"RPC server is unavailable" - port 135 shows filtered - NO firewall

1

So I have a pair of 2003 Domain Controllers which seem to have problems replicating. After running netdiag, dcdiag I figured out that there is an RPC problem, so I tested the connection with portqry.exe. From DC2 to DC1 the connection to Domain related ports (ldap, RPC, DNS, Kerberos,...) seem fine. The opposite doesn't seem to work:

TCP port 135 (epmap service): FILTERED
portqry.exe -n 10.6.8.35 -e 135 -p TCP exits with return code 0x00000002.
TCP port 445 (microsoft-ds service): FILTERED
portqry.exe -n 10.6.8.35 -e 445 -p TCP exits with return code 0x00000002.

Wireshark also shows that DC1 receives packets, but does not reply back to DC2, so DC2 retransmits. Other ports are ok:

TCP port 389 (ldap service): LISTENING
UDP port 389 is LISTENING
TCP port 3268 (msft-gc service): LISTENING
TCP port 53 (domain service): LISTENING
UDP port 53 (domain service): LISTENING

Windows firewall is disabled on both servers and they are on the same subnet so there is no other kind of external firewall blocking traffic. All services including RPC are started and running.

Netstat on DC2:

C:\Documents and Settings\Administrator>netstat -na | findstr 135
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    10.6.8.35:135          10.6.8.35:1814         ESTABLISHED
  TCP    10.6.8.35:1814         10.6.8.35:135          ESTABLISHED


C:\Documents and Settings\Administrator>netstat -na | findstr 445
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  UDP    0.0.0.0:445            *:*

Running the same test with portqry.exe on localhost also does not seem to work as expected:

 Starting portqry.exe -n 127.0.0.1 -e 135 -p TCP ...
Querying target system called:
 127.0.0.1
Attempting to resolve IP address to a name...
IP address resolved to adc.xxx.gr
querying...
TCP port 135 (epmap service): LISTENING
Using ephemeral source port
Querying Endpoint Mapper Database...
Server's response:
RPC Endpoint Mapper did not respond
TCP port 135 is FILTERED
portqry.exe -n 127.0.0.1 -e 135 -p TCP exits with return code 0x00000000.
windows-server-2003
domain-controller
rpc
asked on Server Fault May 29, 2017 by meresgr

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0