While trying to start an asp.net 5 kestrel website, I sometime got this error :
Failed to bind to address http://localhost:5000
"An attempt was made to access a socket in a way forbidden by its access permissions."
The only way to solve the issue is to reboot the computer.
The port (5000) is not in use in TCPView or NETSTAT.
I tried to explicitly allow the app in the windows firewall, but no luck either. Same with fully deactivating the firewall.
I got this issue with a published website (kestrel) without any visual studio, and also in debug from VS2019.
My customers also have the issue around 1 day in a month, without any apparent reason.
Do you have any idea to help me track down this issue ?
Thanks.
Related
I use a local Python web server on my Windows machine. It’s simple, but good enough while in the static web page development stage. I just run it with something like this on my WSL command line:
python3 -m http.server
I can also access it on mobile devices on the same network, by going to my local address, e.g.: http://192.168.1.12:8000. All was good, until suddenly I could no longer access it on external devices, I got a “server not responding” type of message. Also, I could clearly see that when I refreshed the page on my phone, there was no GET request on the logs.
Immediately I tested on the local machine, and it was still working fine. This obviously smelled like a Firewall. In Linux, I’d know what to do, but it’s the first time I had to deal with this on Windows. This is what I’ve tried, without resolving the connection problem:
I opened the Event Viewer but could not see any obvious logs to check
I stopped the server (CTRL+C) and started it again on another port (5000). The Windows Firewall message popped up again asking for permission for Python3 to access the “Public network” and the “Private network”. Normally I just tick the “private network” but this time I checked both, as a troubleshooting step, in case my Wi-Fi was incorrectly being considered “public”.
I went to Windows Firewall and temporarily shut it down on the private network.
I installed and tried running nmap on the WSL, but it failed to run and prompted me to install the Windows version instead.
I installed and ran the Windows version of nmap but it told me that port 5000 was open.
What is the recommended way to troubleshoot and fix this issue?
Still suspecting the firewall, I tried something new, I switched off the “public network” firewall. I tested on my mobile and the page loaded as normal again! I immediately turned the firewall back on. Tested the page on my mobile once more, still fine. So, the solution was to toggle the public network firewall. I would make it more generic and toggle all firewall categories on Windows. And of course, I would make sure that the firewall stays on, this was a very quick operation.
I thought I’d put this here rather than ServerFault or SuperUser as it could potentially be more useful to developers, and it took a precious hour of my time. I still don’t know why it stopped working on its own in the first place. Better troubleshooting steps or suggestions are welcome, but I probably won’t be able to verify it as I don’t know how to purposely induce the issue.
Another solution that worked another time, was to delete all instances of Python 3.8 from the list of allowed apps (I don't know why Windows shows the same app multiple times) then (re)start the Python server and allow it through when the Firewall question pops up again.
In windows firewall you may have 4 options to configure your local web server when you are creating new Inbound connections rule.
1 Program
2 Port
3 Predefined
4 Custom
Try to use port only in "TCP protocol" and the custom port.
Allow connection.
Select: all checks: domain, private and public.
Enter a name.
Thats all.
I've never had this problem before, but suddenly as of this morning, if I try to fire up my Phoenix app while my VPN is on, I get a bunch of eaddrnotavail errors from Postgres. If I try to start my app with the VPN off, it works fine, and it continues to work fine even if I then turn the VPN on, but if I try to start it with the VPN already running, eaddrnotavail errors every time.
Anyone have any idea why this is happening or how to fix it?
I got a response from ProtonVPN on this. Apparently they're working on a technical solution, but this is the main issue:
outgoing connections to some database-related
ports are currently being blocked on most of our servers for
anti-abuse reasons
Normally, any user connected to the same ProtonVPN
server would have the same authorization to access the database you
are willing to connect to unless there are additional security
measures in place, so this is not recommended and insecure. Even if
you whitelist some ProtonVPN IP addresses with your firewall, that is
still not enough because any user would still be able to reach your
database through the very same ProtonVPN IP address.
we are working on a solution to provide dedicated IPs
My company has 4 different third party applications that use 4 different gmail addresses to send mail over port 587. One of the applications is distributed across over a hundred clients.
All four apps stopped working last week. I've been struggling to figure this out with GSuite support for the past week and they have so far been very unhelpful. One representative pointed to this recent update as the likely culprit:
https://gsuiteupdates.googleblog.com/2020/04/improve-email-security-in-gmail-with-TLS.html
But I don't have a ton of experience with mail servers and much of this is going over my head. I'm not sure why exactly the above update cause our apps to stop working.
The apps are failing to establish a TLS connection to the server and result in the following error:
handshake failure
Closing connection in response to fatal SSL/TLS alert.
Aborting handshake due to fatal alert
This comes after receiving a "Ready to start TLS" response from the smtp.gmail.com server.
All of the apps are using the Chilkat Mailman Active X component for the mail features.
https://www.chilkatsoft.com/refdoc/xChilkatMailManRef.html
Assuming the recent update is the actual culprit, I'm wondering if someone can explain why this caused our applications to stop working? Has GMail stopped supporting StartTLS? I also need to know if there is anything we can do from our GSuite account to get this working again without having to update over a hundred client applications.
The first support rep I spoke to suggested doing the following in the google admin console:
Apps -> G Suite -> Settings for GMail -> Advanced Settings -> Secure transport (TLS) compliance:
We unchecked the "Require CA-signed certificate" box and saved the setting. This has not resolved our problem.
The support rep also briefly mentioned the "Alternate Secure Route" setting in Gmail advanced settings, but I'm not sure if he knew what he was talking about or if this is applicable to our issue.
Edit
It looks like this is a combination of the GMail server update and some sort of incompatibility in the Chilkat mail component. I tried testing with a trial of a newer version of the component and SMTP works using the same settings with this component.
The developer of the component says he is not able to help me with this issue unfortunately. So I'm still wondering why the GMail server update caused the old component to stop playing nicely. I'm hoping that if I can understand what the specific change is, I can find a solution that doesn't require a major rollout.
My java mail client also just stopped working not long ago. I was using TLS connection as well. I got authentication errors.
I look forward to your findings!
-- I found my issue:
https://myaccount.google.com/u/1/lesssecureapps was no longer less security
I have an application with a server written in F# and serve web files using suave. I remote login using powershell into another machine in the network to run the application (The application is also in one of the network drives). I do that because that machine have access to third party APIs needed for the server. Now when I do [IPAddress_Of_Remote_Machine]/[html_file] or [name_of_pc]/[html_file] then chrome is waiting forever and doesn't ever return the webpage. This wasn't happening before and I ran into this problem recently. I opened a different port and used it instead of the default one 80. This made things work but the problem keeps showing up after a couple of days. I don't think it's a firewall issue but I'm clueless to why this is happening.
When running netstat -an, this is what I get (I hid the IP address):
As you can see all of the connections are either in CLOSE_WAIT or ESTABLISHED but not LISTENING. All of these TCP connections is probably because I have PhantomJS and two other APIs running in the application as well. However the loop back address is also open on the same port 5959:
I'm not sure what is difference between these two but when using PortQryUI to query the remote server it returns a success!
I have already made an inbound rule for port 5959 on the server so it should be allowed. The web page is stuck at Waiting for [name_of_pc]. Also, sometimes this problem disappears and everything works fine.
What is the potential problem behind this? Why would this happen all of a sudden?
UPDATE:
I re-ran the application today and it's working correctly. It could be that something is dynamically set within the firewall? Not really sure what is going on. The machine I'm running the server on has a bunch of applications running on it as well so maybe there is an external process that is affecting it?
I made a hello world app with Suave and deployed it on the network drive to test if it's going to work. I opened inbound rule for port 6001
Then I ran the app:
However, it's still not working and this time it says the site cannot be reached when I do: http://[name_of_pc]:6001.
Moving this to an answer so that it can be closed:
Could you post the bindings section of your suave cfg? I'm guessing you know where that is since you are using a non-standard port but if you need don't, search for HttpBinding. I suspect you will find it pointing to 127.0.0.1 which is not good enough for remote access. You could try changing it to 0.0.0.0 or to the server's actual IP address. I would try 0.0.0.0 first for the flexibility it provides
I have Windows 8.1 installed on my computer and regularly use Fiddler to capture web traffic.
Recently, however, when I open Fiddler and
it strats to capture web traffic, my Internet connectivity dies.
The error I get when I open IE is "the proxy server isn't responding."
In Chrome, I get "Could not connect to proxy server" with the following error: "Error code: ERR_PROXY_CONNECTION_FAILED."
Fiddler doesn't even capture any of the requests going out. The weird thing is that Fiddler was working ok just some days ago and nothing was recently installed on my system.
Searching the Internet for 5 hours, trying everything, and no effective response.
This also had no effect: http://www.telerik.com/blogs/fiddler-and-internet-explorer-11-on-windows-8-1
It seems that the proxy server created by Fiddler is simply not attending to any traffic.
If I close Fiddler or disable the capture mode my internet come back to normal.
Uninstall and reinstall Fiddler does not solve the problem, neither restart Windows.
This question has some similarities with my problem, but as I said, none of the answers worked for me.
Why is Fiddler having this problem, and how can I fix it?
99% of the time, this is caused by running a 3rd-party firewall which is blocking access to Fiddler.
1% of the time, this is caused by plugging a Windows Phone device into your PC over USB. The Windows Phone team steals Fiddler's default port (8888) from it.
Running Help > Troubleshoot and updating your question with its output may help.