Page 1 of 2 12 LastLast
Results 1 to 15 of 23

Thread: dns.exe 2500 open ports in netstat -ab

  1. #1
    ThorstenK Guest

    dns.exe 2500 open ports in netstat -ab

    On one Domaincontroller in a child domain i see 2500 open ports from dns.exe.
    No remote address and no status.
    I havent seen that before and its not like that on another DC.
    i already rebooted but it comes back. when i restart DNS Server Service they
    all open imediately.

    netstat -ab
    Proto Localaddress Remoteaddress Status PID
    UDP X-dc-01:61333 *:* 1572
    [dns.exe]
    UDP X-dc-01:52081 *:* 1572
    [dns.exe]
    UDP X-dc-01:60048 *:* 1572
    [dns.exe]
    UDP X-dc-01:62361 *:* 1572
    [dns.exe]

    Any Help appreciated.

    Thanks

  2. #2
    Ace Fekay [MVP] Guest

    Re: dns.exe 2500 open ports in netstat -ab

    In news:0681E707-A0C5-4815-8C6B-B7DCD50E65D7@microsoft.com,
    ThorstenK <ThorstenK@discussions.microsoft.com> typed:
    > On one Domaincontroller in a child domain i see 2500 open ports from
    > dns.exe. No remote address and no status.
    > I havent seen that before and its not like that on another DC.
    > i already rebooted but it comes back. when i restart DNS Server
    > Service they all open imediately.
    >
    > netstat -ab
    > Proto Localaddress Remoteaddress Status
    > PID UDP X-dc-01:61333 *:*
    > 1572 [dns.exe]
    > UDP X-dc-01:52081 *:*
    > 1572 [dns.exe]
    > UDP X-dc-01:60048 *:*
    > 1572 [dns.exe]
    > UDP X-dc-01:62361 *:*
    > 1572 [dns.exe]
    >
    > Any Help appreciated.
    >
    > Thanks


    What OS? Windows 2003? What service pack level?
    How many users are using this server or in your organization?
    Is this a public server or private only?
    Is the machine fully patched and up to date?
    Edge Firewall in place?
    Antispyware and antivirus have anything to say?

    Possibly install and run something such as TCPView, which is better than
    netstat
    http://technet.microsoft.com/en-us/s.../bb897437.aspx

    Qualys' free scan tool trial
    http://www.qualys.com/forms/trials/f...gle/?lsid=7002

    Or something more elaborate such as eEye Retina scanner which shows each
    port open and source IP.
    http://www.eeye.com/html/products/retina/index.html

    --
    Regards,
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
    MVP Microsoft MVP - Directory Services
    Microsoft Certified Trainer

    For urgent issues, you may want to contact Microsoft PSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Infinite Diversities in Infinite Combinations






  3. #3
    Terry Olsen Guest

    Re: dns.exe 2500 open ports in netstat -ab

    I have the same problem. I opened TCPView because I wanted to find out what
    was using a port that I wanted to use. TCPView took a long time to finish
    loading list but when it was done, it showed DNS.EXE as having about 2800
    ports open. I haven't seen this before and I don't know how to fix it. Can
    anyone provide any help on this issue?

    "ThorstenK" <ThorstenK@discussions.microsoft.com> wrote in message
    news:0681E707-A0C5-4815-8C6B-B7DCD50E65D7@microsoft.com...
    > On one Domaincontroller in a child domain i see 2500 open ports from
    > dns.exe.
    > No remote address and no status.
    > I havent seen that before and its not like that on another DC.
    > i already rebooted but it comes back. when i restart DNS Server Service
    > they
    > all open imediately.
    >
    > netstat -ab
    > Proto Localaddress Remoteaddress Status PID
    > UDP X-dc-01:61333 *:* 1572
    > [dns.exe]
    > UDP X-dc-01:52081 *:* 1572
    > [dns.exe]
    > UDP X-dc-01:60048 *:* 1572
    > [dns.exe]
    > UDP X-dc-01:62361 *:* 1572
    > [dns.exe]
    >
    > Any Help appreciated.
    >
    > Thanks



  4. #4
    Terry Olsen Guest

    Re: dns.exe 2500 open ports in netstat -ab

    Let me correct that. 2500 is the number, not 2800. So it appears I have the
    identical problem as the OP.

    "Terry Olsen" <tolsen64@hotmail.com> wrote in message
    news:OpPdW1C5IHA.1428@TK2MSFTNGP06.phx.gbl...
    >I have the same problem. I opened TCPView because I wanted to find out what
    >was using a port that I wanted to use. TCPView took a long time to finish
    >loading list but when it was done, it showed DNS.EXE as having about 2800
    >ports open. I haven't seen this before and I don't know how to fix it. Can
    >anyone provide any help on this issue?
    >
    > "ThorstenK" <ThorstenK@discussions.microsoft.com> wrote in message
    > news:0681E707-A0C5-4815-8C6B-B7DCD50E65D7@microsoft.com...
    >> On one Domaincontroller in a child domain i see 2500 open ports from
    >> dns.exe.
    >> No remote address and no status.
    >> I havent seen that before and its not like that on another DC.
    >> i already rebooted but it comes back. when i restart DNS Server Service
    >> they
    >> all open imediately.
    >>
    >> netstat -ab
    >> Proto Localaddress Remoteaddress Status PID
    >> UDP X-dc-01:61333 *:* 1572
    >> [dns.exe]
    >> UDP X-dc-01:52081 *:* 1572
    >> [dns.exe]
    >> UDP X-dc-01:60048 *:* 1572
    >> [dns.exe]
    >> UDP X-dc-01:62361 *:* 1572
    >> [dns.exe]
    >>
    >> Any Help appreciated.
    >>
    >> Thanks

    >



  5. #5
    Ace Fekay [MVP] Guest

    Re: dns.exe 2500 open ports in netstat -ab

    In news:uaiF23C5IHA.3484@TK2MSFTNGP05.phx.gbl,
    Terry Olsen <tolsen64@hotmail.com> typed:
    > Let me correct that. 2500 is the number, not 2800. So it appears I
    > have the identical problem as the OP.


    Can you provide responses to the questions I asked the OP that didn't
    respond? I haven't seen this and if an app or some other issue such as an
    old or current vulnerability or a hotfix causing it or some app or service
    either running locally or on the network, would better be diagnosed with
    more information.

    What would really help is an eEye IRIS capture that will tell you exactly
    where they are coming from.

    Ace



  6. #6
    shariat@gmail.com Guest

    Re: dns.exe 2500 open ports in netstat -ab

    On Jul 12, 7:50*am, "Ace Fekay [MVP]" <PleaseAs...@SomeDomain.com>
    wrote:
    > Innews:0681E707-A0C5-4815-8C6B-B7DCD50E65D7@microsoft.com,
    > ThorstenK <Thorst...@discussions.microsoft.com> typed:
    >
    >
    >
    >
    >
    > > On one Domaincontroller in a child domain i see 2500 open ports from
    > > dns.exe. No remote address and no status.
    > > I havent seen that before and its not like that on another DC.
    > > i already rebooted but it comes back. when i restart DNS Server
    > > Service they all open imediately.

    >
    > > netstat -ab
    > > *Proto *Localaddress * * * * Remoteaddress * * * * *Status
    > > *PID UDP * *X-dc-01:61333 * * * **:*
    > > *1572 [dns.exe]
    > > *UDP * *X-dc-01:52081 * * * **:*
    > > *1572 [dns.exe]
    > > *UDP * *X-dc-01:60048 * * * **:*
    > > *1572 [dns.exe]
    > > *UDP * *X-dc-01:62361 * * * **:*
    > > *1572 [dns.exe]

    >
    > > Any Help appreciated.

    >
    > > Thanks

    >
    > What OS? Windows 2003? What service pack level?
    > How many users are using this server or in your organization?
    > Is this a public server or private only?
    > Is the machine fully patched and up to date?
    > Edge Firewall in place?
    > Antispyware and antivirus have anything to say?
    >
    > Possibly install and run something such as TCPView, which is better than
    > netstathttp://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
    >
    > Qualys' free scan tool trialhttp://www.qualys.com/forms/trials/freescan/google/?lsid=7002
    >
    > Or something more elaborate such as eEye Retina scanner *which shows each
    > port open and source IP.http://www.eeye.com/html/products/retina/index.html
    >
    > --
    > Regards,
    > Ace
    >
    > This posting is provided "AS-IS" with no warranties or guarantees and
    > confers no rights.
    >
    > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
    > MVP Microsoft MVP - Directory Services
    > Microsoft Certified Trainer
    >
    > For urgent issues, you may want to contact Microsoft PSS directly. Please
    > checkhttp://support.microsoft.comfor regional support phone numbers.
    >
    > Infinite Diversities in Infinite Combinations- Hide quoted text -
    >
    > - Show quoted text -


    Hi
    I have the exact same problem.
    I have two servers. One x86 one x64. Win2k3 Standard SP2 . Fully
    patched. Both public web server, No virus or spyware is detected. No
    firewall.
    It seems that it is appeared after last DNS patch is installed.

  7. #7
    shariat@gmail.com Guest

    Re: dns.exe 2500 open ports in netstat -ab

    On Jul 13, 10:53*pm, shar...@gmail.com wrote:
    > On Jul 12, 7:50*am, "Ace Fekay [MVP]" <PleaseAs...@SomeDomain.com>
    > wrote:
    >
    >
    >
    >
    >
    > > Innews:0681E707-A0C5-4815-8C6B-B7DCD50E65D7@microsoft.com,
    > > ThorstenK <Thorst...@discussions.microsoft.com> typed:

    >
    > > > On one Domaincontroller in a child domain i see 2500 open ports from
    > > > dns.exe. No remote address and no status.
    > > > I havent seen that before and its not like that on another DC.
    > > > i already rebooted but it comes back. when i restart DNS Server
    > > > Service they all open imediately.

    >
    > > > netstat -ab
    > > > *Proto *Localaddress * * * * Remoteaddress * * * * *Status
    > > > *PID UDP * *X-dc-01:61333 * * * **:*
    > > > *1572 [dns.exe]
    > > > *UDP * *X-dc-01:52081 * * * **:*
    > > > *1572 [dns.exe]
    > > > *UDP * *X-dc-01:60048 * * * **:*
    > > > *1572 [dns.exe]
    > > > *UDP * *X-dc-01:62361 * * * **:*
    > > > *1572 [dns.exe]

    >
    > > > Any Help appreciated.

    >
    > > > Thanks

    >
    > > What OS? Windows 2003? What service pack level?
    > > How many users are using this server or in your organization?
    > > Is this a public server or private only?
    > > Is the machine fully patched and up to date?
    > > Edge Firewall in place?
    > > Antispyware and antivirus have anything to say?

    >
    > > Possibly install and run something such as TCPView, which is better than
    > > netstathttp://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

    >
    > > Qualys' free scan tool trialhttp://www.qualys.com/forms/trials/freescan/google/?lsid=7002

    >
    > > Or something more elaborate such as eEye Retina scanner *which shows each
    > > port open and source IP.http://www.eeye.com/html/products/retina/index.html

    >
    > > --
    > > Regards,
    > > Ace

    >
    > > This posting is provided "AS-IS" with no warranties or guarantees and
    > > confers no rights.

    >
    > > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
    > > MVP Microsoft MVP - Directory Services
    > > Microsoft Certified Trainer

    >
    > > For urgent issues, you may want to contact Microsoft PSS directly. Please
    > > checkhttp://support.microsoft.comforregional support phone numbers.

    >
    > > Infinite Diversities in Infinite Combinations- Hide quoted text -

    >
    > > - Show quoted text -

    >
    > Hi
    > I have the exact same problem.
    > I have two servers. One x86 one x64. Win2k3 Standard SP2 . Fully
    > patched. Both public web server, No virus or spyware is detected. No
    > firewall.
    > It seems that it is appeared after last DNS patch is installed.- Hide quoted text -
    >
    > - Show quoted text -


    Uninstalling kb951746 resolves the problem

  8. #8
    ThorstenK Guest

    Re: dns.exe 2500 open ports in netstat -ab

    sorry for the delay and sorry for forgetting the basic rules on what info to
    provide.

    Win2003 R2 Server SP2
    Domaincontroller
    Customer Site with about 1000 Users and another 2 DCs (which dont have the
    open ports, but i will have to compare the patchlevel)
    should be fully or nearly fully patched
    Server is in private LAN
    there is an enterprise Firewall in place
    nothing from AV
    Its the original dns.exe thread as i checked the PID


    "Ace Fekay [MVP]" wrote:

    > In news:0681E707-A0C5-4815-8C6B-B7DCD50E65D7@microsoft.com,
    > ThorstenK <ThorstenK@discussions.microsoft.com> typed:
    > > On one Domaincontroller in a child domain i see 2500 open ports from
    > > dns.exe. No remote address and no status.
    > > I havent seen that before and its not like that on another DC.
    > > i already rebooted but it comes back. when i restart DNS Server
    > > Service they all open imediately.
    > >
    > > netstat -ab
    > > Proto Localaddress Remoteaddress Status
    > > PID UDP X-dc-01:61333 *:*
    > > 1572 [dns.exe]
    > > UDP X-dc-01:52081 *:*
    > > 1572 [dns.exe]
    > > UDP X-dc-01:60048 *:*
    > > 1572 [dns.exe]
    > > UDP X-dc-01:62361 *:*
    > > 1572 [dns.exe]
    > >
    > > Any Help appreciated.
    > >
    > > Thanks

    >
    > What OS? Windows 2003? What service pack level?
    > How many users are using this server or in your organization?
    > Is this a public server or private only?
    > Is the machine fully patched and up to date?
    > Edge Firewall in place?
    > Antispyware and antivirus have anything to say?
    >
    > Possibly install and run something such as TCPView, which is better than
    > netstat
    > http://technet.microsoft.com/en-us/s.../bb897437.aspx
    >
    > Qualys' free scan tool trial
    > http://www.qualys.com/forms/trials/f...gle/?lsid=7002
    >
    > Or something more elaborate such as eEye Retina scanner which shows each
    > port open and source IP.
    > http://www.eeye.com/html/products/retina/index.html
    >
    > --
    > Regards,
    > Ace
    >
    > This posting is provided "AS-IS" with no warranties or guarantees and
    > confers no rights.
    >
    > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
    > MVP Microsoft MVP - Directory Services
    > Microsoft Certified Trainer
    >
    > For urgent issues, you may want to contact Microsoft PSS directly. Please
    > check http://support.microsoft.com for regional support phone numbers.
    >
    > Infinite Diversities in Infinite Combinations
    >
    >
    >
    >
    >
    >


  9. #9
    Ace Fekay [MVP] Guest

    Re: dns.exe 2500 open ports in netstat -ab

    In news:03482F06-BE77-40F4-8E9B-68269F5AE78F@microsoft.com,
    ThorstenK <ThorstenK@discussions.microsoft.com> typed:
    > sorry for the delay and sorry for forgetting the basic rules on what
    > info to provide.
    >
    > Win2003 R2 Server SP2
    > Domaincontroller
    > Customer Site with about 1000 Users and another 2 DCs (which dont
    > have the open ports, but i will have to compare the patchlevel)
    > should be fully or nearly fully patched
    > Server is in private LAN
    > there is an enterprise Firewall in place
    > nothing from AV
    > Its the original dns.exe thread as i checked the PID
    >
    >


    See if removing KB951746 helps as it did with tyeh other poster, Shariat in
    this thread.

    Ace





  10. #10
    Ace Fekay [MVP] Guest

    Re: dns.exe 2500 open ports in netstat -ab

    In news:uaiF23C5IHA.3484@TK2MSFTNGP05.phx.gbl,
    Terry Olsen <tolsen64@hotmail.com> typed:
    > Let me correct that. 2500 is the number, not 2800. So it appears I
    > have the identical problem as the OP.


    I escalated the issue with Microsoft's engineers. Hang in there.

    Also, can someone has the time to run a perfmon on dns.exe and overall
    machine performance as well, to see if it is affecting performance comparing
    with the update installed and not installed? I would appreciate it if you
    have the time to do this.

    Thanks,

    Ace



  11. #11
    ThorstenK Guest

    Re: dns.exe 2500 open ports in netstat -ab

    yes removing it made the ports disappear. but then SNMP didnt work anymore
    and IE couldnt open any internet or internal websites.
    Also like anoher poster we prefer the unknown ports over the known
    vulnerability.
    But seems like a bug in the patch. I think we are all willing to send in
    reports and logs if developement needs them.

    Thanks
    Thorsten

    "Ace Fekay [MVP]" wrote:

    > In news:03482F06-BE77-40F4-8E9B-68269F5AE78F@microsoft.com,
    > ThorstenK <ThorstenK@discussions.microsoft.com> typed:
    > > sorry for the delay and sorry for forgetting the basic rules on what
    > > info to provide.
    > >
    > > Win2003 R2 Server SP2
    > > Domaincontroller
    > > Customer Site with about 1000 Users and another 2 DCs (which dont
    > > have the open ports, but i will have to compare the patchlevel)
    > > should be fully or nearly fully patched
    > > Server is in private LAN
    > > there is an enterprise Firewall in place
    > > nothing from AV
    > > Its the original dns.exe thread as i checked the PID
    > >
    > >

    >
    > See if removing KB951746 helps as it did with tyeh other poster, Shariat in
    > this thread.
    >
    > Ace
    >
    >
    >
    >
    >


  12. #12
    Ace Fekay [MVP] Guest

    Re: dns.exe 2500 open ports in netstat -ab

    In news:905CB753-C648-4A60-968E-DE036A96A042@microsoft.com,
    ThorstenK <ThorstenK@discussions.microsoft.com> typed:
    > yes removing it made the ports disappear. but then SNMP didnt work
    > anymore and IE couldnt open any internet or internal websites.
    > Also like anoher poster we prefer the unknown ports over the known
    > vulnerability.
    > But seems like a bug in the patch. I think we are all willing to send
    > in reports and logs if developement needs them.
    >
    > Thanks
    > Thorsten


    Thorsten,

    If you have reports and logs, email them to me. Use my actual
    firstnamelastname@hotmail.com and I'll add them to my current submission to
    the Microsoft engineers.

    Ace



  13. #13
    Griff Guest

    Re: dns.exe 2500 open ports in netstat -ab

    We are experiencing the same issue. Is Microsoft working on it? Is there
    anything I can provide to help?
    It is happening on one of our Primary DC's.
    Windows 2003 server with latest patches installed
    Private network with firewall
    50 Dc's with about 1000 nodes across the country
    Nothing reporting from AV

    "Ace Fekay [MVP]" wrote:

    > In news:uaiF23C5IHA.3484@TK2MSFTNGP05.phx.gbl,
    > Terry Olsen <tolsen64@hotmail.com> typed:
    > > Let me correct that. 2500 is the number, not 2800. So it appears I
    > > have the identical problem as the OP.

    >
    > I escalated the issue with Microsoft's engineers. Hang in there.
    >
    > Also, can someone has the time to run a perfmon on dns.exe and overall
    > machine performance as well, to see if it is affecting performance comparing
    > with the update installed and not installed? I would appreciate it if you
    > have the time to do this.
    >
    > Thanks,
    >
    > Ace
    >
    >
    >


  14. #14
    Griff Guest

    Re: dns.exe 2500 open ports in netstat -ab

    Thanks Alun!

    "Alun Jones" wrote:

    > "ThorstenK" <ThorstenK@discussions.microsoft.com> wrote in message
    > news:0681E707-A0C5-4815-8C6B-B7DCD50E65D7@microsoft.com...
    > > On one Domaincontroller in a child domain i see 2500 open ports from
    > > dns.exe.
    > > No remote address and no status.
    > > I havent seen that before and its not like that on another DC.
    > > i already rebooted but it comes back. when i restart DNS Server Service
    > > they
    > > all open imediately.

    >
    > As crazy as it sounds, this is normal behaviour of the patch for MS08-037 -
    > http://support.microsoft.com/kb/953230
    >
    > The DNS server reserves 2500 UDP sockets at random ports - opens and binds
    > to them for use later.
    >
    > There are reports that sometimes these ports conflict with other
    > applications that start up after the DNS server.
    >
    > For such applications, you can set the ReservedPorts registry setting, as
    > described in http://support.microsoft.com/kb/812873.
    >
    > Alun.
    > ~~~~
    > --
    > Texas Imperial Software | Web: http://www.wftpd.com/
    > 23921 57th Ave SE | Blog: http://msmvps.com/alunj/
    > Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
    > Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
    >
    >


  15. #15
    Ace Fekay [MVP] Guest

    Re: dns.exe 2500 open ports in netstat -ab

    In news:67465228-EFFD-4530-8709-51DEB3FCE5ED@microsoft.com,
    Griff <Griff@discussions.microsoft.com> typed:
    > We are experiencing the same issue. Is Microsoft working on it? Is
    > there anything I can provide to help?
    > It is happening on one of our Primary DC's.
    > Windows 2003 server with latest patches installed
    > Private network with firewall
    > 50 Dc's with about 1000 nodes across the country
    > Nothing reporting from AV
    >
    > "Ace Fekay [MVP]" wrote:
    >
    > > In news:uaiF23C5IHA.3484@TK2MSFTNGP05.phx.gbl,
    > > Terry Olsen <tolsen64@hotmail.com> typed:
    > > > Let me correct that. 2500 is the number, not 2800. So it appears I
    > > > have the identical problem as the OP.

    > >
    > > I escalated the issue with Microsoft's engineers. Hang in there.
    > >
    > > Also, can someone has the time to run a perfmon on dns.exe and
    > > overall machine performance as well, to see if it is affecting
    > > performance comparing with the update installed and not installed?
    > > I would appreciate it if you have the time to do this.
    > >
    > > Thanks,
    > >
    > > Ace


    I'm starting to think it's related to DNS where the system will reserve
    empheral ports and they show up as what you're seeing. Not sure. Haven't
    heard back anything yet. But take a look at this article. This shows how to
    reserve them and the DNS updates may just be doing that. Reserved ports are
    probably showing up as what you're seeing. This is just speculation. I'll
    let you know if I hear anything that I can post.

    Ace



Page 1 of 2 12 LastLast

Similar Threads

  1. How to open the same ports on multiple IPs
    By brynhildur in forum Networking & Security
    Replies: 4
    Last Post: 10-12-2010, 09:11 AM
  2. Can't get into http:/192.168.1.1 to open ports
    By ANSEL in forum Networking & Security
    Replies: 4
    Last Post: 15-06-2010, 01:30 PM
  3. What ports do i open for vpn
    By M. Rafi in forum Networking & Security
    Replies: 3
    Last Post: 11-08-2009, 07:13 PM
  4. What ports should I open and how
    By cobrakaun in forum Networking & Security
    Replies: 5
    Last Post: 03-02-2009, 10:26 PM
  5. How to open ports?
    By Yaropolk in forum Technology & Internet
    Replies: 3
    Last Post: 13-10-2008, 07:18 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •