Scribd
Upload
126 views4 pages

ciscocm_server.exe Loopback Issue

The document summarizes the results of Microsoft's log review of a working versus non-working scenario when connecting a ciscocm_server.exe process to a java.exe process via loopback ports 4001 and 4002. In the working scenario, with "127.0.0.1 localhost" hardcoded in the host file, the logs show ciscocm_server.exe successfully connecting to and establishing loopsback connections on ports 4001 and 4002. In the non-working scenario without the host file entry, ciscocm_server.exe does not attempt to connect to ports 4001 and 4002, even though they are listening, and the connection does not get established.

Uploaded by

Arhjay Tagumasi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
126 views4 pages

ciscocm_server.exe Loopback Issue

The document summarizes the results of Microsoft's log review of a working versus non-working scenario when connecting a ciscocm_server.exe process to a java.exe process via loopback ports 4001 and 4002. In the working scenario, with "127.0.0.1 localhost" hardcoded in the host file, the logs show ciscocm_server.exe successfully connecting to and establishing loopsback connections on ports 4001 and 4002. In the non-working scenario without the host file entry, ciscocm_server.exe does not attempt to connect to ports 4001 and 4002, even though they are listening, and the connection does not get established.

Uploaded by

Arhjay Tagumasi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Microsoft has finished their log review of working versus non-working.

In short the
ciscocm_server.exe process is making no real attempt to connect to the java.exe process via the
loopback using port 4001 and 4002 without hard coding the loopback in the host file.

Short explanation

Working

Non-working (notice ciscocm_server.exe is all 0's for IP address. Just sits in listening mode.
Never gets to established. You can see TCP has no issues connecting to the loopback. This
rules out MSFT as the issue.

Full explanation

From the Working Scenario: With “127.0.0.1 localhost” in HOST file

The netstat output shows that TCP ports 4001 and 4002 are in listening state and owned by
Java.exe process. We also see that a loopback connection is established to TCP ports 4001 and
4002 by the ciscocm_server.exe
From TCP ETLs, once the service is started we see that DNS name resolution for local host
happens and resolves to 127.0.0.1 and then Ciscocm_server.exe requested to connect
to 127.0.0.0:4001 and 127.0.0.0:4002

PID - Process ID

1278 (Hex) - 4278 (Dec) - Ciscocm_server.exe

In line 590200 - Ciscocm_server.exe is requesting to connect


from 127.0.0.1:64585 to 127.0.0.1:4001

In line 590349 - Ciscocm_server.exe is requesting to connect


from 127.0.0.1:64586 to 127.0.0.1:4002
PID

586128 [0]1278.1AE0::09/25/19-01:12:05.3030693 [Microsoft-Windows-DNS Client Events/Operational ] DNS query is


called for the name localhost, type 1, query options 1342308416, Server List , isNetwork query 0, network index 0,
interface index 0, is asynchronous query 0
586147 [0]1278.1AE0::09/25/19-01:12:05.3032454 [Microsoft-Windows-DNS Client Events/Operational ] DNS query is
completed for the name localhost, type 1, query options 1342308416 with status 0 Results 127.0.0.1;
590194 [0]1278.1AE0::09/25/19-01:12:05.6683324 [Microsoft-Windows-Winsock Network Event/Operational ] ConnectEx: 0:
Process 0xFFFFE00175444080, Endpoint 0xFFFFE0017468A010, Buffer 0xFFFFE00177426C00, Length 0,
Address 127.0.0.1:4001, Seq 5031, Status STATUS_SUCCESS 0

590200 [0]1278.1AE0::09/25/19-01:12:05.6683581 [Microsoft-Windows-TCPIP/Diagnostic] TCP: Tcb


0xFFFFE00175A3BAD0 (local=127.0.0.1:64585 remote=127.0.0.1:4001) requested to connect. 0xFFFFE00175A3BAD0,
16, 127.0.0.1:64585, 16
590216 [0]1278.1AE0::09/25/19-01:12:05.6683920 [Microsoft-Windows-TCPIP/Diagnostic] TCP: connection
0xFFFFE00175A3BAD0 (local=127.0.0.1:64585 remote=127.0.0.1:4001) connect proceeding. 16, 127.0.0.1:64585,
16, 127.0.0.1:4001, STATUS_SUCCESS
590274 [0]1278.1AE0::09/25/19-01:12:05.6684682 [Microsoft-Windows-TCPIP/Diagnostic] TCP: connection
0xFFFFE00175A3BAD0 (local=127.0.0.1:64585 remote=127.0.0.1:4001) connect completed. PID = 4728.
16, 127.0.0.1:64585, 16, 127.0.0.1:4001
590315 [3]0004.0E44::09/25/19-01:12:05.6685795 [Microsoft-Windows-TCPIP/Diagnostic] TCP: listener
(local=[::ffff:127.0.0.1]:4001 remote=[::ffff:127.0.0.1]:64585) accept completed. TCB = 0xFFFFE0017780C330. PID =
4164. 28, [::ffff:127.0.0.1]:4001, 28, [::ffff:127.0.0.1]:64585
590341 [0]1278.1AE0::09/25/19-01:12:05.6686289 [Microsoft-Windows-Winsock Network Event/Operational ] ConnectEx: 0:
Process 0xFFFFE00175444080, Endpoint 0xFFFFE00177C0F2F0, Buffer 0xFFFFE00177426C00, Length 0,
Address 127.0.0.1:4002, Seq 5031, Status STATUS_SUCCESS 0

590349 [0]1278.1AE0::09/25/19-01:12:05.6686447 [Microsoft-Windows-TCPIP/Diagnostic] TCP: Tcb


0xFFFFE0017977F690 (local=127.0.0.1:64586 remote=127.0.0.1:4002) requested to connect. 0xFFFFE0017977F690,
16, 127.0.0.1:64586, 16
590365 [0]1278.1AE0::09/25/19-01:12:05.6686648 [Microsoft-Windows-TCPIP/Diagnostic] TCP: connection
0xFFFFE0017977F690 (local=127.0.0.1:64586 remote=127.0.0.1:4002) connect proceeding. 16, 127.0.0.1:64586,
16, 127.0.0.1:4002, STATUS_SUCCESS
590421 [0]1278.1AE0::09/25/19-01:12:05.6687181 [Microsoft-Windows-TCPIP/Diagnostic] TCP: connection
0xFFFFE0017977F690 (local=127.0.0.1:64586 remote=127.0.0.1:4002) connect completed. PID = 4728. 16, 127.0.0.1:64586,
16, 127.0.0.1:4002
590482 [3]0004.0E44::09/25/19-01:12:05.6688851 [Microsoft-Windows-TCPIP/Diagnostic] TCP: listener
(local=[::ffff:127.0.0.1]:4002 remote=[::ffff:127.0.0.1]:64586) accept completed. TCB = 0xFFFFE0017326DD00. PID =
5124. 28, [::ffff:127.0.0.1]:4002, 28, [::ffff:127.0.0.1]:64586

From the Non- Working Scenario: Without “127.0.0.1 localhost” in HOST file
The netstat output shows that TCP ports 4001 and 4002 are in listening state and owned by
Java.exe process. However, there is no loopback connection established to TCP 4001 and TCP
4002 by ciscocm_server.exe

From TCP ETLs also, we do not see any connection request attempts made by
ciscocm_server.exe to make a loopback connection to TCP ports 4001 and 4002, though the TCP
ports 4001 and 4002 are in Listening State and owned by Java.exe process. The DNS name
resolution for Local Host is also successful and resolves to 127.0.0.1 even without Host file entry
for 127.0.0.1 Localhost

395553 [3]0EE4.0E18::09/25/19-01:27:27.5350325 [Microsoft-Windows-DNS Client Events/Operational ] DNS query is called


for the name localhost, type 1, query options 1342308416, Server List , isNetwork query 0, network index 0, interface
index 0, is asynchronous query 0
395572 [3]0EE4.0E18::09/25/19-01:27:27.5352149 [Microsoft-Windows-DNS Client Events/Operational ] DNS query is
completed for the name localhost, type 1, query options 1342308416 with status 0 Results 127.0.0.1;

You might also like