(moved from petermannerhultsitblog.wordpress.com – originally dated October 23, 2014 )
Today I would like to share an addition to the documentation for Windows Azure Service Bus. I will start by explaining the different types of errors that you may receive and the different modes to connect to the service bus.
Azure Service Bus is meant to be able to connect in-most-cases without doing any firewall edits which is true in most cases if you use default settings which is similar to
ServiceBusEnvironment.SystemConnectivity.Mode = ConnectivityMode.AutoDetect;
Which will first try to connect through TCP and then fail over to
ServiceBusEnvironment.SystemConnectivity.Mode = ConnectivityMode.Http; //Force Http only
to try to connect to your Azure Service Bus. And the HTTP Mode will outgoing TCP ports for port 80 (HTTP) and 443 (SSL) which will be open on most corporattions.
The HTTP mode is however (much??) slower than the TCP mode so it could be useful in trying to use TCP mode instead. And this is where it is not certain that the Firewall settings on your Corporation will allow it.
Try to set the Service Bus System Connectivity (in the code to)
ServiceBusEnvironment.SystemConnectivity.Mode = ConnectivityMode.Tcp;
and you may very well get an exception like
Microsoft.ServiceBus.Messaging.MessagingException: No connection could be made because the target machine actively refused it
This indicates a firewall issue. You should then look at opening some TCP ports for outgoing Communication.
If you look at the Microsoft documentation at
they will say that you need to open ports TCP communication on TCP ports 9350 to 9354. And it will solve the firewall issue.
If you however want to run according to the AMQP standard by adding
to the Connection string you may get firewall issues again. This time Microsoft instructs you to open outgoing TCP traffic to port 5672. This is however not enough as indicated by this log entry
System.Net.Sockets Information: 0 :  Socket#31534420 – Created connection from 192.168.33.238:20285 to 184.108.40.206:5671.
It also needs the AMQPS port 5671 (Secure AMQP) port. So the documentation should really require both ports 5671 and 5672 to be open for AMQP Communication.
One thought on “Windows Azure Service Bus AMQP Firewall Ports”