Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > alt.comp.os.windows-10 > #184292

Re: After years of reboots - I finally today solved a 99-port lockup after Microsoft Updates

From Marion <marion@facts.com>
Newsgroups alt.comp.os.windows-10, alt.comp.os.windows-10, alt.comp.microsoft.windows
Subject Re: After years of reboots - I finally today solved a 99-port lockup after Microsoft Updates
Date 2025-05-04 23:54 +0000
Organization BWH Usenet Archive (https://usenet.blueworldhosting.com)
Message-ID <vv8uoh$v14$1@nnrp.usenet.blueworldhosting.com> (permalink)
References <vv4b6h$3052$1@nnrp.usenet.blueworldhosting.com> <vv8rh9$299h$1@nnrp.usenet.blueworldhosting.com>

Cross-posted to 3 groups.

Show all headers | View raw

On Sun, 4 May 2025 22:59:53 -0000 (UTC), Marion wrote :


> The next step is to understand why the Windows NAT Driver is randomly
> excluding roughly about 1400 ports upon a reboot, where some of them can
> conflict with static outgoing ports that stunnel & adb use every day.

Drat.

After much research, it appears you can't directly control the ports that 
Winnat will reserve upon booting as Docker Desktop for Windows relies 
heavily on Hyper-V for containerization where Winnat is the network address 
translation component used by Hyper-V for internal networks.

Therefore, it seems that the most reliable method to prevent Winnat from 
reserving the static ports used by stunnel & by adb is to add your own 
Administered Port Exclusions which take precedence and prevent Winnat (and 
other dynamic port allocation mechanisms) from using those ports. 

Checking which port adb is using is easy to do with "adb devices".
 C:\> adb devices
      * daemon not running; starting now at tcp:55555
      * daemon started successfully
      List of devices attached
      SMGA325GSMU     device

Stunnel uses whatever ports you have configured stunnel.conf to use.
      [Mixmin]
      client = yes
      accept = localhost:55563
      connect = news.mixmin.net:563
      CAfile = ca-certs.pem
      verifyChain = yes
      checkHost = news.mixmin.net
      OCSPaia = yes

This will exclude just the two ports above (and it will persist across reboots):
 C:\> netsh int ipv4 add excludedportrange protocol=tcp startport=55555 numberofports=1

 C:\> netsh int ipv4 add excludedportrange protocol=tcp startport=55563 numberofports=1
But you never know if any app uses adjacent ports so you want a wider range.

This will add a range of 101 TCP ports, starting from port 55500
& ending at port 55600 (inclusive) to the list of administered 
outgoing excluded IPv4 ports (which should persists after reboot).
 C:\> netsh int ipv4 add excludedportrange protocol=tcp startport=55500 numberofports=101
      The process cannot access the file because it is being used by another process.

Oops. Something is using (some of) those ports, but what?
 C:\> netstat -ano | findstr "555"
      TCP    127.0.0.1:55555        0.0.0.0:0              LISTENING       11216
      TCP    127.0.0.1:55563        0.0.0.0:0              LISTENING       9380
      TCP    [::1]:55563            [::]:0                 LISTENING       9380
 C:\> adb kill-server
 C:\> netstat -ano | findstr "555"
      TCP    127.0.0.1:55563        0.0.0.0:0              LISTENING       9380
      TCP    [::1]:55563            [::]:0                 LISTENING       9380
 C:\> tasklist /FI "PID eq 9380"
      Image Name                     PID Session Name        Session#    Mem Usage
      ========================= ======== ================ =========== ============
      stunnel.exe                   9380 Console                    1     29,836 K
 C:\> taskkill /F /IM stunnel.exe

 C:\> netstat -ano | findstr "555"
 C:\> netsh int ipv4 add excludedportrange protocol=tcp startport=55500 numberofports=101
      Ok.
 C:\> netsh interface ipv4 show excludedportrange protocol=tcp
      Protocol tcp Port Exclusion Ranges
      Start Port    End Port
      ----------    --------
      5357        5357
      50000       50059     *
      55500       55600     *
      * - Administered port exclusions.

To check if I need to run that same command for UDP:
 C:\> netstat -ano | findstr /I "UDP"
      (shows no conflicts with the excluded port range of 55500-55600)

To check if I need to do the same command for IPv6:
 C:\> ipconfig /all
      (shows some link-local IPv6 addresses in network interfaces)

This is getting long, but I document it carefully so that others
can make use of the debugging technique as these work on your system.

Back to alt.comp.os.windows-10 | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

After years of reboots - I finally today solved a 99-port lockup after Microsoft Updates Marion <marion@facts.com> - 2025-05-03 05:56 +0000
  Re: After years of reboots - I finally today solved a 99-port lockup after Microsoft Updates Paul <nospam@needed.invalid> - 2025-05-03 13:38 -0400
    Re: After years of reboots - I finally today solved a 99-port lockup after Microsoft Updates Marion <marion@facts.com> - 2025-05-03 22:24 +0000
      Re: After years of reboots - I finally today solved a 99-port lockup after Microsoft Updates Uncle Bob <uncle.bob@nospam.net> - 2025-05-03 18:58 -0400
      Re: After years of reboots - I finally today solved a 99-port lockup after Microsoft Updates Victor <victorheyne@notreal.org> - 2025-05-06 11:32 -0500
        Re: After years of reboots - I finally today solved a 99-port lockup after Microsoft Updates Marion <marion@facts.com> - 2025-05-09 20:36 +0000
          Re: After years of reboots - I finally today solved a 99-port lockup after Microsoft Updates Marion <marion@facts.com> - 2025-05-09 20:56 +0000
  Re: After years of reboots - I finally today solved a 99-port lockup after Microsoft Updates Marion <marion@facts.com> - 2025-05-04 22:59 +0000
    Re: After years of reboots - I finally today solved a 99-port lockup after Microsoft Updates Marion <marion@facts.com> - 2025-05-04 23:54 +0000
      Re: After years of reboots - I finally today solved a 99-port lockup after Microsoft Updates Marion <marion@facts.com> - 2025-05-05 00:58 +0000
        Re: After years of reboots - I finally today solved a 99-port lockup after Microsoft Updates "Mr. Man-wai Chang" <toylet.toylet@gmail.com> - 2025-05-06 22:06 +0800
          Re: After years of reboots - I finally today solved a 99-port lockup after Microsoft Updates Marion <marion@facts.com> - 2025-05-06 15:45 +0000
            Re: After years of reboots - I finally today solved a 99-port lockup after Microsoft Updates Marion <marion@facts.com> - 2025-05-06 15:50 +0000
            Re: After years of reboots - I finally today solved a 99-port lockup after Microsoft Updates Marion <marion@facts.com> - 2025-05-06 17:25 +0000
              Re: After years of reboots - I finally today solved a 99-port lockup after Microsoft Updates "Mr. Man-wai Chang" <toylet.toylet@gmail.com> - 2025-05-21 02:16 +0800
                Re: After years of reboots - I finally today solved a 99-port lockup after Microsoft Updates Marion <marion@facts.com> - 2025-05-20 19:51 +0000
        Re: After years of reboots - I finally today solved a 99-port lockup after Microsoft Updates Marion <marion@facts.com> - 2025-05-06 15:58 +0000

csiph-web