Cadzow Knowledgebase

Welcome
Contact Us
Professional
Services
Consulting
Knowledgebase/
Site Search
Remote Support

Print Friendly

Various Windows Services Fail After Reboot

Problem

After rebooting a Windows 2000/2003 Server or Windows Small Business Server (SBS) 2000/2003 machine:

  • You are unable to connect using Remote Desktop (Terminal Services), whether it is configured to listen on the default port of 3389 or a custom port;

  • The IPsec service has failed to start, and the server is running in block mode, where no inbound or outbound network traffic is permitted; and/or

  • Other services which attempt to establish a listening connection fail to start.

However, upon rebooting the machine again, these problems disappear.

Solution

These problems will occur if the operating system has assigned an ephemeral port to a process for an outbound connection that conflicts with the listening port of the failed services, before those services have started. For example, if a process has been assigned port 3389 to make an outbound connection, Terminal Services is unable to listen on that port, and will not start. Ephemeral ports are chosen randomly from a range of ports, therefore, after another reboot, the ports chosen for those processes are most likely to be different. However, once a port has been assigned to a process to listen on, thereafter it will not be used for outbound connections, so these problems only occur during startup as various processes start making connections.

Depending on the version of Windows and the installed applications (eg. Small Business Server), the ephemeral port ranges used may be 1025 to 5000, 1025 to 65535, or 49152 to 65535, or something different, so it is helpful to understand what range your system is actually using. (Refer to Choosing a TCP Port for a Network Service for a discussion on how the range of ephemeral ports are selected.) However the solution is to simply reserve the ports being used, eg. for Terminal Services or whichever services are not starting properly. In the case of Small Business Server, there are a range of specific additional ports which need to be reserved which, amongst others, resolves the problem of IPsec failing to start. A patch which automatically reserves various ports is also available.

Copyright © 1996-2023 Cadzow TECH Pty. Ltd. All rights reserved.
Information and prices contained in this website may change without notice. Terms of use.


Question/comment about this page? Please email webguru@cadzow.com.au