S h o r t S t o r i e s

// Tales from software development

Can't RDP to a VM ? Is Port 137 blocked ?

with one comment

Port 137

I’d just created a virtual machine and installed Windows 2003 server but when I tried connecting to the VM using Microsoft’s remote desktop client but it failed. On the VM, Windows Firewall was turned on but the ‘Remote Desktop’ exception was enabled, so why was the connection failing ?

I tried turning off Windows Firewall to see if it made a difference. It did – the RDP client connected immediately. If I turned Windows Firewall back on, any subsequent attempts to connect to the VM also succeeded. This suggested some sort of name or address discovery issue.

As I had already enabled logging in Windows Firewall I checked the log and found that it dropped several incoming requests on Port 137:

|date       time              src          dst           src dst size
|                             ip           ip            prt prt size
|2008-05-03 15:10:19 DROP UDP 192.168.0.12 192.168.0.255 137 137 78 - - - - - - - RECEIVE
|2008-05-03 15:10:20 DROP UDP 192.168.0.12 192.168.0.255 137 137 78 - - - - - - - RECEIVE
|2008-05-03 15:10:21 DROP UDP 192.168.0.12 192.168.0.255 137 137 78 - - - - - - - RECEIVE

The log shows that the computer with IP address 192.168.0.12, which is the machine that I was running the RDP Client on, sent three  broadcast requests on the local subnet (192.168.0.255) to port 137.

Running ‘netstat -a -n -o’ at a command prompt on the target computer shows:

Active Connections
Proto  Local Address          Foreign Address        State           PID
...
UDP    192.168.0.15:137       *:*                                    4
...

So, the process with ID 4 is listening on port 137. We can find out which process this is by running the the ‘tasklist’ command at a command prompt:

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0 RDP-Tcp#1                  0         16 K
System                           4 RDP-Tcp#1                  0        212 K
...

So, the process with ID 4 is actually the system process. It’s likely that port 137 is being used for a normal system function that Windows Firewall is blocking.

A quick search on the internet indicated that this port and protocol is used by NETBIOS. Now it makes sense – because I’m not using a domain, when I tried to connect to the target computer by name, Windows broadcast a request for the computer with that name to identify itself.

My initial thought was that I should define a new exception for port 137 but then I realised that because this is a common network protocol, there was almost certainly an exception already defined. I just needed to find out what it was and enable it.

Among the other exceptions available in Windows Firewall but not currently enabled was ‘File and Printer Sharing’. Selecting this exception and clicking the Edit button displays the ports and protocols associated with this exception and one of them is UDP on port 137. Enabling this exception resolved the problem.

Still can’t connect ?

Some of the more common issues that can cause a failure to connect to a VM, or any machine for that matter…

Remote Desktop is not enabled

The most obvious cause but worth checking. The ‘Enable Remote Desktop on this computer’ option should be enabled on the Remote tab of the System Control Panel applet.

Port 3389 is blocked

RDP uses TCP on port 3389 on the server machine. If you’re using Windows Firewall this is opened by enabling the Remote Desktop exception shown on the Exceptions tab of the Windows Firewall Control Panel applet.

VM has dropped off the domain

If you use VMs in a domain and you have connectivity issues then it’s worth checking that the VM hasn’t dropped off the domain.

This can be a surprisingly subtle problem as the VM doesn’t make it obvious that it is no longer on the domain. The problem usually manifests itself as no connectivity – you cannot connect using RDP or even file shares. The server machine will still respond to pings but that’s all.

If you logon to the server using the Virtual Server VMRC, or the hardware console if this isn’t a VM, and display the users in the Administrators group you’ll see a load of SIDs instead of whatever domain users you’ve added to the local administrators group.

You’ll need to re-add the machine to the domain as described in What credentials should you use when joining a domain ?

Advertisements

Written by Sea Monkey

May 10, 2008 at 1:23 pm

Posted in Environments

Tagged with

One Response

Subscribe to comments with RSS.

  1. […] in May last year I blogged about why port 137 needs to be open for UDP requests if you want NETBIOS name lookups to […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: