Link to home
Start Free TrialLog in
Avatar of wcgplc
wcgplc

asked on

Need help to open up specific ports bidirectionally on Win server

I have a server that is being setup as a print failover server for centralized printing. 


From the master print server our installation engineers say that ports 7500, 7700 and 7900 are block and need to be opened bidirectionally. Loopback pings from the problem server seem to be blocked.


I disabled the local firewall on the server and tried again but got the same result. 


The issue is definitely not GPO related as we have one master print server and 2 failover servers and all are in the same OU. One is the failover servers is fine but one is blocking ports 7500, 7700 and 7900. 


Please can an expert help me to open these ports as im not sure what else could be the cause if the local firewall is down.  

User generated image

Additional info to make things clearer. Added under moderator recommendation:


I would like some information on how to open ports on a Windows 2016 server. I would like to open ports 7500, 7700 and 7900 bidirectionally.
I have opened the ports ingoing and outgoing on the servers local firewall so would assume the ports would be open but after running a netstat -an, I cant see that the ports are listening.  The server in question is a failover server for another server that runs the same service. The other server is working fine and when I run a netstat -an I can see the ports are listening near the top of the list. I can't see the difference between the servers as they are both on the same network, same domain, same group policies etc but one have the required ports opened and one does not. Please can you advise where im going wrong.



Avatar of kevinhsieh
kevinhsieh
Flag of United States of America image

Netstat shows the ports that are listening, and this is independent of the local firewall.

The three ports you listed are not standard ports on a print server that I am aware of, at least not ones running only Microsoft software and drivers.

If the ports aren't showing in netstat -a, then whatever software that does the listening isn't running, or is configured for other ports. I do not believe that what you have right now is a firewall problem at this time. First get the software running, only only after the server is listening should you look at the firewall if you are unable to connect remotely.

Can you try the network test from the master print server to both the failover servers? Any difference?

Avatar of wcgplc
wcgplc

ASKER

Noted friend and thank you. The setup is for HP Secure Pull Printing using the Safecom software which should be running on the server.
I'll make sure the software is running and revert back here.   The safecom software on this server is supposed to communicate with a seperate master Safecom server on the same network through ports 7500, 7700 and 7900.
 
Avatar of wcgplc

ASKER

@gerwin Lets say the SafecomMaster has the IP 10.20.1.1 and it has 2 x slave servers ie SafecomslaveA 10.20.1.2 and SafecomslaveB 10.20.1.3.

From the SafecomMaster 10.20.1.1, if I run :

1. tnc 10.20.1.2 -port 7700 - The TCP Test responds as succeeded
2. tnc 10.20.1.3 -port 7700 - The TCP Test responds as False. Its says in yellow "Warning TCP connect to 10.20.1.3:7700 failed"



 Click Start and type: Firewall.


Open the Windows Firewall with Advanced Security.


Enable Logging for all three profiles:

User generated image

Once that is enabled, you can click on Monitoring in the left pane then click on the log link:

User generated image


FYI: This should be enabled via Group Policy for all servers and clients on the domain.


From there you can create the needed Inbound and Outbound Rules based on what's being blocked.

Do you perhaps have a Safecom print client installed on the server with ip 10.20.1.3? That could be the cause for the print server not to start as the print client will reserver port 7000. When you have the client installed, remove it and restart the server.


https://knowledge.kofax.com/MFD_Productivity/SafeCom/Install_%2F%2F_Uninstall/Do_not_install_SafeCom_Print_Client_and_SafeCom_Server_on_the_same_Windows_server

ASKER CERTIFIED SOLUTION
Avatar of wcgplc
wcgplc

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial