To Check for open/block port on windows 2008/2003 server

Need to understand the best way..to locate the open/block port on any windows server 2003/2008, as m unable to tenet b/w machines x and y,unable to take rdp b/w machines x and y, while rdp and telnet is fine b/w a and x  and also for a and y.

Please advice best practice to follow..so that i can locate the actual glitch, and all machines are in my local LAN with different subnet/gateway..like Machine A,X,Y-all are one different Local subnet/gateway.
 i have already disabled window firewall..but no luck !!
LVL 1
patronAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
btanConnect With a Mentor Exec ConsultantCommented:
For common services and accessible directly via machines from various subnet and gateway complicate troubleshooting - dont really encourage that w/o proper routing planning though. If we take RDS services, there is best practice pointers in MS RDS configurations which you may want to check out "Verify all RD Gateway server farm members are available on the network"
0
 
patronAuthor Commented:
also confirm if telnet client is required on windows 2008 server to make telnet b/w win 2003 and 2008 machine ?
0
 
nader alkahtaniConnect With a Mentor Network EngineerCommented:
download PortQryUI.exe

http://www.microsoft.com/en-us/download/details.aspx?id=24009

if you need to batching operation you should you the another command line version that mentioned here http://www.windowsnetworking.com/kbase/WindowsTips/WindowsServer2008/AdminTips/Security/AQuickTipToCheckIfPortsAreListening.html
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
patronAuthor Commented:
Please Advice..as i need to rectify where exactly port are blocked @OS Level or in LAN Network ?
0
 
Rich RumbleConnect With a Mentor Security SamuraiCommented:
Can you use Nmap from a host on your network to port scan the host in question?
nmap -sT -P0 -T5 1-65536 ip.ip.ip.ip
you can narrow down those ports if you need to 21-3389 for example, and change the IP's to the correct IP of the host you are scanning.
It could be your Anti-Virus software has a firewall built-in too. Someone could of applied IPSEC filters, have a look inside secpol.msc (start->run->secpol.msc) and look at the IPSec filters to see if any are applied.

-rich
0
 
btanConnect With a Mentor Exec ConsultantCommented:
nestat is also useful to list port listening and the process holding it so that at least we can further drill down if the service is indeed blocked or not even running

http://support.microsoft.com/kb/281336
e.g.
1. Telnet serverip 3389
Result : Could not open connection to the host, on port 3389:
2. netstat -n -a -o | find "3389" (run this command in my RDP server)
Result : nothing displayed (3389 port not listed )
3. Restart Terminal service and the server
4. Changed the RDP port no and restarted the service as well as the server
5. Check all RDP related Registry setting
0
 
btanExec ConsultantCommented:
another worth mentioning is in this EE which has similar experience in particular rdp..likewise disable almost everything and eventually it is a related rdp driver not starting. the steps shared is used to drill down though

http://mobile.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_27644206.html
0
 
CoralonConnect With a Mentor Commented:
Ok, I think I understand what you are asking?

Are you saying that given 3 machines, a, y, x
x -> y telnet fails (assuming you are checking the correct ports (default 3389 for RDP, telnet is 23).
a -> x telnet works (same assumption)
a -> y telnet works (same assumption)
And you mentioned you have disabled the windows firewall (I assume this is on both ends?)

If these facts are correct, you are down to a few different options.
1. The port you want is blocked by networking gear (3389 for RDP).
Run tracert's (traceroute) between the machines to see if the routing is going through.
2. I am assuming you do not have a telnet server enabled on any of the servers (very serious security risk).
3. You could have IPSec blocking some of the connections.  For this, you would want to check the local IPSec settings on each of the network adapters for your machines.  You can assign/enforce machines to only accept IPSec connections, and only accept them from specific machines.
4. It is possible you may not have the correct services enabled on each machine?  NMap is not included with windows, but you can use Netstat -ano to see the services listening on specific ports.  It should look something like this:
TCP    0.0.0.0:3369           0.0.0.0:0              LISTENING       4


Coralon
0
 
David Johnson, CD, MVPConnect With a Mentor OwnerCommented:
having different gateway's may be a problem..  First check to see if you have basic networking between the different zones  use ping or tracert and confirm that it is not a networking issue.  you may have to add routes from one machine to another
0
 
patronAuthor Commented:
Thanks for all your supportive comments, will check for these options as well.

if i add route in arp..will that resolve issue to access any unc path ?

will share more detail after checking above options.
0
 
CoralonConnect With a Mentor Commented:
ARP isn't used for routing?  But, adding a route through route add won't resolve your problem.  This is an issue of ports & connectivity, not routing.  (If they couldn't route, you would not be able to establish any session).  

Coralon
0
 
btanConnect With a Mentor Exec ConsultantCommented:
better to confirm your RDS services are all able to talk direct first with the setup rather than be bother by those connectivity stuff to ease troubleshooting, if that comes to the case then it is your network team to best advice for the org the way to get them accessible as these are your requirement from apps services perspective.
0
 
patronAuthor Commented:
RDS -Remote Data/Desktop Service ?  and how can i make it confirmed whether it is fine b/w 2 computers.except checking service status in service console ?
0
 
younghvCommented:
I've requested that this question be deleted for the following reason:

The question has either no comments or not enough useful information to be called an "answer".
0
 
patronAuthor Commented:
Thanks  for all your time on this.
0
All Courses

From novice to tech pro — start learning today.