If you running a Windows server there is a good chance that you will some day encounter a conflict when a particular service tries to start and it will state that the UDP port is already in use.
If you run a report to see what service is currently using that port there is a very good chance you’ll discover that DNS has claimed that port, along with 50 million others.
Why? How do you fix this?
Last summer Microsoft released a major DNS patch (MS08-037) to address a vulnerability in the DNS protocol. For the security geeks in the audience you will recognize this was part of a multivendor coordinated release in response to Dan Kaminsky’s DNS vulnerability disclosure.
One of the functions of this update is to randomize DNS UDP connections. This helps prevent spoofing but can lead to conflicts with other services.
Defining the Problem
The event log should give you a clear error message which port and service is having the problem. Here’s an example an error concerning Exchange ActiveSync.
Event Source: Server ActiveSync
Event ID: 3015
Description: IP-based AUTD failed to initialize because the processing of notifications could not be setup. Error code [0x80004005]. Verify that no other applications are currently bound to UDP port [2883], or try specifying a different port number.
We know Exchange ActiveSync is failing because UDP port 2883 is already bound to another app. Next we need to find which application is causing the conflict. There is a built-in command line interface tool (CLI) called Netstat that displays open TCP/IP connections. Just go to command line and type
“netstat –a –b –o > netstatlog.txt”
[-a shows all connections and ports, –b shows the executable name, and –o displays the Process Identifier (PID). The > command pipes the output to a text file because the result will overwhelm the CLI buffer and roll results off the screen.]
Open the text file you created and do a search for the port using Ctrl-F
The result will look like this:
UDP SEVERNAME:2883 *:* 7348
[dns.exe]
The port after the server name is the local port and the executable is the program listening on the port.
There are much better tools than netstat so if you are comfortable with CLI use the Microsoft tool PortQry or if you prefer a graphical option I highly recommend Active Ports
We now know that DNS is using this port and we need to fix that. (The rest of this article will concern itself with DNS so if a different application is the source of conflict then google and the vendor support options are your friend)
Fixing the Problem
We need to now tell DNS to never use port 2883 so it can be reserved for Exchange ActiveSync.
If you are running Windows Server 2000 or 2003 open the registry editor (Start->Run->type “regedit”->Click Ok) Note*: Always, Always, Always, make a backup of your registry prior to modifying it
Navigate to the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Look for a key named “ReservedPorts”, if it exists just modify the key to exclude a range of ports. To exclude a single port my range would be 2883-2883. Click OK.
If the key does not exist create a new “Multi-string Value”, name it ReservedPorts, and then modify the key with the ports you need to excluded.
Normally you have to restart the server for these changes to take effect but you should be able to restart DNS and the port should no longer be in use by DNS.
Rerun your netstat and verify that port 2883 is now being used by a different service. The output for Exchange Active Sync netstat should look like:
UDP KINCOSVR01:2883 *:* 7348
[w3wp.exe]
Note the executable has changed.
Well I hope this saved you some headaches. For more information see the following Microsoft articles
- KB956188 – You experience issues with UDP-dependent network services after you install DNS Server service security update 953230 (MS08-037)
- KB812873 – How to reserve a range of ephemeral ports on a computer that is running Windows Server 2003 or Windows 2000 Server
- MS08-037 – Microsoft Security Bulletin MS08-037 Vulnerabilities in DNS Could Allow Spoofing
