Server 2012: SYN, no ACKs, on TCP ports higher than 6000


Seems ridiculous to read it back out loud, but I'm at a loss here.

Server 2012 Standard. Runs a daemon for an accounting package on TCP 12502; at some point, the server stopped accepting connections to the daemon, roughly last week, but was working two weeks ago. Server has been rebooted.

netstat confirms it's listening on all interfaces. Windows Firewall is off for all three (Domain, Public, Private)*. Running Wireshark on the server, I can see the SYNs, but no ACKd or SYN-ACKd. SMB, DNS, etc. all are working happily from the workstation to the server.

I stopped the daemon and grabbed netcat and tried for fun to listen on another non-standard/non-MS port, 1250, telnet'ed from the client machine, TCP connection OK.

Dividing my ports top to bottom until I could narrow it down…
and I get to TCP port 6000. Telnet success.
TCP port 6001, no dice.
TCP port 6002, no dice.
Rinse and repeat a dozen more times. See every SYN, but no ACK.

Is there something about ports > TCP 6000? Who knows. Google didn't.

I wish I had another 2012 Server to check, but I don't. I went online to research any new security features for 2012 that may be causing this but it was working a few weeks ago, and nothing looked obvious.

Patch Tuesday did come and go, and there's a few there that were installed that I'm sifting through, but nothing yet.

*Only thing I wasn't sure of with Windows Firewall is where it says "Not Connected" by the drop-down for each of Public and Private. They were "Off" but not sure what "Not Connected" means.

Best Answer

Took at stab at stopping the Base Filtering service. Can connect now. No idea what that service is but required me to stop Routing and Remote Access as well as IPSec/IKE.

Related Topic