Communication and required protocols
Describes how UserLock components communicate and which protocols and ports are required for proper operation.
This page explains how the different UserLock components communicate with each other and with external systems such as Active Directory, SQL Server, and IIS.
It details the required network flows, protocols, and ports to ensure proper operation and connectivity between all parts of UserLock.
Understanding these communications helps administrators configure firewalls, troubleshoot connectivity issues, and design secure deployments.
The UserLock Server communicates with the following components:
the protected machines to deploy agents, collect session data, apply access policies and enforcement actions (lock, logoff, MFA challenges).
Active Directory to authenticate users, check group membership, and validate access conditions.
the SQL database to store session history, activity logs, and configuration data.
the Primary and Backup servers must communicate together for database and configuration synchronization.
Required communication protocols:
Component | Protocol | IP protocol | Port |
|---|---|---|---|
Workstations to protect | Ping | ICMP | |
SMB | TCP | 445 | |
Wake on Lan (1) (2) | UDP | 7 | |
Domain Controllers | LDAP | TCP | 389 |
SMB | TCP | 445 | |
Global Catalog | LDAP | TCP | 3268 |
SQL Server | SQL Server (1) | TCP | 1433 (3) |
Primary or Backup Server | SMB | TCP | 445 |
(1) : Optional
(2) : Broadcasts must be allowed on routers
(3) : Only if default instance - Can be customized
When a user logs on to a workstation or terminal server, the UserLock Desktop Agent communicates with the UserLock Server to verify access policies (machine, time, session type, MFA, etc.) and report session activity in real time.
Required communication protocols:
Component | Protocol | IP protocol | Port |
|---|---|---|---|
UserLock Server | Ping | ICMP | |
SMB | TCP | 445 |
The UserLock Anywhere service communicates with the UserLock Server to relay authentication requests and enforce policies for users connecting outside the corporate network.
Required communication protocols:
Component | Protocol | IP protocol | Port |
|---|---|---|---|
UserLock Server | SMB | TCP | 445 |
Domain controllers | LDAP | TCP | 389 |
Global Catalog | LDAP | TCP | 3268 |
The UserLock SSO service communicates with the UserLock Server and Active Directory to process SAML authentication requests and enforce access policies.
Required communication protocols:
Component | Protocol | IP protocol | Port |
|---|---|---|---|
UserLock Server | SMB | TCP | 445 |
Domain controllers | LDAP | TCP | 389 |
Global Catalog | LDAP | TCP | 3268 |
The UserLock MFA for IIS module connects to the UserLock Server and Active Directory during web or RD Web logins to apply access policies.
Required communication protocols:
Component | Protocol | IP protocol | Port |
|---|---|---|---|
UserLock Server | SMB | TCP | 445 |
Domain controllers | LDAP | TCP | 389 |
Global Catalog | LDAP | TCP | 3268 |
Once you understand how UserLock components communicate, you can verify and secure these connections using the following guides:
Enforce firewall requirements:
Learn how to configure or deploy Windows Firewall rules to authorize these communications.
Covers both manual setup and centralized deployment via Group Policy Objects (GPOs).Check services and network protocols requirements
Learn how to test and validate each communication channel (ping, SMB, RPC, DNS) between the UserLock Server and protected machines.
Includes step-by-step procedures to confirm connectivity and permissions using PowerShell and built-in Windows tools.
💡️ These guides help you verify that all protocols and ports described above are properly configured, ensuring full communication between the UserLock Server, Active Directory, SQL Server, IIS, and agents.