Windebug: Server out of domain due to TCP/UDP port maxed

13 May

Last 2 weeks we had 2 different business services that faced similar issues. Essentially, their servers would drop off the domain, so when you tried to logon with your domain account, it will complain that the server is not in the domain.

I came to work on this when we had a number of servers from the same service team that had SCOM heartbeat issues. When we tried to logon to have to a look, we found that those servers had dropped out of the domain.

Logging on with a local account, I tried nltest /sc_reset:<domain>, but it complained of NO LOGON SERVERS for that domain. However, if I were to perform nltest on a specific DC, i.e. nltest /sc_reset:<domain>\dc1, the result was successful, however it was still not joined back to the domain, instead, if I tried to logon, I get “access denied” dialog box instead of domain not found dialog box.

Then I tried to see if WINS or DNS was working or not. WINS seems to be okay, but when I tried using nslookup, it complained that it could not find the DNS server (which is obviously incorrect) and the same error again when I tried to switch to a know working DNS server. However, if I used a ping to resolve a server name, I did not have any problems getting the IP address resolved nor a reverse ping.

Anyway, the issue with those servers was that their application process were opening too many UDP/TCP ports in Windows 2003, the default for MaxUserPort is 5000 (from 1025 to 5000, effectively around 3975 ephemeral ports available), when the server reaches above 4000 ports, this may prevent other applications from getting free TCP/UDP ports.

To check, just perform a “netstat -n” and count the number of TCP/UDP ports above 1024. If you want more information for each connection do “netstat -ano”.

You may also want to read Windows TCP/IP Ephemeral, Reserved, and Blocked Port Behavior.

Leave a comment

Posted by on May 13, 2008 in Windows


Tags: ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: