Windows 7 Spamming Domain Controllers on ports 445 and 139, causing lockout

Posted on

Windows 7 Spamming Domain Controllers on ports 445 and 139, causing lockout – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about windows, samba, domain-controller, netbios, active-directory.

I have a domain lockout issue and in troubleshooting, I found through netstat that my machine is pummeling the domain controllers on ports 445 and 139. It is creating thousands of user ports to do this: today it started at port 54000ish and within a couple of hours was up to 60000.

netstat -ob identifies the process as PID 4.

In my research so far, I keep hearing that a virus is the likely cause. I have trend micro and windows defender running–A full scan by windows defender identified nothing amiss.

Are there any other causes besides a virus that I could look into?

I was able to stop it by blocking the outbound ports in windows firewall, but obviously this is not ideal.

Anything I can do short of reinstalling the OS?

Solution :

The offending service turned out to be Windows Media Player Network Sharing (wmpnetwk.exe). I don’t recall using media player on this machine, so I’m not sure how that service got activated.

netstat -bo was reporting “Can not obtain ownership information” for the process name and PID 4 (which in task manager shows “NT Kernel & System”)

Here’s how I identified the culprit:

I checked the box in Windows Task Manager to “Show process from all users.” Then I went to the “Services” tab and started stopping services, starting with the highest pids first, and checking netstat -bo a few times after each one until I no longer saw the “Can not obtain ownership information” process connecting to the domain controllers on the microsoft-ds and nb-ssn ports.

Leave a Reply

Your email address will not be published. Required fields are marked *