In windows 10, sometimes we get an error for a particular port:
Ports are not available: listen tcp 0.0.0.0:55555: bind: An attempt was made to access a socket in a way forbidden by its access permissions. When seeing this error, our first instinct will be that somehow the port we need is being used by another application. So if we check for ports in use:
netstat -aon | find "55555" But the result may show that the port was not already being used.
Then the problem may be that Windows reserves some ports, they are the excluded ports which we cannot use for our other purposes. We can list those ports with the command:
C:\Users\Xyz> netsh interface ipv4 show excludedportrange protocol=tcp
Protocol tcp Port Exclusion Ranges
Start Port End Port
---------- --------
1031 1130
1131 1230
1231 1330
1331 1430
1431 1530
1561 1660
2363 2462
2463 2562
2563 2662
2663 2762
2763 2862
2863 2962
5357 5357
50000 50099 *
55500 55599
* - Administered port exclusions.Those ports might be blocked by Microsoft due to identified virus / malware activity. We experienced this after a windows update. Then we installed the next update and rebooted the machine. The ranges changed this time and our ports got available. Sometimes it is the enabled Hyper-V feature (we enable it for docker-for-windows installation) that does this. There may be other reasons too.
But If we try to delete a port range exclusion with the following command (even as administrator), it will return an error saying that it doesn't have permission for this.
netsh int ipv4 delete excludedportrange protocol=tcp startport=55500 numberofports=100 If the port exclusion is introduced by Hyper-V, we have two possible solutions in the end (there may be others):
Change the port that we were trying to use. The new port should be something that doesn't comes under the exclusions.
Disable Hyper-V, reserve a port range for our use, then enable Hyper-V again.
Method 1 - Windows Features tool:
> C:\Windows\System32\OptionalFeatures.exeIn Control Panel -> select Programs and Features -> Select 'Turn Windows features on or off' -> Uncheck the option Hyper-V -> Apply
Open Powershell (as admin) and run the command:
Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-All
Open Command prompt (as admin) and run the command:
dism.exe /Online /Disable-Feature:Microsoft-Hyper-V
A system reboot will be required after this.- Reserve the port (range) you want so hyper-v doesn't reserve it back.
After that reboot, if we try listing the port exclusions, we can see that some of ranges are not there now (especially, those the one which we want). Now reserve the port range we need:
netsh int ipv4 add excludedportrange protocol=tcp startport=55500 numberofports=100 3. Re-Enable Hyper-V
You can use the all the three methods mentioned above to enable the feature too. For example, showing one with dism:
dism.exe /Online /Enable-Feature:Microsoft-Hyper-V /All This will also require a system reboot.
When your system is back, try listing the port exclusions again.
What happens here is that the specified port range was added to Administered port exclusions. That means we reserved it for our purposes.
After doing this, Hyper-V is smart enough to start it’s own reserved ranges around our pre-reserved ranges (notice in the result below the range from 55500–55599 is protected ) :
C:\Users\Xyz> netsh interface ipv4 show excludedportrange protocol=tcp
Protocol tcp Port Exclusion Ranges
Start Port End Port
---------- --------
1031 1130
1131 1230
1231 1330
1331 1430
1431 1530
1561 1660
2363 2462
2463 2562
2563 2662
2663 2762
2763 2862
2863 2962
5357 5357
50000 50099 *
55500 55599 *Administered port exclusions. Now you will be able to bind to a port in that range successfully.
So basically, Administered port exclusions are those exclusions that we can add to reserve some ports for our use.