Bobcares

WeSupport

Call Us! 1-800-383-5193
Call Us! 1-800-383-5193
Call Us! 1-800-383-5193

Need Help?

Emergency Response Time custom

Our experts have had an average response time of 11.06 minutes in March 2021 to fix urgent issues.

We will keep your servers stable, secure and fast at all times for one fixed price.

Testing RPC ports with PowerShell

by | Jan 1, 2021

Need help in testing RPC ports with PowerShell? We can help you.

As part of our Server Management Services, we assist our customers with several RPC queries.

Today, we will identify RPC ports in use by capturing content from Dos commands like PortQRY.exe

 

Testing RPC ports with PowerShell

RPC communication is one of the tougher firewall problems. With RPC, we will get a range of ports from 49152 to 65535.

In general, there are default rules on firewalls, WAN accelerators, and the various devices that traffic hops through to get to its destination. Hence, they do not always work as we plan.

For example, RPC works like the concierge desk at a hotel. We walk up, ask the desk for information about services at the hotel. In this scenario, the person at the desk is RPC Endpoint Mapper on port 135. They direct us to the services that are listening on the ephemeral ports.

In order for RPC to work at the remote server, these checks must pass:

  1. The display name “Remote Procedure Call (RPC)” must be running. This also has the service name of “RpcSs” and its path to execute is “C:\Windows\system32\svchost.exe -k rpcss
  2. Allow inbound port TCP-135 (in Windows firewall, endpoint firewall, and network firewalls)
  3. Outbound random ports ranging from 1022-5000 and 49152-65535 must also be permitted
  4. Inbound port TCP-445 for SMB (RPC dependency) must be open.

[Confused with the checklist? We are available 24*7]

 

Getting the ports

We can troubleshoot this type of network connectivity using SysInternals PortQry.exe utility, which can be downloaded from the Microsoft website.

To begin, run the following command to query the RPC Port Mapper on the remote machine. It will return the ports in the ephemeral range that the machine is actively listening on for RPC services:

Portqry.exe -n 169.254.0.10 -e 135

Querying target system called:
169.254.0.10
Attempting to resolve IP address to a name…
IP address resolved to DC1.contoso.com
querying…
TCP port 135 (epmap service): LISTENING
Using ephemeral source port
Querying Endpoint Mapper Database…
Server’s response:
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d
ncacn_ip_tcp:169.254.0.10[49664]
UUID: 50abc2a4-574d-40b3-9d66-ee4fd5fba076
ncacn_ip_tcp:169.254.0.10[64555]
UUID: 897e2e5f-93f3-4376-9c9c-fd2277495c27 Frs2 Service
ncacn_ip_tcp:169.254.0.10[64528]
UUID: 367abb81-9844-35f1-ad32-98f038001003
ncacn_ip_tcp:169.254.0.10[64502]
UUID: c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 Impl friendly name
ncacn_ip_tcp:169.254.0.10[49668]
UUID: 12345778-1234-abcd-ef00-0123456789ac
ncacn_ip_tcp:192.168.0.242[49668]

To check the ephemeral ports on which the server is listening, we look for any lines that have “ip_tcp” in them. The ports are in brackets at the end of the line.

This is where we will get a focused list of listening ports from the RPC server to query and validate connectivity. In the example above, ports 49664, 64555, 64502, and 49668 are listening. Note that 49668 is on the list twice.

Once we have the full list put together, we can feed the list of ports back into PORTQRY.EXE to validate that they are reachable over the network.

Furthermore, to check the ports, we execute the below script in PowerShell:

# This Sample Code is provided for the purpose of illustration only and is not intended to be used in a production environment.
# THIS SAMPLE CODE AND ANY RELATED INFORMATION ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR
# FITNESS FOR A PARTICULAR PURPOSE.
#
#
# Script queries port 135 to get the listening ephemeral ports from the remote server
# and verifies that they are reachable.
#
#
# Usage: RPCCheck -Server YourServerNameHere
#
#
# Note: The script relies on portqry.exe (from Sysinternals) to get port 135 output.
# The path to portqry.exe will need to be modified to reflect your location
#
Param(
[string]$Server
)
# WORKFLOW QUERIES THE PASSED ARRAY OF PORTS TO DETERMINE STATUS
workflow Check-Port {
param ([string[]]$RPCServer,[array]$arrRPCPorts)
$comp = hostname

ForEach -parallel ($RPCPort in $arrRPCPorts)
{
$bolResult = InlineScript{Test-NetConnection -ComputerName $Using:RPCServer -port $Using:RPCPort _
-InformationLevel Quiet}
If ($bolResult)
{
Write-Output “$RPCPort on $RPCServer is reachable”
}
Else
{
Write-Output “$RPCPort on $RPCServer is unreachable”
}
}
}
# INITIAL RPC PORT
$strRPCPort = “135”
# MODIFY PATH TO THE PORTQRY BINARY IF NECESSARY
$strPortQryPath = “C:\Sysinternals”
# TEST THE PATH TO SEE IF THE BINARY EXISTS
If (Test-Path “$strPortQryPath\PortQry.exe”)
{
$strPortQryCmd = “$strPortQryPath\PortQry.exe -e $strRPCPort -n $Server”
}
Else
{
Write-Output “Could not locate Portqry.exe at the path $strPortQryPath”
Exit
}
# CREATE AN EMPTY ARRAY TO HOLD THE PORTS RETURNED FROM THE RPC PORTMAPPER
$arrPorts = @()
# RUN THE PORTQRY COMMAND TO GET THE EPHEMERAL PORTS
$arrQuryResult = Invoke-Expression $strPortQryCmd
# CREATE AN ARRAY OF THE PORTS
ForEach ($strResult in $arrQuryResult)
{
If ($strResult.Contains(“ip_tcp”))
{
$arrSplt = $strResult.Split(“[“)
$strPort = $arrSplt[1]
$strPort = $strPort.Replace(“]”,””)
$arrPorts += $strPort
}
}
# DE-DUPLICATE THE PORTS
$arrPorts = $arrPorts | Sort-Object |Select-Object -Unique
# EXECUTE THE WORKFLOW TO CHECK THE PORTS
Check-Port -RPCServer $Server -arrRPCPorts $arrPorts

The output will look similar to:

Testing RPC Dynamic Ports on SERVER01.KIMCONNECT.COM:
—————————————————-
5722: reachable
49159: reachable
49234: reachable
49155: reachable
49242: reachable
49240: reachable
49153: reachable
49154: reachable
49152: reachable

Make sure to install PortQry. PortQry.exe is a Free solution and we can download it from www.sysinternals.com

We will have to tell the script where the PortQry.exe binary is located by modifying the path on this line of the script: $strPortQryPath = “C:\Sysinternals”.

Finally, the script requires PowerShell v4 since it was written to use WorkFlow and Test-NetConnection, which requires PowerShell v3 & PowerShell v4 respectively.

[Stuck with RPC ports? We are here for you!]

 

Conclusion

In short, testing RPC ports with PowerShell do not always work as planned. Today, we got an idea of how our Support Techs go about pinging available RPC ports with PowerShell and Sysinternals tools.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF