Check Ports for Extranet SharePoint Farms with PowerShell

When you create a SharePoint Farm within an extranet you usually have to check ports to other servers within other security layers behind firewalls. Here is a simple script for a quick check. Copy this script to every SharePoint Server and modify the ip addresses. Run the script on the server to see if a port is blocked.


<#
These values can be modified
Enter the IPS of the server
Ports from http://technet.microsoft.com/en-us/library/cc262849.aspx
#>
$SERVER_APP = "xxx.xxx.xxx.xxx"
$SERVER_WEBAPPS = @("xxx.xxx.xxx.xxx", "xxx.xxx.xxx.xxx")
$SERVER_DB = "xxx.xxx.xxx.xxx"
$SERVER_AD = "xxx.xxx.xxx.xxx"
$SERVER_DNS = "xxx.xxx.xxx.xxx"
$SERVER_SMTP = "xxx.xxx.xxx.xxx"
$CLIENT = "xxx.xxx.xxx.xxx" #IP of a client which should access SharePoint

$USE_KERBEROS = $false
$USE_NETBIOS = $false
$USE_SMTP = $true

# bi = bidirectional
# out = outbound
$CONNECTIONS = @(
  #SQL
  ( "out", $SERVER_APP, $SERVER_DB, "1435", "SQL" ),
  ( "out", $SERVER_WEBAPPS, $SERVER_DB, "1435", "SQL" ),  
  
  #Service Applications
  ( "bi", $SERVER_WEBAPPS[0], $SERVER_WEBAPPS[1], "32843,32844", "Service Applications" )  
  
  #HTTP
  ( "bi", $CLIENT, $SERVER_WEBAPPS, "80,443", "HTTP, HTTPS" ),      
  ( "bi", $SERVER_WEBAPPS, $SERVER_APP, "80,443", "HTTP, HTTPS" ),    

  #SMB
  ( "bi", $SERVER_WEBAPPS, $SERVER_APP, "445", "SMB" ),      
  
  #LDAP
  ( "out", $SERVER_APP, $SERVER_AD, "389, 636" , "LDAP, LDAPS"),
  
  #DNS
  ( "out", $SERVER_APP, $SERVER_DNS, "53", "DNS" )
)

#SMTP ?
if ($USE_SMTP -eq $true) {  
  $CONNECTIONS += ,( "bi", $SERVER_WEBAPPS, $SERVER_SMTP, "25", "SMTP" )
}

#KERBEROS ?
if ($USE_KERBEROS -eq $true) {  
  $CONNECTIONS += ,@( "bi", $SERVER_WEBAPPS, $SERVER_APP, "88,464", "Kerberos")
}

#NETBIOS ?
if ($USE_NETBIOS -eq $true) {  
  $CONNECTIONS += ,@( "bi", $SERVER_WEBAPPS, $SERVER_APP, "137,138,139", "NetBios")
}


<#
---------------------------
Do not touch these ones
---------------------------
#>
$LOCAL_IP = (Get-WmiObject -class win32_NetworkAdapterConfiguration -Filter 'ipenabled = "true"').ipaddress[0]

Function PingPort {
  $ip = $args[0] 
  $port = [int]$args[1]
  
  $ErrorActionPreference = "SilentlyContinue"
  $socket = new-object System.Net.Sockets.TcpClient($ip, $port)
  if ($socket –eq $null) {    
    $false
  } else {
    $socket = $null
    $true
  }
}

foreach ($conn in $CONNECTIONS) {  
  if ($conn[0] -eq "bi") {    
    $CONNECTIONS += ,@( "out", $conn[2], $conn[1], $conn[3], $conn[4] )
  }
}

foreach ($conn in $CONNECTIONS) {  
  if ( $conn[1] -is [System.Array] ) { $servers1 = $conn[1] }else{ $servers1 = @($conn[1]) }
  if ( $conn[2] -is [System.Array] ) { $servers2 = $conn[2] }else{ $servers2 = @($conn[2]) }    
  $ports = $conn[3] -split ","  
  $desc = $conn[4]
  
  foreach( $port in $ports) {
    foreach( $server1 in $servers1) {    
      foreach( $server2 in $servers2) {            
        if ($LOCAL_IP -eq $server1) {
          Write-Host "`nTesting Connection:"
          Write-Host $server1 " -> " $server2 " -> Port:" $port " [" $desc "]" -foregroundcolor yellow
          $pinged = PingPort $server2 $port
          if ( $pinged -eq $true ){
            Write-Host "Connection O.K." -foregroundcolor green
          }else{
            Write-Host "Port closed." -foregroundcolor red
          }
        }
      }
    }
  }
}


Comments

Post a Comment

Popular posts from this blog

Open SharePoint 2010/2013 Display, Edit, New Forms in Modal Dialogs

Image
If you want to open a SP 2010 or in SP 2013 list item in a modal dialog you have two choices. Using the standard JavaScript functions or creating own functions. How to find which item URL is called If the dialog box appears you don't have an address bar to pick up the called URL. To see which URL is called when you edit or open a list item use the Internet Explorer Developer Tools. Open your source list in the Internet Explorer. Press F12 to open the developer tools. Click on the "Network" tab and then on "Start Capturing" Now click the link you want to track. You'll see the requests listed and you can also copy the urls for your need. SharePoint usually calls the /_layout/listform.aspx with the list parameter. The form then redirects to the appropriate list form. Method 1: Using core functions When using SharePoint 2010 core javascript functions to open elements in dialogs mostly you'll need to know : the ID of the l
Read more

Ways to redirect http requests in SharePoint

Image
The are multiple szenarios when you need a redirect in SharePoint: You've migrated SharePoint into a new URL (e.g http://sp2010 to http://sp2013) You moved a site collection You moved a sub site into a new site collection If you want to redirect in SharePoint without custom solutions you have the following options: Redirect with XML Viewer or Content Editor WebPart You can redirect with JavaScript by inserting a WebPart into the site and adding simple JavaScript. This is easy to configure but redirects only the site in which the WebPart sits (Probably the Mainsite). If users have saved links the their document libraries this method fails, unless you put the same WebPart into the document library. So go to the site you want to redirect and the XML Viewer WebPart. Open the WebPart settings and add the following line of code: <script type="text/javascript"> location.href = "<<the url you want to redirect>>"; </s
Read more

Using WebDav on IIS 7 to access UNC Paths

Image
In this post I want to show you step by step how to connect to a file share using webdav on IIS 7. For this post I assume: that you have already an IIS installed on the server  that you have installed WebDav or enabled the WebDav Feature on IIS. the server on which is IIS installed can reach the file share. 1: CREATE APPLICATION POOL The first step is to create a seperate application pool on the IIS. Open the program "Internet Information Services Manager". Click on "Application Pools" Click on "Add Application Pool" on the right menu Name it "WebDav". Let the rest as it. Right click on the new created Application Pool "WebDav" and select "Advanced Settings". Pay attention to the following attributes: .Net Framework Version : No Managed Code Identity : The identity of the Application Pool should be an account which has permissions to read the file share. Load User Profile : Should be set to "False"
Read more