Skip to main content

Stealth port exclusions on Windows 10

I guess this is a perfect example of how people get cynical of software updates after going through the routine for awhile. And this is coming from someone who enjoys solving technical problems when he is in the right mood!

So recently, I started having some long-running software complain that it can't bind to a certain TCP port because "the port is already in use". I immediately pulled out my trusty CurrPorts and check out which mysterious program is hogging the port behind my back (yeah I could use netstat, but who has time to memorize all those command line arguments, right?)

To my surprise, nothing, nadda. No one is using that port. Yet that port is mysteriously barred from use. It's like you suddenly cannot open the door to your home with your existing key. Incredibly frustrating.

Anyway, after 2 whole days of research, I finally found the culprit. Apparently after a certain Windows update (1809 or 2004 from various sources, I didn't care to verify), Windows now reserves certain ports (called "Administered port exclusions") for Hyper-V (not sure why that would affect me, since I am not using it). 

To view the list, using the command line:

netsh int ipv4 show excludedportrange tcp

You'd be surprised by how many ports are reserved. On my machine, this is the output:

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
      5357        5357
      7834        7933
      7934        8033
      8034        8133
      8134        8233
      8234        8333
      8334        8433
      8434        8533
      8637        8736
      8737        8836
      8837        8936
      8937        9036
      9037        9136
      9137        9236
      9237        9336
      9537        9636
      9637        9736
      9737        9836
      9837        9936
      9937       10036
     10037       10136
     10137       10236
     10551       10650
     10651       10750
     10751       10850
     10851       10950
     10951       11050
     11051       11150
     11151       11250
     11277       11376
     11377       11476
     11477       11576
     11577       11676

* - Administered port exclusions.

Here are some associated links from my research:

Anyway, the solution for me was to issue this command:

reg add HKLM\SYSTEM\CurrentControlSet\Services\hns\State /v EnableExcludedPortRange /d 0 /f

It basically sets the EnableExcludedPortRange registry value to 0. A reboot is required.

This is incredibly frustrating because it came out of nowhere, no meaningful error message was provided and even trying to research the problem took a lot of time to figure out the right keywords that will yield the right answer. It was as if the guys who came up with this wanted to inflict the maximum pain on the affected user (or more likely they didn't really give a f**k).

Update (1 Sep 2021):

Discovered that a better solution is to issue this command at an elevated CMD:

netsh int ipv4 set dynamic tcp start=49152 num=16384

After a reboot, the new reserved ports will be:

C:\>netsh int ipv4 show excludedportrange tcp

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
      2869        2869
      5357        5357
     49152       49251
     49370       49469
     49470       49569
     49725       49824
     49825       49924
     49925       50024
     50025       50124
     50125       50224
     50443       50542
     50543       50642
     50643       50742
     50743       50842
     50843       50942
     50943       51042
     51043       51142
     51457       51556
     51557       51656
     51657       51756
     51757       51856
     51857       51956
     51957       52056
     52151       52250
     60580       60679
     60883       60982
     61088       61187
     61356       61455
     64877       64976
     64977       65076
     65077       65176
     65177       65276
     65277       65376
     65377       65476

* - Administered port exclusions.


Popular posts from this blog

Update: Line adapter for Ozito Blade Trimmer

Update (Dec 2021): If you access to a 3D printer, I would now recommend this solution , which makes it super easy to replace the trimmer line. I have been using it for a few months now with zero issue.

Filament Joiner Part 2 (With Display and Knob)

Thanks to the current corona-virus crisis, the parts I ordered for the filament joiner project were taking forever to arrive. But now that they have finally arrived, I can put them to good use. These were the parts ordered: 0.96" OLED display SSD1306 Rotary switch encoder KY-040 Here is the final circuit diagram: The OLED display is connected to the SCK and SDA pins of the Nano (A2 and A3 respectively), and powered by 5V and GND. The rotary switch encoder is connected as follows: VCC => 5V GND = > GND CLK => D9 DT => D8 SW => D2 My prototype board now looks like this: The updated code for driving the knob and display is available in  heater-with-display.ino in the Github repository . We now have a fairly compact (about 7cm x 5cm) and independent filament joiner (no need to connect to PC) that is driven solely by a 12V power supply. Here's how to use it to join printer filaments. More usage details in my previous post .

Adding "Stereo Mixer" to Windows 7 with Conexant sound card

This procedure worked for my laptop (Thinkpad E530) with a Conexant 20671 sound card, but I suspect it will work for other sound cards in the Conexant family. I was playing with CamStudio to do a video capture of a Flash-based cartoon so that I can put it on the WDTV media player and play it on the big screen in the living room for my kids. The video capture worked brilliantly, but to do a sound capture, I needed to do some hacking. Apparently, there was this recording device called "Stereo Mixer" that was pretty standard in the Windows XP days. This allowed you to capture whatever was played to the speaker in all its digital glory. Then under pressure from various organizations on the dark side of the force, Microsoft and soundcard makers starting disabling this wonderful feature from Windows Vista onwards. So after much Googling around, I found out that for most sound cards, the hardware feature is still there, just not enabled on the software side. Unfortunately, to