A wide range of applications and services uses Remote Procedure Call RPC to communicate, such as Netlogon, MMC, Active Directory, Client-Sever communication…etc.

A basic introduction to Remote Procedure Call

The Remote Procedure Call RPC client starts by establishing a connection on port 135 and then negotiates with the destination on a dynamically random port number in a higher range. This range depends on the OS and application, but in some cases, it can be from Port number 1024 – 65535.

Read more about Service overview and network port requirements for Windows on Microsoft.com

The big challenge is how to troubleshoot the RPC connection issue when getting errors such as RPC is not available. In other words, Is RPC Dynamic port reachable or blocked ?!

Test RPC Connection using PortQry

You can test the RPC connection using the PortQry tool. This tool tests the RPC Server and also queries the host port and gets a list of ports and the status of the ports. In addition, this tool will get a list of RPC Dynamic ports via the RPC mapper.

Run this tool by using the command prompt.

The supported parameters are:

Command line mode options explained:
        -n [name_to_query] IP address or name of system to query
        -p [protocol] TCP or UDP or BOTH (default is TCP)
        -e [endpoint] single port to query (valid range: 1-65535)
        -r [end point range] range of ports to query (start:end)
        -o [end point order] range of ports to query in an order (x,y,z)
        -l [logfile] name of text log file to create
        -y overwrites existing text log file without prompting
        -sp [source port] initial source port to use for query
        -sl 'slow link delay' waits longer for UDP replies from remote systems
        -nr by-passes default IP address-to-name resolution
            ignored unless an IP address is specified after -n
        -cn specifies SNMP community name for query
            ignored unless querying an SNMP port
            must be delimited with !
        -q 'quiet' operation runs with no output
           returns 0 if port is listening
           returns 1 if port is not listening
           returns 2 if port is listening or filtered

Using PortQry

.\PortQry.exe -e 135 -n RemoteServer

The output of the command above will return a long list of connections. The focus will be on the nacn_ ip_tcp.

UUID: 1a9134dd-7b39-45ba-ad88-44d01ca47f28 Message Queuing – RemoteRead V1
ncacn_ip_tcp:RemoteServer[49179]
UUID: 1a9134dd-7b39-45ba-ad88-44d01ca47f28 Message Queuing – RemoteRead V1
ncacn_ip_tcp:RemoteServer[2107]
UUID: 1a9134dd-7b39-45ba-ad88-44d01ca47f28 Message Queuing – RemoteRead V1
ncacn_ip_tcp:RemoteServer[2103]
UUID: 1a9134dd-7b39-45ba-ad88-44d01ca47f28 Message Queuing – RemoteRead V1
ncacn_ip_tcp:RemoteServer[2105]

The format is
UUID: GUID Service Name
ncacn_ip_tcp:RemoteServer[RemotePort]

The example above will list all RPC and Dynamic ports which the Message Queuing Remote Read V1 has started and the number between the brackets [ ] is the remote port.

The PortQuery tool will be used to get a list of all the dynamic ports and then use a PowerShell script to test the reachability of this port via the Test-NetConnection command.

Use the –Servername parameter and set the computer name you want to scan all the RPC Dynamic ports.
I tried to make the script simple without defining a lot of variables and parameter, and all can be adjusted

PowerShell and PortQry in Action

param(
[string]$Servername="Localhost"
)
$PortQryPath=Join-Path $PSScriptRoot -ChildPath "PortQry.exe"

    Try{
        $RPCPorts= Invoke-Expression  "$PortQryPath -e 135 -n $Servername | findstr ncacn_ip" | Select-Object -Unique
            if ($RPCPorts.length -eq 0){
                Write-Host "No output, maybe incorrect server name" -ForegroundColor Red
                return
            }
        #Parsing the output
        ForEach ($SinglePort in $RPCPorts){
        $porttocheck=$SinglePort.Substring($SinglePort.IndexOfAny("[")+1)
        $porttocheck=$porttocheck.Remove($porttocheck.Length -1)
        #Checking the port reachability 
        $Result=Test-NetConnection -ComputerName $Servername -Port $porttocheck
        Write-Host "Port health for $Servername on port $porttocheck is " -NoNewline
        Write-Host $Result.TcpTestSucceeded -ForegroundColor Green
        }
    }
    Catch{
        #Something went wrong, maybe the firewall block, the exception will be written
        Write-Host $_.Exception.Message -ForegroundColor Red

    }

Conclusion

This script should help the admin in troubleshooting the RPC connection between the client and the server and the dynamically assigned randomly port

Read More

• Put Exchange Server 2019 to Maintenance Mode.
• Powershell: Get all Share Folders and perform Permission test Read/Write/Delete on them to see what limited user can do.
• Powershell: VMWare vCenter Standard, Move all VM from a host and place it in maintenance mode
• Control your Infrastructure using… Telegram Messenger (Part 2 – Send and Receive.)
• Xen Virtual Desktop Cannot connect to vCenter after a certificate update