Solved

To Check for open/block port on windows 2008/2003 server

Posted on 2014-04-29
17
31 Views
Last Modified: 2016-01-21
Need to understand the best way..to locate the open/block port on any windows server 2003/2008, as m unable to tenet b/w machines x and y,unable to take rdp b/w machines x and y, while rdp and telnet is fine b/w a and x  and also for a and y.

Please advice best practice to follow..so that i can locate the actual glitch, and all machines are in my local LAN with different subnet/gateway..like Machine A,X,Y-all are one different Local subnet/gateway.
 i have already disabled window firewall..but no luck !!
0
Comment
Question by:patron
  • 5
  • 4
  • 2
  • +4
17 Comments
 
LVL 1

Author Comment

by:patron
ID: 40031245
also confirm if telnet client is required on windows 2008 server to make telnet b/w win 2003 and 2008 machine ?
0
 
LVL 8

Assisted Solution

by:nader alkahtani
nader alkahtani earned 63 total points
ID: 40031676
download PortQryUI.exe

http://www.microsoft.com/en-us/download/details.aspx?id=24009

if you need to batching operation you should you the another command line version that mentioned here http://www.windowsnetworking.com/kbase/WindowsTips/WindowsServer2008/AdminTips/Security/AQuickTipToCheckIfPortsAreListening.html
0
 
LVL 1

Author Comment

by:patron
ID: 40052756
Please Advice..as i need to rectify where exactly port are blocked @OS Level or in LAN Network ?
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 63 total points
ID: 40056691
Can you use Nmap from a host on your network to port scan the host in question?
nmap -sT -P0 -T5 1-65536 ip.ip.ip.ip
you can narrow down those ports if you need to 21-3389 for example, and change the IP's to the correct IP of the host you are scanning.
It could be your Anti-Virus software has a firewall built-in too. Someone could of applied IPSEC filters, have a look inside secpol.msc (start->run->secpol.msc) and look at the IPSec filters to see if any are applied.

-rich
0
 
LVL 61

Assisted Solution

by:btan
btan earned 188 total points
ID: 40056749
nestat is also useful to list port listening and the process holding it so that at least we can further drill down if the service is indeed blocked or not even running

http://support.microsoft.com/kb/281336
e.g.
1. Telnet serverip 3389
Result : Could not open connection to the host, on port 3389:
2. netstat -n -a -o | find "3389" (run this command in my RDP server)
Result : nothing displayed (3389 port not listed )
3. Restart Terminal service and the server
4. Changed the RDP port no and restarted the service as well as the server
5. Check all RDP related Registry setting
0
 
LVL 61

Expert Comment

by:btan
ID: 40056758
another worth mentioning is in this EE which has similar experience in particular rdp..likewise disable almost everything and eventually it is a related rdp driver not starting. the steps shared is used to drill down though

http://mobile.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_27644206.html
0
 
LVL 23

Assisted Solution

by:Coralon
Coralon earned 124 total points
ID: 40056764
Ok, I think I understand what you are asking?

Are you saying that given 3 machines, a, y, x
x -> y telnet fails (assuming you are checking the correct ports (default 3389 for RDP, telnet is 23).
a -> x telnet works (same assumption)
a -> y telnet works (same assumption)
And you mentioned you have disabled the windows firewall (I assume this is on both ends?)

If these facts are correct, you are down to a few different options.
1. The port you want is blocked by networking gear (3389 for RDP).
Run tracert's (traceroute) between the machines to see if the routing is going through.
2. I am assuming you do not have a telnet server enabled on any of the servers (very serious security risk).
3. You could have IPSec blocking some of the connections.  For this, you would want to check the local IPSec settings on each of the network adapters for your machines.  You can assign/enforce machines to only accept IPSec connections, and only accept them from specific machines.
4. It is possible you may not have the correct services enabled on each machine?  NMap is not included with windows, but you can use Netstat -ano to see the services listening on specific ports.  It should look something like this:
TCP    0.0.0.0:3369           0.0.0.0:0              LISTENING       4


Coralon
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 78

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 62 total points
ID: 40056923
having different gateway's may be a problem..  First check to see if you have basic networking between the different zones  use ping or tracert and confirm that it is not a networking issue.  you may have to add routes from one machine to another
0
 
LVL 61

Accepted Solution

by:
btan earned 188 total points
ID: 40056997
For common services and accessible directly via machines from various subnet and gateway complicate troubleshooting - dont really encourage that w/o proper routing planning though. If we take RDS services, there is best practice pointers in MS RDS configurations which you may want to check out "Verify all RD Gateway server farm members are available on the network"
0
 
LVL 1

Author Comment

by:patron
ID: 40057325
Thanks for all your supportive comments, will check for these options as well.

if i add route in arp..will that resolve issue to access any unc path ?

will share more detail after checking above options.
0
 
LVL 23

Assisted Solution

by:Coralon
Coralon earned 124 total points
ID: 40057954
ARP isn't used for routing?  But, adding a route through route add won't resolve your problem.  This is an issue of ports & connectivity, not routing.  (If they couldn't route, you would not be able to establish any session).  

Coralon
0
 
LVL 61

Assisted Solution

by:btan
btan earned 188 total points
ID: 40058014
better to confirm your RDS services are all able to talk direct first with the setup rather than be bother by those connectivity stuff to ease troubleshooting, if that comes to the case then it is your network team to best advice for the org the way to get them accessible as these are your requirement from apps services perspective.
0
 
LVL 1

Author Comment

by:patron
ID: 40058030
RDS -Remote Data/Desktop Service ?  and how can i make it confirmed whether it is fine b/w 2 computers.except checking service status in service console ?
0
 
LVL 38

Expert Comment

by:younghv
ID: 41424668
I've requested that this question be deleted for the following reason:

The question has either no comments or not enough useful information to be called an "answer".
0
 
LVL 1

Author Closing Comment

by:patron
ID: 41424669
Thanks  for all your time on this.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Transparency shows that a company is the kind of business that it wants people to think it is.
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now