aa

Deland-Han · Deland-Han · commit a0bf6195a06c · 2025-01-21T16:35:14.000+08:00
diff --git a/support/windows-server/remote/sample.md b/support/windows-server/remote/sample.md
@@ -7,46 +7,52 @@ _tocRel: toc.json
 author: Archiveddocs
 ms.author: Archiveddocs
 ---
-# RDS 2012: Which ports are used during deployment?
+# Ports that are used by RDS
 
-To configure Remote Desktop Services correctly for internet access or any time where firewalls are used, it is useful to know what ports are required.
+This article introduces the ports that are required to open on firewalls in order to configure Remote Desktop Services correctly.
 
-The information / taxonomy is broken down by role service/component, and lists all inbound/outbound ports used.
+The information and taxonomy is broken down by role service and component, and lists all inbound and outbound ports used.
 
-## From Client to RD Resource
+## From Client to Remote Desktop Resource
 
-- If using RDWeb
-  - TCP 443 (HTTPS)
-- TCP|UDP 3389:  Standard RDP port. Can be configured on host and client to a different port number.
+- TCP 443 (HTTPS) needs to be open if RDWeb is deployed.
+- TCP and UDP 3389:  Standard RDP port. Can be configured on host and client to a different port number.
 
 ## Remote Desktop Connection Broker (RDCB)
 
 - TCP 5504: connection to RD Web Access
 - TCP 3389: connection to RD Session Host
 - TCP 3389: connection to non-managed VM pools, managed machines use VMBus to open port.
 - TCP 3389: client port for clients not using RD Gateway
-- TCP 445|RPC: connection to RD Virtualization Host
-- TCP 445|RPC: connection to RD Session Host
+- TCP 445 and RPC: connection to RD Virtualization Host
+- TCP 445 and RPC: connection to RD Session Host
 - TCP 5985: WMI and PowerShell Remoting for administration
 
 ## Remote Desktop Gateway
 
-- For inbound external internet based traffic from RD Clients to the Gateway:
-  - TCP 443:  HTTP (includes RPC over HTTP) over SSL - (configurable using RD Gateway Management console)
-  - UDP 3391:  RDP/UDP (configurable using RD Gateway Management console) (NOTE: Firewalls that have directional UDP analysis, such as TMG, require UDP "Send Receive"  configured)
-- For internal traffic between the Gateway and the required User AD, Resource AD, DNS, NPS etc:
-  - TCP 88: Kerberos for user authentication
-  - TCP 135: RPC Endpoint Mapper
-  - TCP: \<\>, Port on which NTDS RPC services listens on AD
-  - TCP|UDP 389:  LDAP for user authentication
-  - TCP|UDP 53: Internal resource name resolution, DNS
-  - TCP|UDP 389: If using LDAP for Certificate Revocation List (CRL)  
-  - TCP 80:  If using HTTP for Certificate Revocation List (CRL)  
-  - TCP 21:  If using FTP for Certificate Revocation List (CRL)  
-  - UDP 1812, 1813: If NPS Server is being used
-  - TCP 5985: WMI and PowerShell Remoting for administration
-- For internal traffic from the Gateway and the Internal Remote Desktop resources
-  - TCP|UDP 3389: RDP (NOTE: Firewalls that have directional UDP analysis, such as TMG, require UDP "Send Receive" configured in the UDP protocol)
+For inbound external internet based traffic from RD Clients to the Gateway:
+
+- TCP 443:  HTTP (includes RPC over HTTP) over SSL - (configurable using RD Gateway Management console)
+- UDP 3391:  RDP/UDP (configurable using RD Gateway Management console) (NOTE: Firewalls that have directional UDP analysis, such as TMG, require UDP "Send Receive"  configured)
+
+For internal traffic between the Gateway and the required User AD, Resource AD, DNS, NPS etc:
+
+- TCP 88: Kerberos for user authentication
+- TCP 135: RPC Endpoint Mapper
+- TCP: 135, Port on which NTDS RPC services listens on AD
+- TCP and UDP 389:  LDAP for user authentication
+- TCP and UDP 53: Internal resource name resolution, DNS
+- TCP and UDP 389: If using LDAP for Certificate Revocation List (CRL)  
+- TCP 80:  If using HTTP for Certificate Revocation List (CRL)  
+- TCP 21:  If using FTP for Certificate Revocation List (CRL)  
+- UDP 1812, 1813: If NPS Server is being used
+- TCP 5985: WMI and PowerShell Remoting for administration
+
+For internal traffic from the Gateway and the Internal Remote Desktop resources:
+
+- TCP and UDP 3389: RDP
+  > [!Note]
+  > Firewalls that have directional UDP analysis, such as TMG, require UDP "Send Receive" configured in the UDP protocol
 
 ## Remote Desktop Web Access
 
@@ -55,25 +61,21 @@ The information / taxonomy is broken down by role service/component, and lists a
   - TCP 5504: connection to RD Connection Broker for centralized publishing
   - TCP 5985: WMI and PowerShell Remoting for administration
 
-<!-- -->
-
-- If ISA is used, please refer to  <http://www.isaserver.org/articles/2004perimeterdomain.html>
-
 ## Remote Desktop Session Host
 
 - RD License Server Port RPC
-- TCP 389|636: Active Directory communication
+- TCP 389 and 636: Active Directory communication
 - TCP 5985: WMI and PowerShell Remoting for administration
 
 ## Remote Desktop Virtualization Host
 
 - RD License Server Port RPC
-- TCP 389|636: Active Directory communication
+- TCP 389 and 636: Active Directory communication
 - TCP 5985: WMI and PowerShell Remoting for administration
 
 ## Remote Desktop Licensing Server
 
-Information for Terminal Server in Windows Server 2008 is at <http://support.microsoft.com/KB/832017#method26>  The ports used have not changed in Windows Server 2012 | R2.  The summary follows.
+For more information, see [RDS Licensing (RDSL)](../networking/service-overview-and-network-port-requirements.md#rds-licensing-rdsl).
 
 ### TCP
 
@@ -85,14 +87,12 @@ Information for Terminal Server in Windows Server 2008 is at <http://support.mic
 - TCP 5985: WMI and PowerShell Remoting for administration
 - TCP 139 - NetBIOS session service
 
-How to configure which ports (if need to set to specifics) <http://support.microsoft.com/kb/154596/>
+For more information, see [How to configure RPC dynamic port allocation to work with firewalls](../networking/configure-rpc-dynamic-port-allocation-with-firewalls.md).
 
 ### NetBIOS
 
 - UDP 137 - NetBIOS Name resolution
 - UDP 138 - NetBIOS datagram
 - UDP|TCP 389   LDAP - Used with per-user CALs against Active Directory
 
-From a proxy standpoint, the regkey HKLM\Software\Microsoft\TermServLicensing\lrwiz\Params shows the Microsoft service that the RD LS communicates with.  e.g. clearinghouse.one.microsoft.com
-
- 
+From a proxy standpoint, the registry key `HKLM\Software\Microsoft\TermServLicensing\lrwiz\Params` shows the Microsoft service that the RD LS communicates with.
