GFI Software Aurea SMB Solutions


Home » GFI User Forums » GFI LanGuard » Port 1072 connection problem (TCP/IP connections overwhelmed)
Port 1072 connection problem [message #145404] Fri, 29 March 2019 21:33 Go to next message
MrJoshua is currently offline  MrJoshua
Messages: 4
Registered: March 2019
/index.php?t=getfile&id=4953&private=0

This started when I was trying to figure out my agent connections. I see the above in an agent test. It seems it can connect, but then it can't.
I started watching netstat, and observing a huge number of connections. In the Event viewer about this time I would see:
"TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint."

It seems an insane number of connections get established to the SQL server that just don't close. All with the TIME_WAIT status. I've researched this and see it was an issue with Server 2008/R2 and there is a fix that seems to adjust the wait time before the connection is closed.

Considering the sequence of events that keep happening, this all might be related. I perform the agent test. I can observe the crazy number of connections. I see the Warning in Event Viewer. GFI LanGuard Attendant service terminates. httpd.exe services terminate(Which is the listening service), and I receive that error in my agent diagnostic.

But, from the text of the error it seems there are many connections being established and closed. Is there really a need for this many connections to the SQL server in this amount of time? Is this something that might be addressed in the next update? Anybody else see anything like this?
Re: Port 1072 connection problem [message #145422 is a reply to message #145404] Tue, 02 April 2019 16:56 Go to previous messageGo to next message
ian.bugeja is currently offline  ian.bugeja
Messages: 314
Registered: March 2017
Location: Malta
What edition of SQL are you using, please? I suggest using a later version even if it's SQL Express.

However, the agent error does not relate directly to SQL server connectivity issues. Can you double check the firewall both on the client and server PC.


Ian Bugeja
GFI Software
Re: Port 1072 connection problem [message #145424 is a reply to message #145422] Tue, 02 April 2019 20:15 Go to previous messageGo to next message
MrJoshua is currently offline  MrJoshua
Messages: 4
Registered: March 2019
I am using SQL 2016.
In checking with my network team, they explained that they observe some responses sent http(port 80) to the client which are getting refused. This is during the Agent Diagnostic. This doesn't make sense, can you provide any information on that?

Otherwise, what is observed is quite a delay in when the agent communicates and when the server responds. Which is why I suspect the server communication with the SQL database. I may need to get more resources for the SQL server.
Re: Port 1072 connection problem [message #145430 is a reply to message #145424] Wed, 03 April 2019 14:36 Go to previous messageGo to next message
ian.bugeja is currently offline  ian.bugeja
Messages: 314
Registered: March 2017
Location: Malta
I suggest to reach out to GFI Support via https://accounts.gfi.com

If you kill httpd.exe the error you encounter is expected. If SQL server has low resources then yes there needs to be an increase, but LanGuard should not be that heavy on SQL server either. Only the console connect to SQL server (no agent connects to it)


Ian Bugeja
GFI Software
Re: Port 1072 connection problem [message #145435 is a reply to message #145430] Wed, 03 April 2019 17:56 Go to previous message
MrJoshua is currently offline  MrJoshua
Messages: 4
Registered: March 2019
I believe we have it figured out. At least the connection issue part. I was not aware, but discovered that Varonis was running in this same segment and monitoring my LanGuard server. It was monitoring each connection to the SQL server, and somehow that monitoring was preventing the connections from terminating in a timely fashion. After shutting off Varonis, traffic between the LanGuard server and SQL server returned to expected levels and I no longer received the error about running out of port connections.

Is there a new release coming? I saw comments about an April 2nd release.
Previous Topic: Long Agent Scan
Next Topic: Win 10 Defender not detected
Goto Forum:
  


Current Time: Wed Oct 23 22:24:33 CEST 2019

Total time taken to generate the page: 0.02798 seconds