Microsoft KB Archive/310298

= How to Use Portqry.exe to Troubleshoot Microsoft Exchange Server Connectivity Issues =

Article ID: 310298

Article Last Modified on 3/2/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q310298



SUMMARY
This article describes how to use Portqry.exe to troubleshoot Microsoft Exchange Server connectivity issues. You can use the Portqry.exe command-line utility to troubleshoot TCP/IP connectivity issues. Portqry.exe runs on Windows 2000. Portqry.exe reports the port status of target TCP and UDP ports on a remote computer.

You can use Portqry.exe to troubleshoot Microsoft Exchange Server issues where basic TCP/IP connectivity must be verified. This may be useful in environments that have firewalls. You can use Portqry.exe to verify connectivity to TCP/IP ports that are used by Exchange Servers for SMTP, POP3, IMAP, LDAP, RPC, NetBIOS, and DNS.

Note Version 2 of Portqry.exe is now available. The Microsoft Download Center link at the end of this article has been updated to reflect the new version. Version 1.0 of Portqry.exe has been removed from the Microsoft Download Center.



MORE INFORMATION
A telnet client is typically used to determine if an SMTP, POP3, or IMAP service is listening on a TCP port on an e-mail server. Although telnet can be used to determine if these ports are listening, it does not indicate if the ports are being filtered. Also, telnet clients cannot typically be used to test UDP ports such as LDAP or RPC. Portqry.exe reports the status of a port in one of the following three ways:

Listening
A process is listening on the port on the computer you choose. Portqry.exe received a response from the port.

Not Listening
No process is listening on the target port on the target system. Portqry.exe received an Internet Control Message Protocol (ICMP) &quot;Destination Unreachable - Port Unreachable&quot; message back from the target UDP port. Or if the target port is a TCP port, Portqry received a TCP acknowledgement packet with the Reset flag set.

Filtered
The port on the computer you chose is being filtered. Portqry.exe did not receive a response from the port. A process may or may not be listening on the port. By default, TCP ports are queried three times and UDP ports are queried once before a report indicates that the port is filtered.

Portqry.exe can query a single port, an ordered list of ports, or a sequential range of ports.

Also, Portqry.exe displays &quot;extended information&quot; that is returned from some ports. Portqry.exe looks for &quot;extended information&quot; on ports where SMTP, POP3, IMAP4, and FTP services listen.

An example is SMTP. By default, SMTP listens on TCP port 25. When Portqry.exe finds that TCP port 25 on a target computer is LISTENING, it returns any &quot;extended&quot; information that the answering service provides.

Examples
You run the following command:

portqry -n MyMailServer -p tcp -e 25

TCP port 25 (smtp service): LISTENING

The following data is returned from the port:

220 MyMailServer.eu.reskit.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.2966 ready at date and time -0700

In the preceding example, the output gives some indication as to what type of SMTP server is listening on the port. This information can be useful when you troubleshoot e-mail server connectivity issues. You can use Portqry.exe to query POP3 and IMAP services in the same way.

Portqry is also capable of querying an LDAP service. It knows how to send an LDAP query (by using UDP and TCP) and interpret an LDAP server response to the query. The response from the LDAP server is parsed, formatted and returned to the user.

You run the following command:

portqry -n myserver -p udp -e 389

Portqry.exe automatically resolves UDP port 389 by using the systemroot\system32\drivers\etc\services file that every Windows 2000 computer has. If it resolves the port to the LDAP service, it sends an unformatted user datagram to UDP port 389 on the target computer. Portqry.exe does not receive a response from the port as the LDAP service only responds to a properly-formatted LDAP query. Portqry.exe does report that the port is LISTENING or FILTERED. Portqry.exe then sends a properly-formatted LDAP query to UDP port 389. If it receives a response to the query, it returns the entire response to the user, and reports that the port is LISTENING. If Portqry.exe does not receive a response to the query, it reports that the port is FILTERED.

Example Output
UDP port 389 (unknown service): LISTENING or FILTERED

Sending LDAP query to UDP port 389...

LDAP query response:

currentdate: 09/03/2001 05:42:40 (unadjusted GMT)

subschemaSubentry:

CN=Aggregate,CN=Schema,CN=Configuration,DC=eu,DC=reskit,DC=com

dsServiceName: CN=NTDS

Settings,CN=myserver,CN=Servers,CN=eu,CN=Sites,CN=Configuration,DC=eu,DC=reskit,DC=com

namingContexts: DC=redmond,DC=eu,DC=reskit,DC=com

defaultNamingContext: DC=eu,DC=reskit,DC=com

schemaNamingContext: CN=Schema,CN=Configuration,DC=eu,DC=reskit,DC=com

configurationNamingContext: CN=Configuration,DC=eu,DC=reskit,DC=com

rootDomainNamingContext: DC=eu,DC=reskit,DC=com

supportedControl: 1.2.840.113556.1.4.319

supportedLDAPVersion: 3

supportedLDAPPolicies: MaxPoolThreads

highestCommittedUSN: 4259431

supportedSASLMechanisms: GSSAPI

dnsHostName: myserver.eu.reskit.com

ldapServiceName: eu.reskit.com:myserver$@eu.RESKIT.COM

serverName: CN=MYSERVER,CN=Servers,CN=Sites,CN=Configuration,DC=eu,DC=reskit,DC=com

supportedCapabilities: 1.2.840.113556.1.4.800

isSynchronized: TRUE

isGlobalCatalogReady: TRUE

== End of LDAP query response
==

UDP port 389 is LISTENING

In the preceding example, port 389 is listening and from the output, you can determine which LDAP service is listening on the port and some details about its configuration. This information may also be useful in troubleshooting various problems.

Portqry.exe knows how to send a query to the RPC end-point mapper (by using UDP and TCP) and interpret the response. This query dumps all of the end points that are currently registered with the RPC end-point mapper. The response from the end-point mapper is parsed, formatted, and returned to the user. For example when you run the portqry -n myserver -p udp -e 135 command, Portqry.exe automatically resolves UDP port 135 by using the systemroot\system32\drivers\etc\services file that every Windows 2000 system has. If it resolves the port to the RPC End Point Mapper (EPMAP) service, it sends an unformatted user datagram to UDP port 135 on the target computer. Portqry.exe does not receive a response from the port because the RPC end-point mapper service only responds to a properly-formatted RPC query. Portqry.exe reports that the port is LISTENING or FILTERED. Portqry.exe then sends a properly-formatted RPC query to UDP port 135. This query dumps all of the end points that are currently registered with the RPC end-point mapper. If it receives a response to the query, it returns the entire response to the user and reports that the port is LISTENING. If Portqry.exe does not receive a response to the query, it reports that the port is FILTERED. An example of this occurs when you run the portqry -n mymailsrv -p udp -e 135 command:

UUID: f5cc5a18-4264-101a-8c59-08002b2f8426 MS Exchange Directory NSPI Proxy ncacn_http:169.254.112.100[1444]

UUID: 9e8ee830-4459-11ce-979b-00aa005ffebe MS Exchange MTA 'Mta' Interface ncacn_np:\\\\mymailsrv[\\pipe\\00000bbc.000]

UUID: 9e8ee830-4459-11ce-979b-00aa005ffebe MS Exchange MTA 'Mta' Interface ncacn_ip_tcp:169.254.112.100[2168]

UUID: 99e64010-b032-11d0-97a4-00c04fd6551d Exchange Server STORE ADMIN ncadg_ip_udp:169.254.112.100[2174]

UUID: 10f24e8e-0fa6-11d2-a910-00c04f990f3b Microsoft Information Store ncacn_np:\\\\mymailsrv[\\pipe\\00000ba0.000]

Total endpoints found: 5

End of RPC Endpoint Mapper query response
UDP port 135 is LISTENING

In the preceding example, port 135 is listening, and from the output, you can determine which services or programs have been registered with the target server's RPC end-point mapper database. The output includes each program's UUID, annotated name (if one exists), the protocol the program uses, the network address that the program is bound to, and the program's end point (port number, named pipe, and so on, in square brackets). This information may also be useful in troubleshooting various problems.

Portqry.exe is available for download from the Microsoft Download Center. To download Portqry.exe, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?familyid=89811747-C74B-4638-A2D5-AC828BDC6983&displaylang=en

Important The PortQueryUI tool provides a graphical user interface and is available for download. PortQueryUI has several features that can make using PortQry easier. To obtain the PortQueryUI tool, visit the following Microsoft Web site:

http://download.microsoft.com/download/3/f/4/3f4c6a54-65f0-4164-bdec-a3411ba24d3a/PortQryUI.exe

Additional query words: scanner probe netbios rpc test state

Keywords: kbhowto KB310298

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.