Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

To Check for open/block port on windows 2008/2003 server

Posted on 2014-04-29
17
Medium Priority
?
50 Views
Last Modified: 2016-01-21
Need to understand the best way..to locate the open/block port on any windows server 2003/2008, as m unable to tenet b/w machines x and y,unable to take rdp b/w machines x and y, while rdp and telnet is fine b/w a and x  and also for a and y.

Please advice best practice to follow..so that i can locate the actual glitch, and all machines are in my local LAN with different subnet/gateway..like Machine A,X,Y-all are one different Local subnet/gateway.
 i have already disabled window firewall..but no luck !!
0
Comment
Question by:patron
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +4
17 Comments
 
LVL 1

Author Comment

by:patron
ID: 40031245
also confirm if telnet client is required on windows 2008 server to make telnet b/w win 2003 and 2008 machine ?
0
 
LVL 8

Assisted Solution

by:nader alkahtani
nader alkahtani earned 252 total points
ID: 40031676
download PortQryUI.exe

http://www.microsoft.com/en-us/download/details.aspx?id=24009

if you need to batching operation you should you the another command line version that mentioned here http://www.windowsnetworking.com/kbase/WindowsTips/WindowsServer2008/AdminTips/Security/AQuickTipToCheckIfPortsAreListening.html
0
 
LVL 1

Author Comment

by:patron
ID: 40052756
Please Advice..as i need to rectify where exactly port are blocked @OS Level or in LAN Network ?
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 252 total points
ID: 40056691
Can you use Nmap from a host on your network to port scan the host in question?
nmap -sT -P0 -T5 1-65536 ip.ip.ip.ip
you can narrow down those ports if you need to 21-3389 for example, and change the IP's to the correct IP of the host you are scanning.
It could be your Anti-Virus software has a firewall built-in too. Someone could of applied IPSEC filters, have a look inside secpol.msc (start->run->secpol.msc) and look at the IPSec filters to see if any are applied.

-rich
0
 
LVL 65

Assisted Solution

by:btan
btan earned 752 total points
ID: 40056749
nestat is also useful to list port listening and the process holding it so that at least we can further drill down if the service is indeed blocked or not even running

http://support.microsoft.com/kb/281336
e.g.
1. Telnet serverip 3389
Result : Could not open connection to the host, on port 3389:
2. netstat -n -a -o | find "3389" (run this command in my RDP server)
Result : nothing displayed (3389 port not listed )
3. Restart Terminal service and the server
4. Changed the RDP port no and restarted the service as well as the server
5. Check all RDP related Registry setting
0
 
LVL 65

Expert Comment

by:btan
ID: 40056758
another worth mentioning is in this EE which has similar experience in particular rdp..likewise disable almost everything and eventually it is a related rdp driver not starting. the steps shared is used to drill down though

http://mobile.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_27644206.html
0
 
LVL 25

Assisted Solution

by:Coralon
Coralon earned 496 total points
ID: 40056764
Ok, I think I understand what you are asking?

Are you saying that given 3 machines, a, y, x
x -> y telnet fails (assuming you are checking the correct ports (default 3389 for RDP, telnet is 23).
a -> x telnet works (same assumption)
a -> y telnet works (same assumption)
And you mentioned you have disabled the windows firewall (I assume this is on both ends?)

If these facts are correct, you are down to a few different options.
1. The port you want is blocked by networking gear (3389 for RDP).
Run tracert's (traceroute) between the machines to see if the routing is going through.
2. I am assuming you do not have a telnet server enabled on any of the servers (very serious security risk).
3. You could have IPSec blocking some of the connections.  For this, you would want to check the local IPSec settings on each of the network adapters for your machines.  You can assign/enforce machines to only accept IPSec connections, and only accept them from specific machines.
4. It is possible you may not have the correct services enabled on each machine?  NMap is not included with windows, but you can use Netstat -ano to see the services listening on specific ports.  It should look something like this:
TCP    0.0.0.0:3369           0.0.0.0:0              LISTENING       4


Coralon
0
 
LVL 83

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 248 total points
ID: 40056923
having different gateway's may be a problem..  First check to see if you have basic networking between the different zones  use ping or tracert and confirm that it is not a networking issue.  you may have to add routes from one machine to another
0
 
LVL 65

Accepted Solution

by:
btan earned 752 total points
ID: 40056997
For common services and accessible directly via machines from various subnet and gateway complicate troubleshooting - dont really encourage that w/o proper routing planning though. If we take RDS services, there is best practice pointers in MS RDS configurations which you may want to check out "Verify all RD Gateway server farm members are available on the network"
0
 
LVL 1

Author Comment

by:patron
ID: 40057325
Thanks for all your supportive comments, will check for these options as well.

if i add route in arp..will that resolve issue to access any unc path ?

will share more detail after checking above options.
0
 
LVL 25

Assisted Solution

by:Coralon
Coralon earned 496 total points
ID: 40057954
ARP isn't used for routing?  But, adding a route through route add won't resolve your problem.  This is an issue of ports & connectivity, not routing.  (If they couldn't route, you would not be able to establish any session).  

Coralon
0
 
LVL 65

Assisted Solution

by:btan
btan earned 752 total points
ID: 40058014
better to confirm your RDS services are all able to talk direct first with the setup rather than be bother by those connectivity stuff to ease troubleshooting, if that comes to the case then it is your network team to best advice for the org the way to get them accessible as these are your requirement from apps services perspective.
0
 
LVL 1

Author Comment

by:patron
ID: 40058030
RDS -Remote Data/Desktop Service ?  and how can i make it confirmed whether it is fine b/w 2 computers.except checking service status in service console ?
0
 
LVL 38

Expert Comment

by:younghv
ID: 41424668
I've requested that this question be deleted for the following reason:

The question has either no comments or not enough useful information to be called an "answer".
0
 
LVL 1

Author Closing Comment

by:patron
ID: 41424669
Thanks  for all your time on this.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question