Terminal Server Agent does not allocate ports for Office 365 / backgroundtaskhost.exe

Terminal Server Agent does not allocate ports for Office 365 / backgroundtaskhost.exe

503
Created On 09/28/23 11:37 AM - Last Modified 08/22/25 20:41 PM


Symptom


  • Microsoft Office 365 connectivity uses the ports outside of the Terminal Server Agent allocation range.
  • This can affect other applications which use backgroundtaskhost.exe for connectivity.
  • This can cause user-based policies on a firewall not to match.
  • No logs are seen for backgroundtaskhost.exe in the Terminal Server Agent debug log, even with verbose logging enabled.

Environment


  • Terminal Server Agent
  • Windows Server
  • Office 365 or other application usingĀ backgroundtaskhost.exe

Cause


  • backgroundtaskhost.exe utilizes the network stack in a way that bypasses visibility of the Terminal Server Agent driver.
  • Due to this, the Terminal Server Agent cannot intercept the connection and bind the source port to one within it's own range.

Resolution


Create a security rule without source users from the Terminal Server IP address to Microsoft Office 365 URL's

Additional Information


Office 365 URLs and IP address ranges - Microsoft 365 Enterprise | Microsoft Learn
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000g2IoCAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail