The socket will wait for up to two times the maximum time that windows would wait to receive an acknowledgement from the other end of the socket that closed the port. By default, this option is set to two minutes. Therefore, Windows may wait up to four minutes before the port is actually released. This makes that specific port unavailable until it is actually released.
A full discussion of the architecture of the Windows operating systems is beyond the scope of this article. Although many services may rely on a particular TCP or UDP port, only one service or process at a time can listen on that port.
These are also informally known as random RPC ports. In these cases, RPC clients rely on the RPC endpoint mapper to tell them which dynamic port or ports were assigned to the server. You can also restrict the range of ports that RPC dynamically assigns to a small range, regardless of the service. For more information about this topic, see the "References" section.
Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group.
Open the server. If you do not find any entries, then the server is still not out of ports. If you find them, then you can confirm that the server is under port exhaustion. The key is to identify which process or application is using all the ports. Below are some of the tools that you can use to isolate to one single process.
Start by looking at the netstat output. Alternately, you can also run the below PowerShell command to identify the process:. Most port leaks are caused by user-mode processes not correctly closing the ports when an error was encountered. At the user-mode level ports actually sockets are handles. Both TaskManager and ProcessExplorer are able to display handle counts which allows you to identify which process is consuming all of the ports. If method 1 does not help you identify the process prior to Windows 10 and Windows Server R2 , then have a look at Task Manager:.
Sort the column handles to identify the process with the highest number of handles. Usually the process with handles greater than could be the culprit except for processes like System, lsass. If any other process than these has a higher number, stop that process and then try to login using domain credentials and see if it succeeds.
If Task Manager did not help you identify the process, then use Process Explorer to investigate the issue. Download Process Explorer and run it Elevated.
Examine the processes with higher handle counts than the rest will likely be over 10, if you can't make outbound connections. In the lower pane, the handles listed as below are sockets. Sockets are technically file handles. Some are normal, but large numbers of them are not hundreds to thousands. Service conflicts are more likely in multirole servers that offer additional roles including DNS functionality.
Because these ports are randomly allocated, these failures can be intermittent. For example, this conflict can occur in the Windows IPsec Services service.
To work around this issue, reserve the UDP port from the ephemeral port range to make sure that the service that depends on the port can start. For more information about how to reserve ephemeral ports, click the following article number to view the article in the Microsoft Knowledge Base:.
The implementation of the DNS server security update reserves a set of ports when randomizing queries. This design decision was made to address performance concerns for DNS servers that handle and originate a significantly larger number of queries compared to Windows-based clients.
The set of reserved ports by the DNS Server is referred to from here onward as a "socket pool. This size is configurable by modifying the SocketPoolSize registry entry in the following subkey in the registry:. Ephemeral port allocation and the MaxUserPort registry entry Ports that are allocated as part of the socket pool are pulled from the set of available ephemeral ports on the server.
On Windows-based servers, the MaxUserPort registry entry defines the ephemeral port range and defines the highest port number that can be is allocated for ephemeral ports. The MaxUserPort registry entry is in the following subkey in the registry:.
Ephemeral ports are ports that start at a higher range then regular ports. For example when compared to a web server that listens on port 80, ephemeral ports start from for Windows R2. If there are scripts or applications that are making a lot of connections on the higher ports they can become exhausted. A lot of these higher ports are dynamic ports meaning that they open and close on demand by the application.
In the default configuration there is a total of ephemeral ports. It may seem like a lot but if an application is sending one command through a port and then sending another command through another port, Windows waits 4 minutes before it closes the first port and this is where the exhaustion can occur. Default ephemeral port ranges:. PowerShell — Identifying if you have exhausted ephemeral ports. You can run the below PowerShell script and it will show you details about your Ephemeral ports to see if they are all in use.
0コメント