555 and/or 5252 not open between SharePoint and K2
No such host is known
SharePoint web application, Central Admin, Workspace, etc. Unable to connect to K2SERVER on port 5252.

A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond

Firewall, DNS, K2 service not running
K2 Studio Object Browser The following errors occurred while connecting to the Environment Library:

No connection could be made because the target machine actively refused it

No response from host. Make sure that:

- K2 server is running on the target machine,

- the target machine is accessible from the network and

- a firewall is not blocking the K2 Server from communicating with the network.

K2 Setup Manager (any component except K2 server) Connection Failed Firewall blocking connection to SQL, install account has read permissions on DB
Management Console Other K2 servers not visible Discovery Service not running, on different port, or firewall blocking 45999/46000

 


0 replies

Be the first to reply!

Reply