This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 15%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFC%3C/text%3E%3C/svg%3E)
Hi All,
We have setup DMZ servers in SCOM by enabling port 5723 and certificate trust. But the client has informed us that the port has not been hit and asked whether it is required?
Kindly confirm whether the port 5723-5724 is still required after adding using certificate trust? I have seen the port is required as a pre-requisite. Please let us know, why the port is not hitting?
Thanks in advance
Fadil
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 31%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
5723 is required from DMZ agent to scom server only, not the other way around.
5724 is not required.
If there is no traffic, you should verify that the agent is properly configured (fqdn of scom server especially), that name it's able to resolve that dns name, that it has a network route to scom server etc
Hi Fadil,
the ports must be opened in order for the agent to communicate with its Management or Gateway Server.
The certificate based authentication is completely different thing.
If you don't open the port, there can be no communication and no monitoring, so the port is a very important requirement. This is the official confirmation from Microspoft Learn...From:
Configuring a Firewall for Operations Manager
https://learn.microsoft.com/en-us/system-center/scom/plan-security-config-firewall?view=sc-om-2022&WT.mc_id=EM-MVP-5002219#port-assignments
You don't need 5724 from the agents to their Management or Gateway Servers, you only need 5723.
In order to assure your customer that this port is safe, you can forward him/her this article, which explains how the communication is being encrypted and priovides some security insights into the SCOM communication:
Authentication and Data Encryption in Operations Manager
https://learn.microsoft.com/en-us/system-center/scom/plan-security-authentication-data-encryption?view=sc-om-2022&WT.mc_id=EM-MVP-5002219#setting-up-communication-between-agents-and-management-servers-across-trust-boundaries
I hope I was able to help!
----------
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Stoyan Chalakov