Whenever installing Altiris Notification Server or Altiris Deployment Server into any IT environment, there are always some issues around the availability of certain ports that Altiris uses for its different solutions to function correctly. These ports need to be allowed through the firewalls of all the desktop computers for communication from the Altiris agent and the Notification server.
How can we troubleshoot these ports and see if they are open, closed or functioning correctly? Altiris Notification Server has tools to monitor the ports if they are open or closed; this is added when you install RTSM. But what if you only have Client Management Suite Level 1, then those utilities are not available. So how would you check the ports and query them for activity?
Microsoft has developed a utility which is called "Port Query", which can assist in more ways than one to troubleshoot any port connectivity, activity and ensure communication is possible.
Port Query
PortQry is a command-line utility that you can use to help troubleshoot TCP/IP connectivity issues. This utility reports the port status of target TCP and User Datagram Protocol (UDP) ports on a local computer or on a remote computer. PortQry also provides detailed information about the local computer's port usage. PortQry runs on all the following operating systems:
- Microsoft Windows Server 2003
- Microsoft Windows XP
- Microsoft Windows 2000
Download Utility from:
www.microsoft.com/downloads/details.aspx
Port status reporting
PortQry reports the status of a port in one of the following ways:
- LISTENING
- Process is listening on the target port. PortQry received a response from the target port.
- NOT LISTENING
- No process is listening on the target port. PortQry received one of the following ICMP messages from the target port:
- Destination unreachable
- Port unreachable
- FILTERED
- Port is being filtered. PortQry did not receive a response from the target port. A process may or may not be listening on the target port.
When you troubleshoot a connectivity problem, especially in an environment that contains one or more firewalls, it is useful to know if a port is being filtered or if it is listening. PortQry includes some special features to help make this determination on selected ports. If there is no response from a target UDP port, PortQry reports that the port is LISTENING or FILTERED. PortQry then sends a correctly formatted message that the listening service or program understands. PortQry uses the correct session layer or application layer protocol to determine if the port is listening. PortQry uses the Services file that is located in the %SYSTEMROOT%\System32\Drivers\Etc folder to determine which service listens on each port.
PortQry supports the following session layer and application layer protocols:
- Lightweight Directory Access Protocol (LDAP)
- Remote Procedure Calls (RPC)
- Domain Name System (DNS)
- NetBIOS Name Service
- Simple Network Management Protocol (SNMP)
- Internet Security and Acceleration Server (ISA)
- SQL Server 2000 Named Instances
- Trivial File Transfer Protocol (TFTP)
- Layer Two Tunneling Protocol (L2TP)
LDAP support
PortQry can send an LDAP (Lightweight Directory Access Protocol) query by using both TCP and UDP and interpret an LDAP server's response to that query correctly.
RPC support
PortQry can send an RPC query by using both TCP and UDP and interpret the response to that query correctly. This query returns (dumps) all the end points that are currently registered with the RPC endpoint mapper. PortQry parses, formats, and then returns the response from the RPC endpoint mapper to the user.
DNS support
PortQry can send a correctly formatted DNS query by using both TCP and UDP. PortQry sends a DNS query for the following fully qualified domain name (FQDN):
altirissms.demo.com
PortQry then waits for a response from the destination DNS server. If the server returns a response, PortQry determines that the port is LISTENING.
NetBIOS name service support
By default, the NetBIOS name service listens on UDP port 137.
SNMP support
By default, the SNMP service listens on UDP port 161. To determine whether port 161 is listening, PortQry sends a query that is formatted in the way that the SNMP service accepts. The SNMP service is configured with a community name or a string that you must know to obtain a response from the server. By default, PortQry uses the community name, "Public." To specify a different community name, use the -cn command-line option. When you specify a community name in the PortQry.exe command, enclose that community name in exclamation marks (!).
ISA Server support
By default, ISA Server uses TCP port 1745 and UDP port 1745 to communicate with Winsock proxy clients and with firewall clients. Computers that have the Winsock proxy client program or the Firewall client program installed use these ports to request services from ISA Server and to download configuration information. Typically, these services include name resolution services and other services that are not HTTP-based (for example, Winsock connections). To determine whether the port is listening, PortQry sends a query that is formatted in the way that ISA Server accepts.
SQL Server 2000 support
PortQry queries UDP port 1434 to query all the SQL Server named instances that are running on a SQL Server 2000 computer.
TFTP support
By default, TFTP servers listen on UDP port 69.
L2TP support
Routing and Remote Access servers and other virtual private networking (VPN) servers listen on UDP port 1701 for inbound L2TP connections.
Customize ports that queries use
By default, every Windows Server 2003, Windows XP, and Windows 2000-based computer has a Services file that is located in the %SYSTEMROOT%\System32\Drivers\Etc folder. PortQry uses this file to resolve port numbers to their corresponding service names. The content of this file dictates the ports where PortQry sends formatted messages when you use the PortQry.exe command. You can edit this file to direct PortQry to send formatted messages to an alternative port.
Additional service information returned
PortQry displays extended information that some ports may return. PortQry looks for this "extended information" on ports where the following services listen:
- Simple Mail Transfer Protocol (SMTP)
- Microsoft Exchange POP3
- Microsoft Exchange IMAP4
- FTP Publishing Service
- ISA Server services
PortQry command-line options
You can use the following command-line options with PortQry:
- -n (name): This parameter is required. Use this parameter to specify the destination computer.
- -p (protocol): This parameter is optional. Use this parameter to specify the type of port or protocol that is used to connect to the target port on the destination computer.
- -e (endpoint): This parameter is optional. Use this parameter to specify the end point (or the port number) on the destination computer.
- -o (order): This parameter is optional. Use this parameter to specify a certain number of ports to be queried in a particular order
- -r (range): This parameter is optional. Use this parameter to specify a range of port numbers to query in sequential order.
- -l (log file): This parameter is optional. Use this parameter to specify a log file to record the output generated by PortQry.
- -y (yes, overwrite): This parameter is optional. Use this parameter together with the -l parameter to suppress the "overwrite" prompt when a log file exists that has the same name that you specify in the PortQry command
- -sl (slow link): This parameter is optional. Use this parameter to cause PortQry to wait longer for responses from UDP queries.
- -nr (no reverse name lookup): This parameter is optional. Use this parameter to bypass the reverse name lookup that PortQry performs when you specify an IP address together with the -n parameter.
- -q (quiet mode): This parameter is optional. Use this parameter to cause PortQry to suppress all output to the screen except for error messages.
- -cn (community name): This parameter is optional. Use this parameter to specify a community string or community name to use when you send an SNMP query.
- -sp (source port): This parameter is optional. Use this parameter to specify the initial source port to use when you connect to the specified TCP and UDP ports on the destination computer.
PortQry interactive mode
Users can query ports from the command line in a command prompt window. When you troubleshoot connectivity issues between computers, you may have to type many repetitive commands. But PortQry also has an interactive mode. The interactive mode is similar to the interactive functionality in the Nslookup DNS utility or in the Nblookup WINS utility.
To start PortQry in interactive mode, use the -i option. For example, type portqry -i.
PortQry local mode
The PortQry local mode of operation is designed to give you detailed information about the TCP ports and the UDP ports on the local computer where PortQry runs. PortQry has the following basic command available in local mode:
portqry.exe -local When you run this command, PortQry tries to enumerate all the TCP and UDP port mappings that are currently active on the local computer. This output is similar to the output that the netstat.exe -an command generates.