How to see what is reserving ephemeral port ranges on Windows?
Solution 1
Investigate and Free the Ports
It appears that Hyper-V reserves random ports (or something Hyper-V related at least). Use netsh int ip show excludedportrange protocol=tcp
to confirm that the ports that aren't working are in the output.
This has worked for me to free the ports up. It doesn't seem intrusive to me (25 thumbs up):
This is often caused by the Windows NAT Driver (winnat), stopping and restarting that service may resolve the issue.
net stop winnat docker start ... net start winnat
After this the ports were no longer reserved, but my WSL2 terminal no longer had connection to the internet, so I needed to reboot after this to get everything working again.
Reserve the Ports From Now On
If you don't do anything more, you'll likely run into this problem again. So to e.g. reserve ports 9012 and 9013 for your future use (so winnat
never tries to use them):
netsh int ipv4 add excludedportrange protocol=tcp startport=9012 numberofports=2
(Thanks @Venryx for reminding me)
Other Approaches
In an answer to a similar question about why docker couldn't open ports (24 thumbs up), this also worked for me:
netcfg -d
--this will clean up all networking devices, and requires a reboot
Somebody does warn about it though (4 thumbs up). Your maileage may vary. It worked for me, mostly because I didn't see the following warning until after I ran it successfully....
that (
netcfg -d
) is dangerous command, it corrupted my docker and it does not start up anymore. Even after reinstalling HyperV. and rebooting machine. It seems that this command removes several network adapters. Also restart does nothing. I had to reset (loose) containers and images but that led me to another issue
another answer to a similar docker question (129 thumbs up) has this, but it seemed much more involed for me, so I didn't try it:
@veqryn the workaround worked for me, the steps are:
Disable hyper-v (which will required a couple of restarts)
dism.exe /Online /Disable-Feature:Microsoft-Hyper-V
When you finish all the required restarts, reserve the port you want so hyper-v doesn't reserve it back
netsh int ipv4 add excludedportrange protocol=tcp startport=50051 numberofports=1 store=persistent
Re-Enable hyper-V (which will require a couple of restart)
dism.exe /Online /Enable-Feature:Microsoft-Hyper-V /All
when your system is back, you will be able to bind to that port successfully.
Solution 2
I had the same problem and uninstalled Hyper-V, but the reserver ports were still there. After several attempts I identified Windows Sandbox as the culprit to be disinstalled
Liam
Updated on June 22, 2022Comments
-
Liam almost 2 years
I have a Windows application that needs to use ports
50005
and50006
but it is being blocked.I see the following when I run
netsh int ip show excludedportrange protocol=tcp
:Protocol tcp Port Exclusion Ranges Start Port End Port ---------- -------- 5357 5357 49709 49808 49809 49908 49909 50008 50009 50108 50109 50208 50280 50379 * - Administered port exclusions.
So something on my machine is reserving ports
49909
to50008
, which is presumably what is causing my application to fail. I've tried deleting thisexcludedportrange
with the following command:netsh int ip delete excludedportrange protocol=tcp numberofports=100 startport=49909
But I see an error
Access is denied.
, which makes me think that whatever is reserving this ports is actively running, but I have no idea what that could be.What's also weird is that after running that command, even though I saw an error, if I reboot the
excludedportrange
will be different.As a sanity check I've also run
resmon.exe
and confirmed that there is nothing running on ports50005
and50006
.How can I tell what is adding the
excludedportrange
?EDIT: I've narrowed this down to Hyper-V. If I disable Hyper-V then those ports are not excluded.
-
Yogesh Jindal over 3 yearsI tried the winnat service restart to succesfully free up the ports as that seems like the easiest optoin. Hopefully it continues to work for me in the future and does not corrupt anything
-
Peter V. Mørch over 3 yearsI agree, @YogeshJindal. It is also the one I now use when I run into this from time to time. I've edited the post to make it the first suggestion.
-
zentrunix about 3 yearsStopping and restarting "winnat" (whatever that is) worked for me. It worked immediately, didn't even require a restart. Windows 10 Pro 20H2 19042.804 Windows Feature Experience Pack 120.2212.551.0
-
Peter V. Mørch about 3 yearsThanks @zentrunix, I've clarified my answer. The reason I needed to reboot after stop/start winnat was that it broke my WSL2 networking.
-
Nickolodeon about 3 yearsIs there an answer to original question - which process exactly has reserved the range? (Not workarounds with stopping something hoping port range will be unreserved.)
-
Doug Cuthbertson almost 3 yearsThanks so much! Those last three steps from an administrator command shell work for me. I run Hugo locally and normally it grabs port 1313, but lately it wasn't able to even after a reboot. Disabling Hyper-V as above, running
netsh int ipv4 add excludedportrange protocol=tcp startport=1313 numberofports=2 store=persistent
, re-enabling Hyper-V, and rebooting fixed it. -
Venryx almost 3 yearsFor my setup at least, the above fixes were just workarounds for the root problem, which was that the dynamic-ports range was set incorrectly on my pc. I found the solution here: stackoverflow.com/a/62359555/2441655