A wide range of applications and services uses Remote Procedure Call RPC to communicate, such as Netlogon, MMC, Active Directory, Client-Sever communication…etc.
Table of Contents
A basic introduction to Remote Procedure Call
The Remote Procedure Call RPC client starts by establishing a connection on port 135 and then negotiates with the destination on a dynamically random port number in a higher range. This range depends on the OS and application, but in some cases, it can be from Port number 1024 – 65535.
Read more about Service overview and network port requirements for Windows on Microsoft.com
The big challenge is how to troubleshoot the RPC connection issue when getting errors such as RPC is not available. In other words, Is RPC Dynamic port reachable or blocked ?!
Test RPC Connection using PortQry
You can test the RPC connection using the PortQry tool. This tool tests the RPC Server and also queries the host port and gets a list of ports and the status of the ports. In addition, this tool will get a list of RPC Dynamic ports via the RPC mapper.
Run this tool by using the command prompt.
The supported parameters are:
Command line mode options explained:
-n [name_to_query] IP address or name of system to query
-p [protocol] TCP or UDP or BOTH (default is TCP)
-e [endpoint] single port to query (valid range: 1-65535)
-r [end point range] range of ports to query (start:end)
-o [end point order] range of ports to query in an order (x,y,z)
-l [logfile] name of text log file to create
-y overwrites existing text log file without prompting
-sp [source port] initial source port to use for query
-sl 'slow link delay' waits longer for UDP replies from remote systems
-nr by-passes default IP address-to-name resolution
ignored unless an IP address is specified after -n
-cn specifies SNMP community name for query
ignored unless querying an SNMP port
must be delimited with !
-q 'quiet' operation runs with no output
returns 0 if port is listening
returns 1 if port is not listening
returns 2 if port is listening or filtered
Using PortQry
.\PortQry.exe -e 135 -n RemoteServer
The output of the command above will return a long list of connections. The focus will be on the nacn_ ip_tcp.
UUID: 1a9134dd-7b39-45ba-ad88-44d01ca47f28 Message Queuing – RemoteRead V1
ncacn_ip_tcp:RemoteServer[49179]
UUID: 1a9134dd-7b39-45ba-ad88-44d01ca47f28 Message Queuing – RemoteRead V1
ncacn_ip_tcp:RemoteServer[2107]
UUID: 1a9134dd-7b39-45ba-ad88-44d01ca47f28 Message Queuing – RemoteRead V1
ncacn_ip_tcp:RemoteServer[2103]
UUID: 1a9134dd-7b39-45ba-ad88-44d01ca47f28 Message Queuing – RemoteRead V1
ncacn_ip_tcp:RemoteServer[2105]
The format is
UUID: GUID Service Name
ncacn_ip_tcp:RemoteServer[RemotePort]
The example above will list all RPC and Dynamic ports which the Message Queuing Remote Read V1 has started and the number between the brackets [ ] is the remote port.
The PortQuery tool will be used to get a list of all the dynamic ports and then use a PowerShell script to test the reachability of this port via the Test-NetConnection
command.
Use the –Servername
parameter and set the computer name you want to scan all the RPC Dynamic ports.
I tried to make the script simple without defining a lot of variables and parameter, and all can be adjusted
PowerShell and PortQry in Action
param(
[string]$Servername="Localhost"
)
$PortQryPath=Join-Path $PSScriptRoot -ChildPath "PortQry.exe"
Try{
$RPCPorts= Invoke-Expression "$PortQryPath -e 135 -n $Servername | findstr ncacn_ip" | Select-Object -Unique
if ($RPCPorts.length -eq 0){
Write-Host "No output, maybe incorrect server name" -ForegroundColor Red
return
}
#Parsing the output
ForEach ($SinglePort in $RPCPorts){
$porttocheck=$SinglePort.Substring($SinglePort.IndexOfAny("[")+1)
$porttocheck=$porttocheck.Remove($porttocheck.Length -1)
#Checking the port reachability
$Result=Test-NetConnection -ComputerName $Servername -Port $porttocheck
Write-Host "Port health for $Servername on port $porttocheck is " -NoNewline
Write-Host $Result.TcpTestSucceeded -ForegroundColor Green
}
}
Catch{
#Something went wrong, maybe the firewall block, the exception will be written
Write-Host $_.Exception.Message -ForegroundColor Red
}
Conclusion
This script should help the admin in troubleshooting the RPC connection between the client and the server and the dynamically assigned randomly port
One Response