Trying to make sense of my ongoing issue and have a question about port 4172. Can anyone explain why when i log into a console of a View Pool desktop and run a NETSTAT -a, to see what ports are listening, UDP and TCP port 4172 is not listening but when i actually login to the pool via the Horizon Client and do the same i get both ports listening??? Is there a logical reason for this?
Active Connections
BAD DESKTOP same pool
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 MWNROAM-2:0 LISTENING
TCP 0.0.0.0:445 MWNROAM-2:0 LISTENING
TCP 0.0.0.0:2009 MWNROAM-2:0 LISTENING
TCP 0.0.0.0:3389 MWNROAM-2:0 LISTENING
TCP 0.0.0.0:4000 MWNROAM-2:0 LISTENING
TCP 0.0.0.0:9427 MWNROAM-2:0 LISTENING
TCP 0.0.0.0:10442 MWNROAM-2:0 LISTENING
TCP 0.0.0.0:10443 MWNROAM-2:0 LISTENING
TCP 0.0.0.0:32111 MWNROAM-2:0 LISTENING
TCP 0.0.0.0:49152 MWNROAM-2:0 LISTENING
TCP 0.0.0.0:49153 MWNROAM-2:0 LISTENING
TCP 0.0.0.0:49154 MWNROAM-2:0 LISTENING
TCP 0.0.0.0:49155 MWNROAM-2:0 LISTENING
TCP 0.0.0.0:49156 MWNROAM-2:0 LISTENING
TCP 0.0.0.0:49158 MWNROAM-2:0 LISTENING
TCP 0.0.0.0:52057 MWNROAM-2:0 LISTENING
TCP 10.0.15.113:139 MWNROAM-2:0 LISTENING
TCP 10.0.15.113:49196 mwnvie04:4002 ESTABLISHED
TCP 10.0.15.113:52051 ec2-34-224-163-45:https ESTABLISHED
TCP 10.0.15.113:52052 ec2-34-224-163-45:https ESTABLISHED
TCP 10.0.15.113:52053 mwndmc03:epmap TIME_WAIT
TCP 10.0.15.113:52054 mwndmc03:49156 TIME_WAIT
TCP 10.0.15.113:52057 MWNROAM-2:52059 ESTABLISHED
TCP 10.0.15.113:52059 MWNROAM-2:52057 ESTABLISHED
TCP 127.0.0.1:2009 MWNROAM-2:52058 ESTABLISHED
TCP 127.0.0.1:3341 MWNROAM-2:0 LISTENING
TCP 127.0.0.1:52058 MWNROAM-2:2009 ESTABLISHED
TCP [::]:135 MWNROAM-2:0 LISTENING
TCP [::]:445 MWNROAM-2:0 LISTENING
TCP [::]:2009 MWNROAM-2:0 LISTENING
TCP [::]:3389 MWNROAM-2:0 LISTENING
TCP [::]:49152 MWNROAM-2:0 LISTENING
TCP [::]:49153 MWNROAM-2:0 LISTENING
TCP [::]:49154 MWNROAM-2:0 LISTENING
TCP [::]:49155 MWNROAM-2:0 LISTENING
TCP [::]:49156 MWNROAM-2:0 LISTENING
TCP [::]:49158 MWNROAM-2:0 LISTENING
TCP [::]:52057 MWNROAM-2:0 LISTENING
UDP 0.0.0.0:123 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:49168 *:*
UDP 0.0.0.0:51235 *:*
UDP 0.0.0.0:51259 *:*
UDP 0.0.0.0:53526 *:*
UDP 0.0.0.0:57049 *:*
GOOD DESKTOP
TCP 0.0.0.0:49154 MWNROAM-6:0 LISTENING
TCP 0.0.0.0:49155 MWNROAM-6:0 LISTENING
TCP 0.0.0.0:49157 MWNROAM-6:0 LISTENING
TCP 0.0.0.0:49171 MWNROAM-6:0 LISTENING
TCP 10.0.15.184:139 MWNROAM-6:0 LISTENING
TCP 10.0.15.184:4172 mwns-dw10-04:56226 CLOSE_WAIT
TCP 10.0.15.184:9427 mwns-dw10-04:56248 ESTABLISHED
TCP 10.0.15.184:32111 mwns-dw10-04:56227 ESTABLISHED
TCP 10.0.15.184:49200 mwnvie05:4002 ESTABLISHED
TCP 10.0.15.184:49429 ec2-34-198-59-28:https ESTABLISHED
TCP 10.0.15.184:49430 ec2-34-198-59-28:https ESTABLISHED
TCP 10.0.15.184:49434 mwndmc03:epmap TIME_WAIT
TCP 10.0.15.184:49435 mwndmc03:49156 TIME_WAIT
TCP 10.0.15.184:49437 mwndmc03:49156 TIME_WAIT
TCP 10.0.15.184:49441 mwnfls01:microsoft-ds ESTABLISHED
TCP 10.0.15.184:49443 mwndmc03:epmap ESTABLISHED
TCP 10.0.15.184:49444 mwndmc03:49156 ESTABLISHED
TCP 10.0.15.184:49458 mwns-print:epmap TIME_WAIT
TCP 10.0.15.184:49466 mwndmc03:epmap TIME_WAIT
TCP 10.0.15.184:49467 mwndmc03:49156 TIME_WAIT
TCP 10.0.15.184:49468 docs-3:netbios-ssn TIME_WAIT
TCP 10.0.15.184:49472 mwns-print:49165 ESTABLISHED
TCP 10.0.15.184:49475 a104-91-166-91:http ESTABLISHED
TCP 127.0.0.1:3356 MWNROAM-6:0 LISTENING
TCP [::]:135 MWNROAM-6:0 LISTENING
TCP [::]:445 MWNROAM-6:0 LISTENING
TCP [::]:2009 MWNROAM-6:0 LISTENING
TCP [::]:3389 MWNROAM-6:0 LISTENING
TCP [::]:49152 MWNROAM-6:0 LISTENING
TCP [::]:49153 MWNROAM-6:0 LISTENING
TCP [::]:49154 MWNROAM-6:0 LISTENING
TCP [::]:49155 MWNROAM-6:0 LISTENING
TCP [::]:49157 MWNROAM-6:0 LISTENING
TCP [::]:49171 MWNROAM-6:0 LISTENING
UDP 0.0.0.0:123 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:4172 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:49168 *:*
This issue was part of another post i had but that one is fixed now. Seems UDP traffic was not getting back out through my security server. After a few wiresharks we discovered it and rectified the issue. Thanks for the replies.
Complete guess but maybe its because the agent starts it when the session is authenticated. I just checked mine and it looks like the blast service is the same way, in the console its not started, but when your connected it is.
I totally get what you are saying but shouldn't it at least be listening on that port and not ESTABLISHED??
This issue was part of another post i had but that one is fixed now. Seems UDP traffic was not getting back out through my security server. After a few wiresharks we discovered it and rectified the issue. Thanks for the replies.