ASP.NET Core: Unable to start Kestrel. An attempt was made to access a socket in a way forbidden by its permissions

Question

ASP.NET Core: Unable to start Kestrel. An attempt was made to access a socket in a way forbidden by its permissions

Abhishek Prajapati 1

I have an ASP.NET Core application running smoothly on IIS and suddenly it start throwing below error while running EXE.

[23:14:04 FTL] Unable to start Kestrel.
System.Net.Sockets.SocketException (10013): An attempt was made to access a socket in a way forbidden by its access permissions.
   at System.Net.Sockets.Socket.UpdateStatusAfterSocketErrorAndThrowException(SocketError error, String callerName)
   at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
   at System.Net.Sockets.Socket.Bind(EndPoint localEP)
   at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.SocketConnectionListener.Bind()
   at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.SocketTransportFactory.BindAsync(EndPoint endpoint, CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.<>c__DisplayClass21_0`1.<<StartAsync>g__OnBind|0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindEndpointAsync(ListenOptions endpoint, AddressBindContext context)
   at Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions.BindAsync(AddressBindContext context)
   at Microsoft.AspNetCore.Server.Kestrel.Core.AnyIPListenOptions.BindAsync(AddressBindContext context)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
[23:14:04 FTL] Api host terminated unexpectedly

I can see that the port this app is using is in Protocol tcp Port Exclusion Ranges. And I have tried changing port too but as soon as I change the port, new port is also added to this Protocol tcp Port Exclusion Ranges list.

I have tried below steps to fix this issue:

Changed port
Reboot system
Removed port from Exclusion list but when tried to run app, it gets added again

I am not sure is it because of the latest windows security updates?

Does anyone know how to fix this issue?

Thanks,
Abhishek

Rena Ni - MSFT 1,851 Reputation points Microsoft Vendor

2021-07-07T02:48:10.09+00:00

Hi @Abhishek Prajapati , Did you update the windows system recently? Did you deploy and run exe successfully before? Is the port number same as run on the IIS?
Abhishek Prajapati 1 Reputation point

2021-07-07T02:57:32.78+00:00

Hello @Rena Ni - MSFT ,

I can see my windows(local and Azure VM) got some security updates recently. Yes, I have deployed this app on IIS on Azure VM and it is running on same port. I tried changing port in IIS website but no luck, Still getting the same result - not working. When I change port in IIS, it gets added to this exclusion list.
Nicole Lu-MSFT 96 Reputation points Microsoft Employee

2021-07-07T09:19:47.87+00:00
Hi @Abhishek Prajapati this comment seems conflict with what you're saying in your questions. Please give some more clarifications:

Does your app work when deploy in IIS

Does your app work when run with exe

Are you deploy to IIS and run with exe on same computer e.g. your Azure VM?

Can you show us a screenshot of your Protocol tcp Port Exclusion Ranges? Also together with the port you've tried to use?

Can you share your windows security updates which is suspicious(a screenshot for the update list from the date you notice the issue) ?
Abhishek Prajapati 1 Reputation point

2021-07-07T14:08:55.737+00:00
@Nicole Lu-MSFT , I think I confused you. I meant to say that I had an application running successfully on IIS as well as through EXE. But suddenly, It stopped working - from IIS as well as using EXE. Both EXE and IIS site has same port but when I wanted to run EXE, I used to stop IIS website first and then ran EXE.

Here are the answers of questions:

Does your app work when deploy in IIS

Nope, it is not working. I got an error when I open deployed site.

Does your app work when run with exe

Nope, it is not working. I am getting this error : An attempt was made to access a socket in a way forbidden by its access permissions.

Are you deploy to IIS and run with exe on same computer e.g. your Azure VM?

I usually do not run EXE on Azure VM but when I got this issue, I tried to run EXE and found that it is not working using EXE too. Before running EXE, I stopped IIS website as both have same port.

Can you show us a screenshot of your Protocol tcp Port Exclusion Ranges? Also together with the port you've tried to use?

I tried another port 44387 but it still not working at all. It gets added to the exclusion list.

![112565-image.png][1] ![112635-image.png][2]

Can you share your windows security updates which is suspicious(a screenshot for the update list from the date you notice the issue) ?
Nicole Lu-MSFT 96 Reputation points Microsoft Employee

2021-07-09T01:33:15.277+00:00

Thank you for the information, I noticed these windows updates are for Microsoft Defender https://www.microsoft.com/en-us/wdsi/defenderupdates, if there's no other change to your VM or your app code, you may try to allow your app from firewall like: https://support.microsoft.com/en-us/windows/risks-of-allowing-apps-through-windows-defender-firewall-654559af-3f54-3dcf-349f-71ccd90bcc5c. If this is not helping, you may need to revert the updates and check if revert updates help your app work again.

Rena Ni - MSFT 1,851 Reputation points Microsoft Vendor

2021-07-07T02:48:10.09+00:00

Hi @Abhishek Prajapati , Did you update the windows system recently? Did you deploy and run exe successfully before? Is the port number same as run on the IIS?
Abhishek Prajapati 1 Reputation point

2021-07-07T02:57:32.78+00:00

Hello @Rena Ni - MSFT ,

I can see my windows(local and Azure VM) got some security updates recently. Yes, I have deployed this app on IIS on Azure VM and it is running on same port. I tried changing port in IIS website but no luck, Still getting the same result - not working. When I change port in IIS, it gets added to this exclusion list.
Nicole Lu-MSFT 96 Reputation points Microsoft Employee

2021-07-07T09:19:47.87+00:00

Hi @Abhishek Prajapati this comment seems conflict with what you're saying in your questions. Please give some more clarifications:

Does your app work when deploy in IIS

Does your app work when run with exe

Are you deploy to IIS and run with exe on same computer e.g. your Azure VM?

Can you show us a screenshot of your Protocol tcp Port Exclusion Ranges? Also together with the port you've tried to use?

Can you share your windows security updates which is suspicious(a screenshot for the update list from the date you notice the issue) ?
Abhishek Prajapati 1 Reputation point

2021-07-07T14:08:55.737+00:00

@Nicole Lu-MSFT , I think I confused you. I meant to say that I had an application running successfully on IIS as well as through EXE. But suddenly, It stopped working - from IIS as well as using EXE. Both EXE and IIS site has same port but when I wanted to run EXE, I used to stop IIS website first and then ran EXE.

Here are the answers of questions:

Does your app work when deploy in IIS

Nope, it is not working. I got an error when I open deployed site.

Does your app work when run with exe

Nope, it is not working. I am getting this error : An attempt was made to access a socket in a way forbidden by its access permissions.

Are you deploy to IIS and run with exe on same computer e.g. your Azure VM?

I usually do not run EXE on Azure VM but when I got this issue, I tried to run EXE and found that it is not working using EXE too. Before running EXE, I stopped IIS website as both have same port.

Can you show us a screenshot of your Protocol tcp Port Exclusion Ranges? Also together with the port you've tried to use?

I tried another port 44387 but it still not working at all. It gets added to the exclusion list.

![112565-image.png][1] ![112635-image.png][2]

Can you share your windows security updates which is suspicious(a screenshot for the update list from the date you notice the issue) ?
Nicole Lu-MSFT 96 Reputation points Microsoft Employee

2021-07-09T01:33:15.277+00:00

Thank you for the information, I noticed these windows updates are for Microsoft Defender https://www.microsoft.com/en-us/wdsi/defenderupdates, if there's no other change to your VM or your app code, you may try to allow your app from firewall like: https://support.microsoft.com/en-us/windows/risks-of-allowing-apps-through-windows-defender-firewall-654559af-3f54-3dcf-349f-71ccd90bcc5c. If this is not helping, you may need to revert the updates and check if revert updates help your app work again.

ASP.NET Core: Unable to start Kestrel. An attempt was made to access a socket in a way forbidden by its permissions

Activity