Bobcares
Client Area
Emergency Support
Latest | Server Management

Testing RPC ports with PowerShell

by | Jan 1, 2021

Need help in testing RPC ports with PowerShell? We can help you.

As part of our Server Management Services, we assist our customers with several RPC queries.

Today, we will identify RPC ports in use by capturing content from Dos commands like PortQRY.exe

 

Testing RPC ports with PowerShell

RPC communication is one of the tougher firewall problems. With RPC, we will get a range of ports from 49152 to 65535.

In general, there are default rules on firewalls, WAN accelerators, and the various devices that traffic hops through to get to its destination. Hence, they do not always work as we plan.

For example, RPC works like the concierge desk at a hotel. We walk up, ask the desk for information about services at the hotel. In this scenario, the person at the desk is RPC Endpoint Mapper on port 135. They direct us to the services that are listening on the ephemeral ports.

In order for RPC to work at the remote server, these checks must pass:

  1. The display name “Remote Procedure Call (RPC)” must be running. This also has the service name of “RpcSs” and its path to execute is “C:\Windows\system32\svchost.exe -k rpcss
  2. Allow inbound port TCP-135 (in Windows firewall, endpoint firewall, and network firewalls)
  3. Outbound random ports ranging from 1022-5000 and 49152-65535 must also be permitted
  4. Inbound port TCP-445 for SMB (RPC dependency) must be open.

[Confused with the checklist? We are available 24*7]

 

Getting the ports

We can troubleshoot this type of network connectivity using SysInternals PortQry.exe utility, which can be downloaded from the Microsoft website.

To begin, run the following command to query the RPC Port Mapper on the remote machine. It will return the ports in the ephemeral range that the machine is actively listening on for RPC services:

Portqry.exe -n 169.254.0.10 -e 135

Querying target system called:
169.254.0.10
Attempting to resolve IP address to a name…
IP address resolved to DC1.contoso.com
querying…
TCP port 135 (epmap service): LISTENING
Using ephemeral source port
Querying Endpoint Mapper Database…
Server’s response:
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d
ncacn_ip_tcp:169.254.0.10[49664]
UUID: 50abc2a4-574d-40b3-9d66-ee4fd5fba076
ncacn_ip_tcp:169.254.0.10[64555]
UUID: 897e2e5f-93f3-4376-9c9c-fd2277495c27 Frs2 Service
ncacn_ip_tcp:169.254.0.10[64528]
UUID: 367abb81-9844-35f1-ad32-98f038001003
ncacn_ip_tcp:169.254.0.10[64502]
UUID: c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 Impl friendly name
ncacn_ip_tcp:169.254.0.10[49668]
UUID: 12345778-1234-abcd-ef00-0123456789ac
ncacn_ip_tcp:192.168.0.242[49668]

To check the ephemeral ports on which the server is listening, we look for any lines that have “ip_tcp” in them. The ports are in brackets at the end of the line.

This is where we will get a focused list of listening ports from the RPC server to query and validate connectivity. In the example above, ports 49664, 64555, 64502, and 49668 are listening. Note that 49668 is on the list twice.

Once we have the full list put together, we can feed the list of ports back into PORTQRY.EXE to validate that they are reachable over the network.

Furthermore, to check the ports, we execute the below script in PowerShell:

# This Sample Code is provided for the purpose of illustration only and is not intended to be used in a production environment.
# THIS SAMPLE CODE AND ANY RELATED INFORMATION ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR
# FITNESS FOR A PARTICULAR PURPOSE.
#
#
# Script queries port 135 to get the listening ephemeral ports from the remote server
# and verifies that they are reachable.
#
#
# Usage: RPCCheck -Server YourServerNameHere
#
#
# Note: The script relies on portqry.exe (from Sysinternals) to get port 135 output.
# The path to portqry.exe will need to be modified to reflect your location
#
Param(
[string]$Server
)
# WORKFLOW QUERIES THE PASSED ARRAY OF PORTS TO DETERMINE STATUS
workflow Check-Port {
param ([string[]]$RPCServer,[array]$arrRPCPorts)
$comp = hostname

ForEach -parallel ($RPCPort in $arrRPCPorts)
{
$bolResult = InlineScript{Test-NetConnection -ComputerName $Using:RPCServer -port $Using:RPCPort _
-InformationLevel Quiet}
If ($bolResult)
{
Write-Output “$RPCPort on $RPCServer is reachable”
}
Else
{
Write-Output “$RPCPort on $RPCServer is unreachable”
}
}
}
# INITIAL RPC PORT
$strRPCPort = “135”
# MODIFY PATH TO THE PORTQRY BINARY IF NECESSARY
$strPortQryPath = “C:\Sysinternals”
# TEST THE PATH TO SEE IF THE BINARY EXISTS
If (Test-Path “$strPortQryPath\PortQry.exe”)
{
$strPortQryCmd = “$strPortQryPath\PortQry.exe -e $strRPCPort -n $Server”
}
Else
{
Write-Output “Could not locate Portqry.exe at the path $strPortQryPath”
Exit
}
# CREATE AN EMPTY ARRAY TO HOLD THE PORTS RETURNED FROM THE RPC PORTMAPPER
$arrPorts = @()
# RUN THE PORTQRY COMMAND TO GET THE EPHEMERAL PORTS
$arrQuryResult = Invoke-Expression $strPortQryCmd
# CREATE AN ARRAY OF THE PORTS
ForEach ($strResult in $arrQuryResult)
{
If ($strResult.Contains(“ip_tcp”))
{
$arrSplt = $strResult.Split(“[“)
$strPort = $arrSplt[1]
$strPort = $strPort.Replace(“]”,””)
$arrPorts += $strPort
}
}
# DE-DUPLICATE THE PORTS
$arrPorts = $arrPorts | Sort-Object |Select-Object -Unique
# EXECUTE THE WORKFLOW TO CHECK THE PORTS
Check-Port -RPCServer $Server -arrRPCPorts $arrPorts

The output will look similar to:

Testing RPC Dynamic Ports on SERVER01.KIMCONNECT.COM:
—————————————————-
5722: reachable
49159: reachable
49234: reachable
49155: reachable
49242: reachable
49240: reachable
49153: reachable
49154: reachable
49152: reachable

Make sure to install PortQry. PortQry.exe is a Free solution and we can download it from www.sysinternals.com

We will have to tell the script where the PortQry.exe binary is located by modifying the path on this line of the script: $strPortQryPath = “C:\Sysinternals”.

Finally, the script requires PowerShell v4 since it was written to use WorkFlow and Test-NetConnection, which requires PowerShell v3 & PowerShell v4 respectively.

[Stuck with RPC ports? We are here for you!]

 

Conclusion

In short, testing RPC ports with PowerShell do not always work as planned. Today, we got an idea of how our Support Techs go about pinging available RPC ports with PowerShell and Sysinternals tools.

Related posts:

  1. How to identify unassociated Azure resources using PowerShell
  2. Run Scripts on Remote Computers – PowerShell Remoting
  3. The RPC server is unavailable – How to resolve
  4. PowerShell $Error clear – How to use it?

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

2 Comments

  1. Christian Schorr
    Christian Schorr on 2024-07-26 at 16:07

    Thank you very much for this short summary and the script. A simple and yet very efficient method.

    TOP! Merci!

    Reply
    • Krishna Priya
      Krishna Priya on 2024-07-29 at 13:42

      Hello Christian,
      Thank you for your feedback! We are delighted to hear that our article was helpful to you.

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. How to identify unassociated Azure resources using PowerShell
  2. Run Scripts on Remote Computers – PowerShell Remoting
  3. The RPC server is unavailable – How to resolve
  4. PowerShell $Error clear – How to use it?

Never again lose customers to poor
server speed! Let us help you.

GET STARTED

Privacy Preference Center

Consent Management

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.

Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Privacy Policy

Required
By using this site, you agree to our Privacy Policy.

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

Cookies Used

Required
PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]

livechat.bobcares.com

Opt Out
PHPSESSID

my.bobcares.com

Opt Out
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

Cookies Used

_ga, _gat, _gid

google.com

Opt Out
_ga, _gat, _gid

manager.smartlook.com

Opt Out
smartlookCookie

clarity.microsoft.com

Opt Out
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

Cookies Used

IDE, test_cookie, 1P_JAR, NID, DV, NID

doubleclick.net

Opt Out
IDE, test_cookie

google.co.in

Opt Out
1P_JAR, NID, DV

google.com

Opt Out
NID

olark.com

Opt Out
hblid

rb2b.com

Opt Out
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

Cookies Used

SID, APISID, HSID, NID, PREF

google.com

Opt Out
SID, APISID, HSID, NID, PREF