1

OS: Win Server 2008 RC2 Windows firewall on (no effect when off)

I have suddenly been plagued by an issue in which I cannot find any similar ones with a search.

I am running about 20 game servers that bind to a UDP port, then bind to a TCP port 1 above the UDP port. Suddenly, a day ago, new TCP binds stopped functioning.

Now, I have confirmed that other applications cannot listen on most ports. For example, I have a java program that I made a copy of, and tried the following ports: 33001, 23789, 89... completely random ports.

As far as the applications already that have TCP bindings, such as HTTP and MySQL, only port 8080 was one port I discovered could work, and only for Apache. If applications would leave their default port they could not bind, however they returned to normal when the port was default.

I've checked for listening applications through netstat and curports, also checked for any connections on these ports, and they're completely free.

4 Answers4

2

Your server probably ran out of ephemeral ports.

You can check this in the Event Viewer (Run -> eventvwr.msc). Look for any warnings in System protocol with ID: 4227, 4231 from TCP/IP source. If you see any, you need to reboot your server and tune TCP/IP protocol via registry - Windows Server 2012 R2 runs out of ephemeral ports, though it shouldn't

Community
  • 1
MyKE
  • 301
  • 2
  • 9
0

If you are using services like Hyper-V, it may be caused by "excluded port ranges". In this scenario, a range of ports will be unavailable.

You can verify it by

PS ~> netsh interface ipv4 show excludedportrange protocol=tcp

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
      5357        5357
      5985        5985
     47001       47001
     50000       50059     *

If your port is in the range above, any means of binding them will fail. According to a SuperUser answer, you can try to free it by

net stop winnat

To reserve your own ports, you can use

netsh int ipv4 add excludedportrange protocol=tcp startport=50323 numberofports=1
xa0082249956
  • 101
0

Perhaps you had your program listed in the firewall's exception list, and the list got wiped out.

I've also run into a situation where there were two firewalls installed, and you needed to configure them both properly. That caused some pulled hair.

Mark Ransom
  • 240
  • 1
  • 5
  • 10
  • I just happened to notice something. The listening TCP ports I have right now can only be accessed from localhost. I cannot remotely access any TCP ports (excluding RDP). This is equivalent to a program binding to an incorrect address, except that this applies to all my TCP services. –  Nov 21 '11 at 23:58
  • I completely retract the above (turned off firewall), however the real problem still remains at hand, the fact that I can't make any new programs listen. –  Nov 22 '11 at 00:03
0

Have you tried starting the Windows Firewall service, then starting / stopping it from the Windows Firewall interface?

Click start, click search; search for "Windows Firewall with Advanced Security"

Windows 7 and 2008R2 has the issue where the background service must be started, regardless of what you want to do with the firewall.

makerofthings7
  • 8,911
  • 34
  • 121
  • 197