We have written (in Go and Delphi) several Windows microservices, which respond to HTTP requests on specific ports in the 11000-12000 range. These are designed to run internally within the Domain or Private network of the client (i.e. not on the internet).
They run perfectly on all but one of our 50+ client systems, on OS's ranging from Windows 7/10/11 to Windows Server 2008R2/2012/2016/2019. The installation process for each of these services sets up rules in the Windows firewall to accept the requests to each service exe.
The one client system that they dont work on is running Windows Server 2016 Essentials. This is the only client system running that specific OS, so that may be a factor in the problem.
Even locally using a web browser on that system to query the services they dont work. The requests just wait for a while and then timeout: ERR_CONNECTION_TIMED_OUT.
However the same requests to the same ports at address 127.0.0.1 (localhost) work instantly - proving the services are actually running.
The mode of failure when the targeted service is not running, or if we address the wrong port, is different. In that case we get a quick "refused to connect" failure: ERR_CONNECTION_REFUSED
There are no third party antivirus or firewall products installed on the system, which is only using Windows Defender with the normal Windows firewall. We've tried everything we can think of with the Windows firewall, including turning it off completely. Nothing we've tried made any difference.
We've tried using many alternative port numbers, but we dont get any success until we get up to the 49000 range and above, but we'd really rather not have to change from our normal port number range unless its completely unavoidable.
We've spent many hours trying to find any solution without any luck. We are really hoping that some bright person out there has some idea that will lead to finding the cause of the problem.
Related
Unable to do the windows update through batch patch. When I tried to check for available updates, some instances are showing the error message as “Error 1601: Failed to retrieve WMI info. The RPC server is unavailable".
I have tried the below troubleshooting steps for those instances which are showing error.
1. Windows Firewall – opened ports 135 and 445
2. Checked the RPC service to see if it is running and set to automatic
3. If the instance is stopped, we have left it alone
Followed this KB https://batchpatch.com/troubleshooting-common-errors-in-batchpatch no luck. Anyone who has experience or idea what is wrong please guide me.
It's peculiar that you would post on stackoverflow rather than contacting BatchPatch support directly (https://batchpatch.com/contact) or posting on the support forum (https://batchpatch.com/forum).
The page that you linked (batchpatch.com/troubleshooting-common-errors-in-batchpatch) contains additional links for troubleshooting the 'RPC server is unavailable' error. It specifically points to these two links:
batchpatch.com/using-batchpatch-with-windows-firewall
batchpatch.com/batchpatch-ports
It is not sufficient to just open 135 and 445 in the Windows Firewall. You must open 'File and Printer sharing' and 'Windows Management Instrumentation (WMI).' In your case, probably the error is occurring because you did not open 'Windows Management Instrumentation (WMI).'
The above link also further explains:
In order for WMI to work properly… The target computer must be able to
receive and process RPC (Remote Procedure Call) requests. Both the WMI
and RPC services must be running on the target computer. If you’re
using Windows Firewall on the target computer, then please follow the
instructions on this page to configure it properly: Using BatchPatch
with Windows Firewall
(batchpatch.com/using-batchpatch-with-windows-firewall).
If you are using a hardware firewall, the configuration for WMI can
potentially be a bit trickier, depending on the particular firewall
device. WMI connections, by default, are not established on a
static/fixed port. Instead WMI uses dynamic port configuration for its
connections, which means that the actual ports used for a given
connection are established on-the-fly at the time of connection. Each
connection will end up using different ports. In the context of a
classic hardware firewall, this used to be a problem because hardware
firewalls would typically require any open ports to be configured
manually. An enterprise firewall administrator could never know in
advance which ports would need to be opened. However, fortunately many
modern firewalls now implement DCE/RPC, which solves this problem and
allows the use of dynamic ports for WMI/RPC. If you have a network
level hardware firewall in place between the BatchPatch computer and
the target computers, you’ll need to configure it to allow DCE/RPC, so
that it can open the necessary ports, on-the-fly, for each WMI
connection. More info on DCE/RPC can be found at the following two
links:
en.wikipedia.org/wiki/DCE/RPC
wiki.wireshark.org/DCE/RPC
The access to my web application running Windows 2008 Server on localhost is fast; however, when I tried to access the web application through another PC (exp: http://xxx.xxx.xxx.xx:8080/appname) is takes about one minute to load a simple login page. Any input regarding this matter is much appreciated.
Further information, the firewall is already off and the setup within a LAN environment without Internet access.
With this little information it is almost impossible to debug your situation. However, I'll take a guess based on what you've provided.
If you're running on an internal LAN, the problem is likely that you don't have reverse DNS configured for your server. Your server has some made-up name for which only forward-DNS exists. When Tomcat receives a request it tries to look up the hostname based on the IP address, and this can take a long time to time-out.
I'm developing a program using Windows 7. There are WCF services (soap, rest) that are used by currently by Silverlight but very soon I'll start development of the mobile application that would make use of these services.
On day to day basis I use Mac and Apache to host my website, but during the development of this program I would like to use IIS7 to put my services online. I have absolutely no problems to access all the services via localhost but as soon as I'm trying to connect through the internet I get "The connection has timed out".
I'm sure that my router is configured right as it works perfectly fine when I'm on Mac OS, but it looks like Windows simply blocks incoming connections from outside; I cannot even connect from another computer on the same network.
So is there a way of using Windows 7 as server with IIS7 or is it only possible with Windows Server? I know it might be like enabling/disabling one setting somewhere but I just cannot find it.
Please help.
By default, the Windows 7 firewall doesn't have a port 80 exception for IIS, you will need to either add an exception or disable the firewall to be able to connect from another machine.
Windows has a built-in firewall that is probably blocking the connections. Type "firewall" into the control panel search box to find the settings to allow stuff through/turn it off completely.
I am trying to develop one application which can block all urls using win32 api on windows desktop application.
So is there any api or any procedure doing programmatically so that i can block all urls?
It's impossible to block just URLs. If you want to make sure no one can access the internet the only way to do this would be to unplug the ethernet cable. (Or whatever is giving you connectivity) Here's why:
Blocking all DNS resolution won't stop someone from accessing http://206.132.84.265/
Blocking port 80 and 443 won't stop someone from accessing a web site hosted on a non-standard port.
Denying access to IE and installation of any other software won't stop someone from downloading a browser that doesn't require to be installed (Like a text browser) and putting it on a thumb drive.
Buying an expensive firewall that blocks HTTP traffic won't be able to stop SSL operating on a non-standard port.
Believe me, back in highschool I worked in a warehouse with a scanner gun and figured out how I could check my email with it (with a little help from my computer at home) since an internet gateway was on the same network.
If you want to block people from surfing the web, disconnect the internet.
I suppose you can do it using the Windows Firewall API
http://msdn.microsoft.com/en-us/library/Aa366453.aspx
You can do this using Windows Firewall Protocol. This is an API provided by Microsoft.
For Vista it's straight-forward, but for XP you need to do some work around, as examples are not available for that.
I have a program consisting of a server and a client processes. Both run on Windows systems - Windows 2000 or later versions. The two processes can run on the same machine or on two different machines.
How can the client determine if it is run on the same machine as the server? If the server is not running the client can't work anyway and doesn't care where the server possibly is - so this case is out of the question. I've heard that each Windows machine has an UUID - can I obtain it and use for that purpose?
Windows networking requires computer names to be unique, so calling the GetComputerName api and having the client and server swap names (and compare the received name to the name they see) should suffice. If the client and server can start up independently of one another then you'll need some sort of protocol for this process. It seems logical for the client to initiate the exchange, and the server to only send its name when it has received a name from a client. The client can then abort the connection if it sees the same name.
I believe most virtual machine systems will allow the virtual machine to have its own name, so it should still be possible for you to test on virtual machines. However I don't have extensive experience of all the virtualisation technologies out there, so can't say for sure.
Previous question about generating a unique machine id that might help.
Link to previous answer which mentions MachineGUID
It is straightforward to add an API to the server that reports its machine name. The environment variable is COMPUTERNAME. The client could check that, right?
Do you need to deal with any of these cases?
The client is running, but the server is not responding, and you want to know whether the unresponsive server is on a remote machine.
The client and the server are running in two distinct virtual machines on the same host machine, and you want to report that as "running on the same machine."
The client is running in a virtual machine hosted by the same machine as the server is running on, and you want to report that as "running on the same machine."
The client and the server are running on uncoordinated networks and both might have been assigned the same name.
The server is possibly hostile, and will attempt to deceive the client.
The network card will have a unique MAC. If both server and client report the same MAC then they are using the same network card. If both client and server are running in different virtual machines but using the same network card, do you consider them running on the same machine or different machines?
how about trying to establish a loopback tcp connection? or maybe checking for some lock file created by the server in a predefined folder...
I don't know exactly how, but there's for sure something equivalent in Win32 to the /proc filesystem in Unix (I think there are free replacements for the windows taskmanager, maybe you could look at their sources) where you could search for your server process.