You deploy an Active Directory Federation Services (AD FS) Federation Service Proxy on a server named Server1.
You need to configure the Windows Firewall on Server1 to allow external users to authenticate by using AD FS.
Which inbound TCP port should you allow on Server1?
A. 88
B. 135
C. 443
D. 445
Correct Answer: C
Explanation/Reference:
http://technet.microsoft.com/en-us/library/adfs2-troubleshooting-things-to-check%28v=ws.10%29.aspx
Things to Check Before Troubleshooting AD FS 2.0
Verify router, firewall, and HTTP proxy configurations
In addition to verifying network connectivity, you may also have to verify that any routers, firewalls, or HTTP proxies in your network (or any routers, firewalls, or HTTP proxies that your federation partner is using) have been configured properly to support Web applications and protocols required with AD FS 2.0. For example, Web applications can require both TCP port exceptions to be enabled for HTTP and HTTPS traffic using Secure Sockets Layer (SSL). To ensure that the exceptions are configured appropriately, you may have to verify that the default TCP port numbers (80 for HTTP and 443 for HTTPS), which typically allow Web traffic, are in use. Also, check to see whether alternate TCP port numbers have been configured in any part of the network route between the client computer and all server computers that are involved. If alternate TCP port numbers are configured for Web application protocols, you may have to update your AD FS 2.0 deployment so that federation server and federation server proxy computers can support the alternate TCP ports.
