Archive for the ‘Services’ Category

http://www.mindwhispers.be/geekspeak/2008/10/08/ias-not-starting-only-one-usage-of-each-socket-address/

The error found in the event log was 7023:

“The Internet Authentication Service service terminated with the following error: Only one usage of each socket address (protocol/network address/port) is normally permitted. “

After some digging, i found a couple of nice articles.. in the light of the recent DNS update, some idiot (not a microsoft hater but this is REALLY dumb) at m$, thought it was a GREAT idea to make dns choose a random port for it’s communication to make it harder to find for attackers.. however, he decided to let it search in the range 1024-65535… SO.. if you dns service starts before another service, and decides to take that applications port (and there are many apps running on a higher tcp port).. this service/software will fail cause the socket is already in use !

They have a work around (which i really don’t understand why they did not do this in the first place) where you can add “reserved” ports in the following registry key:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersReservedPorts

BEWARE: don’t remove any of the values.. only add the ports you want to reserve aswell..

Looking at the many forums where this issue has popped up, apparantly not only IAS gets affected but there have been cases where Active directory , activesync and others failed to start because of this issue..

And apparently.. SBS users are mostly in trouble..

Anyways.. for making IAS work again, add following ports to the reserved ports list:

  • 1645-1646 – Used by IAS
  • 1701-1701 – Used by L2TP
  • 1812-1813 – Used by IAS
  • 2883-2883 – Used by AUTD
  • 4500-4500 – Used by IPSEC

and simply restart DNS (Worst case.. you might need a reboot…)