Tech Note: Port Conflict leading to RADIUS / IAS / Wireless issues

Apparently there is a chance that a security patch (MS 08-037) can lead to port conflict issues.

There was an issue at one of my clients this morning stemming from this.  The DNS Server was using a port that was needed for the IAS (RADIUS) Server.   The IAS service would not stay running.   As a result wireless clients could not authenticate.

Most of the details are here:  http://support.microsoft.com/kb/953230

There is a registry key that behaves differently for XP/2000/2003 than for Vista/2008.  It’s “MaxUserPort”.  (My assumption is that’s why this is an issue – someone set it to an appropriate value for a new OS but it applied to all of them and ends up breaking some.) For 2000/2003 it defines the maximum range of ports available for dynamic use.  On the affected server this registry key was to 65535 with the implication that the entire port range from 1024-65535 was available for dynamic usage.  IAS could not get its reserved ports as they were in use by DNS.  Deleting the registry key sets dynamic port range back to the default of 49152-65535 and resolved the issue.  I restarted both services multiple times without conflicts.

MaxUserPort

On Windows Server 2003 and Windows 2000 Server, the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort registry subkey is defined as the maximum port up to which ports may be allocated for wildcard binds. The value of the MaxUserPort registry entry defines the dynamic port range.