2

There is a virtual machine with Windows Server 2016 in Azure. The port is open in the operating system's firewall. Also the port is open in the Network Security Group. I used telnet to check the port - the port is closed. Did I miss something?

Mostafiz Rahman
  • 8,169
  • 7
  • 57
  • 74
Mikhail
  • 357
  • 1
  • 3
  • 17
  • You could check use `netstat -ant|findstr `. The port should listening on `0.0.0.0`. If it listens on `127.0.0.1`. You could not access it outside VM. – Shui shengbao Dec 01 '17 at 09:12
  • @Shengbao Shui - MSFT, I did it on the server, but the command window does not show anything. – Mikhail Dec 01 '17 at 09:43
  • Hi, you did it on Power Shell console? If it show noting, it means your service did not start successful or listen on other port. You need check it. – Shui shengbao Dec 01 '17 at 09:45
  • In the VM, if you test `telnet 127.0.0.1 `, what is the result? – Shui shengbao Dec 01 '17 at 09:46
  • @Shengbao Shui - MSFT, I did it on the VM. `Connecting To localhost...Could not open connection to the host, on port : Connect failed` – Mikhail Dec 03 '17 at 05:26
  • `telnet 127.0.0.1 5956`? Do you check the port is listening? `netstat -ant|findstr 5986` – Shui shengbao Dec 04 '17 at 05:59

1 Answers1

1

You could use netstat -ant|findstr <port> to check what IP your service is listening.

If your service is listening on localhost(127.0.0.1),which means it won't accept any connections from outside its local host. Your service should listen on 0.0.0.0 or your VM's private IP.

I did it on the server, but the command window does not show anything.

If it show noting, it means your service did not start successful or listen on other port. You need check it.

Shui shengbao
  • 18,746
  • 3
  • 27
  • 45
  • You also check this [question](https://stackoverflow.com/questions/47560932/azure-vm-cant-connect-to-a-tcp-server-that-listens-on-a-specific-port/47564664). – Shui shengbao Dec 01 '17 at 09:54
  • I want open the port 5986 for RPC. I checked 5985 via telnet and it is open. Also I checked Services and "Remote Procedure Call (RPC)" is runned. – Mikhail Dec 03 '17 at 05:57
  • 1
    @Flashnight Do you open port 5986 on Windows Firewall and Azure NSG? You could check this [link](https://blogs.technet.microsoft.com/uktechnet/2016/02/11/configuring-winrm-over-https-to-enable-powershell-remoting/). – Shui shengbao Dec 04 '17 at 02:43
  • @Flashnight What it the result `$so = New-PsSessionOption –SkipCACheck -SkipCNCheck Enter-PSSession -ComputerName -Credential -UseSSL -SessionOption $so`? – Shui shengbao Dec 04 '17 at 02:44
  • Yes. I open it on Windows Firewall and Azure NSG. – Mikhail Dec 04 '17 at 04:32
  • Hi, could you show the result `netstat -atn|findstr 5986`? If possible, could you share your public IP address, I will test in my lab. – Shui shengbao Dec 04 '17 at 04:33
  • The result is `Connecting to remote server failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.` – Mikhail Dec 04 '17 at 04:36
  • @Flashnight If you change public IP to private IP and test it inside VM, what is the result? It seems a firewall issue. – Shui shengbao Dec 04 '17 at 04:42
  • Please feel free to let me know if you need more future help, thanks. – Shui shengbao Dec 05 '17 at 02:52
  • I runned `netstat -atn|findstr 5986`. Powershell did not display any result in the console. – Mikhail Dec 05 '17 at 05:17
  • Winrm service is not start correctly. You could run `WinRM quickconfig` – Shui shengbao Dec 05 '17 at 05:19
  • Please check https://blogs.technet.microsoft.com/uktechnet/2016/02/11/configuring-winrm-over-https-to-enable-powershell-remoting/ – Shui shengbao Dec 05 '17 at 05:20
  • Result for private IP: `Connecting to remote server failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.` – Mikhail Dec 05 '17 at 05:21
  • Yes, you need execute `winrm quickconfig` – Shui shengbao Dec 05 '17 at 05:22
  • What is the result `netstat -ant|findstr 5985` https://imgur.com/a/iO3iY – Shui shengbao Dec 05 '17 at 05:54
  • By default, winrm service is listening on http(5985) not 5986 – Shui shengbao Dec 05 '17 at 05:54
  • Result of `netstat -ant|findstr 5985` and `netstat -ant|findstr 5986` https://imgur.com/a/VAyJQ – Mikhail Dec 05 '17 at 05:59
  • Yes, your winrm service is listening on 5985? Do you need listening your service on 5986? Now, if you open port 5985 on Azure NSG and Windows firewall, you could access your service with port 5985 https://imgur.com/a/dpgIh – Shui shengbao Dec 05 '17 at 06:00
  • Also, if you want to let winrm listening on 5986, you need create a self-signed certificate. Please check this link https://blogs.technet.microsoft.com/uktechnet/2016/02/11/configuring-winrm-over-https-to-enable-powershell-remoting/ – Shui shengbao Dec 05 '17 at 06:34
  • Thank you. I created a self-signed sertificate. I check the port 5986 via `netstat -ant|findstr 5986` and telnet. It's look opened. – Mikhail Dec 05 '17 at 07:10
  • Fine. Could you access it with public IP? Use this `$so = New-PsSessionOption –SkipCACheck -SkipCNCheck;Enter-PSSession -ComputerName -Credential -UseSSL -SessionOption $so` – Shui shengbao Dec 05 '17 at 07:10
  • Yes, I can access it with public IP. Thanks. – Mikhail Dec 05 '17 at 07:35