Specify port when calling WMI in powershell? - powershell

WMI queries run off port 135 (from what google tells me). Can you specify a different port when trying to do a WMI query?
Alternatively, can you use the system.managment.managementScope object and specify a port when connecting? Perhaps like this:
\\computername:port\root\cimv2\
If the answer to both of these is "no," then can you connect a different way and once connected, run a wmi query?
Reason for this question:
I have a mixed environment, and I need to query some servers behind a firewall. I cannot specify a timeout value for WMI queries, so I need a way to connect to these boxes without a new firewall rule.

WMI uses port 135 to negotiate, then the DCOM selects a random port between 1024 and 65535. Making it hard to for a fixed port. Not very friendly for firewalls...
As a comment from Jeff, said above you have to tell the machine you are connecting to, to limit the port it uses.
In windows server 2003 you could not limit the port which was chosen, so for those I run my script on that server and then push the results back on known port. My script uses the standard SQL port as all information is stored on the database.
For windows server 2008 R2 you can limit the port it uses, this can be done by running the following on each server;
At the command prompt, type winmgmt -standalonehost
Stop the WMI service by typing the command net stop "Windows Management Instrumentation"
Restart the WMI service again in a new service host
by typing net start "Windows Management Instrumentation"
Establish a new port number for the WMI service by typing netsh firewall add
portopening TCP 24158 WMIFixedPort
Steps and more information can be found here (as Jeff gave):
Setting Up a Fixed Port for WMI
Its not the best solution but the only one I know of, I have been building scripts for a large server environment for a long time now. The way I have always handled it is to have a script in each location (DMZ etc) and then push the data back on a known port.
I hope you find this useful.

Related

Monitoring SQL service on a remote computer and start or stop a local service based on the result

I have a local service which interacts with a SQL database.
This service stays up when SQL database goes down.
What I need is a PowerShell script that checks the remote SQL service and based on the result it must start or stop the local service.
Any help would be highly appreciated
You can check if SQL server port is open on a remote host.
See this answer for details about how to do this How to check Network port access and display useful message?
The port number is depending on SQL server you're using. For example, for MS SQL default port is 1433 and for MySQL - 3306.

Developer exception starting a client-server model on Eiffel net

I'm trying to establish a connection using sockets between 2 PC's on the same LAN using the Eiffel Programming Language. I'm trying to run the examples that are by default on the installation directory of Eiffel Studio. However right now I'm trying to make it on the same machine by addressing to localhost (127.0.0.1).
It works perfectly on Linux (Ubuntu 15.10) but on windows 7 I'm getting an exception when I try to run the client program. The code of the exception is 24 Unable to establish connection. The server program runs just fine and I already got a connection between a client on linux and a server on windows. I didn't find a solution to this exception on the documentation nor on other sites. Here is a screencap:
Screencap of the debugger
Here is a link to the doc:
https://www.eiffel.org/doc/solutions/Two%20Machines
Thank you in advance.
The issue might be caused by the fact that some ports are used and others are reserved by the system. In particular the port range 0-1023 is designated for use by common system and network services. Ports beyond this range can also be registered (e.g., Service Name and Transport Protocol Port Number Registry or List of TCP and UDP port numbers). System security settings could also prevent applications from using specific port numbers.
The solution is to look for and to use port numbers that are available for user applications. Ports currently used on Windows can be found with netstat -an, what can be used is related to TCP/IP and firewall settings. The simplest approach is to try using some other port numbers, e.g. in the range 1024-49151.

How to find the port number in ubuntu 12.04?

I need to write my first socket program involving TCP connections. In the program I have created there is a client and server, both of which are the machine I am coding on.However,it requires that I pass the port number as a command line argument. How do I accomplish this?
The answer is simple : Make sure your server and your client agree on the port to use. As long as the port is available and can be used, set up the connected so that the client and server use that same port.
Here's a link that explain the different ranges available for TCP and UDP ports.
As an exemple, the port 3074 is used by microsoft for its Xbox live service. Making an application using this port might interfere with the service.
The port used will be defined either in a configuration file or hard-coded in the source code of both the server and the client. You should easily be able to find it with a quick look at the code or the directory which contains the application.

WSEACCES error binding to socket on Windows Server 2008

I have a windows server 2008 machine on which I am unable to bind to a socket at a particular high-port range without getting an error 10013 (WSAEACCES). In particular, I can't bind to ports 62788-64764, which is rather inconvenient since I'm trying to start up a service that is configured to run on ports in that range, and I can't change that configuration. The process is launched from a cmd window having Administrator privileges.-a
Why can't I bind to these port numbers?
I've tried all the obvious things:
Netstat -a does not show any processes listening on those ports.
Using netsh int ipv4 show excludedportrange protocol=tcp, I verified that there aren't any excluded ports in this range:
Start Port End Port
---------- --------
80 80
443 443
8172 8172
47001 47001
The machine was running a DNS server, so I set the DNS SocketPoolSize to zero, but that didn't work. (I even shut the server down, but that didn't help either).
I've rebooted (and kicked) the machine several times, and I've reset the winsock catalog (netsh winsock reset).
There's got to be some other configuration setting I am missing; any ideas?
UPDATE: I discovered that shutting down the Windows service "Internet Connection Sharing" makes the problem go away, although why that service was locking up these specific ports is still unclear to me.
I'd guess with ICS enabled, Hide NAT is also enabled (internal IPs hiding behind a single - or multiple - external IPs). That means the Server will need to rewrite source IP and source port of clients going to the internet to avoid source port collisions.
Hiding NAT gateways thus usually reserve a port range in the higher area (>port 50000) for that. So ICS may block a whole range of high ports for NAT porposes.
And this is why server applications should stay in the low / privileged range of ports (i.e. <1024)

Configure and listen successfully using WinRM in powershell

I'm testing WinRM connection using Command Prompt on my local and remote machine and my question is devided into two parts.
PART I
I tested TCP/IP connectivity by using ping command to ping : IP Address of local computer and remote computer, default gateway and DNS Server and it runs perfectly on both local and remote computer.
But when testing using WinRM commands, I used this command to locate listeners and addresses
winrm e winrm/config/listener
It gives me this output for my local machine
Listener
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn =<IP Address>,127.0.0.1, ::1,fe80::100:7f:fffe%13,fe80::803:5e43:50ef:c50%11
But the same command when I run on remote machine gives me an output with everything else the same, except
Listener[Source="GPO"]
.
.
.
ListeningOn=null
I want to configure it to make it listen correctly.
PART II
And when I run these commands one by one on my remote machine
winrm id -r:<machine name>
winrm get winrm/config -r:<machine name>
winrm get wmicimv2/Win32_Service?Name = WinRM -r:<machine name>
It gives a WSMan Fault with an error message as :
The client cannot connect to the destination specified in the request. Verify
that the service on the destination is running and is accepting requests.Consult
the logs and documentation for WS-Management service running on the destination,
most commonly IIs or WinRM. If the destination is the WinRM service, run the
following command on the destination to analyse and configure the WinRM service:
"winrm quickconfig".
Whereas, same commands when I run on my local machine run correctly.
winrm id
winrm get winrm/config
winrm get wmicimv2/Win32_Service?Name = WinRM
At most, all the problems I'm facing is on my remote machine.
What is causing this to happen and how can I configure it to listen and connect successfully?
Thank You.
Part II, I am now able to run these on one of my other remote machines with correct output.
I made some changes in this particular remote machine for which I had posted the question and so, it wouldn't run these commands until I fix the part I but besides that if nothing has been altered it will run just like it does on my other remote machines.
I would still appreciate if someone could help me with part I in which I have to get rid of
Listener[Source=GPO]
..
.
ListeningOn=null
when I run the command
winrm e winrm/config/listener
because this is what is causing issues but I'm not sure how to disable/remove Group Policy Settings.
To determine which group policy is configuring your WinRM you can run the following from an administrative command prompt:
gpresult /h result.html & result.html
In the displayed result, locate Windows Components/Windows Remote Management (WinRM)/WinRM Service. The Winning GPO is where you can enable/disable GPO settings. Use GPMC (Group Policy Management Console) to manage the Group Policy.
ListeningOn=null appears when an administrator has incorrectly configured the Group Policy IPv4 filter setting in Allow automatic configuration of listeners usually with an IP or network that does not exist on the affected Server.
To reset IP addresses (ListeningOn), you probably need to re-create the listener (remove the old HTTP listener and create a new one). Please find the example below.
In PowerShell:
Remove-WSManInstance winrm/config/Listener -SelectorSet #{Address="*";Transport="http"}
New-WSManInstance winrm/config/Listener -SelectorSet #{Address="*";Transport="http"}
Here is the syntax for the specific IP address to bind:
New-WSManInstance winrm/config/Listener -SelectorSet #{Address="IP:192.168.100.2";Transport="http"}
In Command Prompt:
winrm delete winrm/config/Listener?Address=*+Transport=HTTP
winrm create winrm/config/Listener?Address=*+Transport=HTTP
Further reading:
Three ways to configure WinRM listeners.
The Windows Remote Manager (WinRM) service does not start.
Related question: Allow PowerShell remoting only from one address.
I had the same issue and found that when the GPO Setting: Allow remote server management through WinRM had an IPv4 filter set to the IP address of my jumphost the winrm e winrm/config/listener command generated the ListeningOn=null issue.
I solved this by setting the Filter to * and sorting the permissions on firewall level instead.
I solved this changing a GPO, exactly as answered Neossian (sorry, no reputation to just add a comment). But "IPv4 filter" must not be empty, nor accepts CIDR notation (that was my huge mistake). As already said by Craneum, uses "*" for listen on any interface or some range of IP addresses your local network devices are connected (as "192.168.0.1-192.168.0.254" or something like that).
DO NOT USE "192.168.0.0/24" notation. Yes, the help section is very clear on that, yet I used the wrong notation.
The thing is that the IP Range you are entering is not the range that has access to the system but defines the IP range that can be used as the WinRM interface by the system. Means you have to specify a range of IP addresses which includes all the client IPs the GPO is affecting.
Ensure that you have a filter (IPv4 and/or IPv6) defined in the "Allow remote server management through WinRM" under [Computer Configuration]/[Policies]/[Administrative Templates]/[Windows Components]/[Windows Remote Management (WinRM)]/[WinRM Service].
I would suggest a filter of "*" for both IPv4 and IPv6 unless you know what you want to filter.