Trying to make sure all ports are open needed for AD, currently the previous admins have just had the firewall disabled for some reason. When running Port Query I'm facing some issues that are strange to me, as the ports in question show open on the firewall.
The below scan is from a DC to another DC, the two DC's are local and connected to the same switch, no network firewall all local traffic.
- When the firewall is disabled and I run Port Query everything goes through fine as expected, no error and everything comes back as "LISTENING" (as it should).
- When the firewall is enabled and I run Port Query I receive a debug error (screenshot/text below), prior to receiving the error the "Query Results" scans port 445 and returns:
"TCP port 445 (microsoft-ds service): FILTERED
portqry.exe -n criswellgbdc2 -e 445 -p TCP exits with return code 0x00000002."
- If I click "Ignore" or "Retry" the test goes through, but then shows me more ports that it believes are closed, which are open on the DC that is being scanned.
Error screenshot(PLEASE NOTE: this doesn't come up if the firewall is disabled):

Error text(PLEASE NOTE: this doesn't come up if the firewall is disabled):
*---------------------------
Microsoft Visual C++ Debug Library
Debug Error!
Program: C:\PortQryUI\portqry.exe
File:
Run-Time Check Failure #2 - Stack around the variable 'my_ncb' was corrupted.
(Press Retry to debug the application)
Abort Retry Ignore
Full Query Report after clicking Retry(Sensitive information removed):
*=============================================
Starting portqry.exe -n *********dc2 -e 135 -p TCP ...
Querying target system called:
*********dc2
Attempting to resolve name to IP address...
Name resolved to ...
querying...
TCP port 135 (epmap service): FILTERED
portqry.exe -n *********dc2 -e 135 -p TCP exits with return code 0x00000002.
=============================================
Starting portqry.exe -n *********dc2 -e 389 -p BOTH ...
Querying target system called:
*********dc2
Attempting to resolve name to IP address...
Name resolved to ...
querying...
TCP port 389 (ldap service): LISTENING
Using ephemeral source port
Sending LDAP query to TCP port 389...
LDAP query response:
domainFunctionality: 6
forestFunctionality: 6
domainControllerFunctionality: 7
rootDomainNamingContext: DC=*********,DC=local
ldapServiceName: *********.local:*********dc2$@*********.LOCAL
isGlobalCatalogReady: TRUE
supportedSASLMechanisms: GSSAPI
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
supportedControl: 1.2.840.113556.1.4.319
supportedCapabilities: 1.2.840.113556.1.4.800
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=*********,DC=local
serverName: CN=*********DC2,CN=Servers,CN=*********-Site,CN=Sites,CN=Configuration,DC=*********,DC=local
schemaNamingContext: CN=Schema,CN=Configuration,DC=*********,DC=local
namingContexts: DC=*********,DC=local
isSynchronized: TRUE
highestCommittedUSN: 45926283
dsServiceName: CN=NTDS Settings,CN=*********DC2,CN=Servers,CN=*********-Site,CN=Sites,CN=Configuration,DC=*********,DC=local
dnsHostName: *********DC2.*********.local
defaultNamingContext: DC=*********,DC=local
currentdate: 01/13/2022 16:41:16 (unadjusted GMT)
configurationNamingContext: CN=Configuration,DC=*********,DC=local
======== End of LDAP query response ========
UDP port 389 (unknown service): LISTENING or FILTERED
Using ephemeral source port
Sending LDAP query to UDP port 389...
LDAP query response:
domainFunctionality: 6
forestFunctionality: 6
domainControllerFunctionality: 7
rootDomainNamingContext: DC=*********,DC=local
ldapServiceName: *********.local:*********dc2$@*********.LOCAL
isGlobalCatalogReady: TRUE
supportedSASLMechanisms: GSSAPI
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
supportedControl: 1.2.840.113556.1.4.319
supportedCapabilities: 1.2.840.113556.1.4.800
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=*********,DC=local
serverName: CN=*********DC2,CN=Servers,CN=*********-Site,CN=Sites,CN=Configuration,DC=*********,DC=local
schemaNamingContext: CN=Schema,CN=Configuration,DC=*********,DC=local
namingContexts: DC=*********,DC=local
isSynchronized: TRUE
highestCommittedUSN: 45926287
dsServiceName: CN=NTDS Settings,CN=*********DC2,CN=Servers,CN=*********-Site,CN=Sites,CN=Configuration,DC=*********,DC=local
dnsHostName: *********DC2.*********.local
defaultNamingContext: DC=*********,DC=local
currentdate: 01/13/2022 16:41:19 (unadjusted GMT)
configurationNamingContext: CN=Configuration,DC=*********,DC=local
======== End of LDAP query response ========
UDP port 389 is LISTENING
portqry.exe -n *********dc2 -e 389 -p BOTH exits with return code 0x00000000.
=============================================
Starting portqry.exe -n *********dc2 -e 636 -p TCP ...
Querying target system called:
*********dc2
Attempting to resolve name to IP address...
Name resolved to ...
querying...
TCP port 636 (ldaps service): LISTENING
portqry.exe -n *********dc2 -e 636 -p TCP exits with return code 0x00000000.
=============================================
Starting portqry.exe -n *********dc2 -e 3268 -p TCP ...
Querying target system called:
*********dc2
Attempting to resolve name to IP address...
Name resolved to ...
querying...
TCP port 3268 (msft-gc service): LISTENING
Using ephemeral source port
Sending LDAP query to TCP port 3268...
LDAP query response:
domainFunctionality: 6
forestFunctionality: 6
domainControllerFunctionality: 7
rootDomainNamingContext: DC=*********,DC=local
ldapServiceName: *********.local:*********dc2$@*********.LOCAL
isGlobalCatalogReady: TRUE
supportedSASLMechanisms: GSSAPI
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
supportedControl: 1.2.840.113556.1.4.319
supportedCapabilities: 1.2.840.113556.1.4.800
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=*********,DC=local
serverName: CN=*********DC2,CN=Servers,CN=*********-Site,CN=Sites,CN=Configuration,DC=*********,DC=local
schemaNamingContext: CN=Schema,CN=Configuration,DC=*********,DC=local
namingContexts: DC=*********,DC=local
isSynchronized: TRUE
highestCommittedUSN: 45926288
dsServiceName: CN=NTDS Settings,CN=*********DC2,CN=Servers,CN=*********-Site,CN=Sites,CN=Configuration,DC=*********,DC=local
dnsHostName: *********DC2.*********.local
defaultNamingContext: DC=*********,DC=local
currentdate: 01/13/2022 16:41:22 (unadjusted GMT)
configurationNamingContext: CN=Configuration,DC=*********,DC=local
======== End of LDAP query response ========
portqry.exe -n *********dc2 -e 3268 -p TCP exits with return code 0x00000000.
=============================================
Starting portqry.exe -n *********dc2 -e 3269 -p TCP ...
Querying target system called:
*********dc2
Attempting to resolve name to IP address...
Name resolved to ...
querying...
TCP port 3269 (msft-gc-ssl service): LISTENING
portqry.exe -n *********dc2 -e 3269 -p TCP exits with return code 0x00000000.
=============================================
Starting portqry.exe -n *********dc2 -e 53 -p BOTH ...
Querying target system called:
*********dc2
Attempting to resolve name to IP address...
Name resolved to ...
querying...
TCP port 53 (domain service): LISTENING
UDP port 53 (domain service): LISTENING
portqry.exe -n *********dc2 -e 53 -p BOTH exits with return code 0x00000000.
=============================================
Starting portqry.exe -n *********dc2 -e 88 -p BOTH ...
Querying target system called:
*********dc2
Attempting to resolve name to IP address...
Name resolved to ...
querying...
TCP port 88 (kerberos service): LISTENING
UDP port 88 (kerberos service): LISTENING or FILTERED
portqry.exe -n *********dc2 -e 88 -p BOTH exits with return code 0x00000002.
=============================================
Starting portqry.exe -n *********dc2 -e 445 -p TCP ...
Querying target system called:
*********dc2
Attempting to resolve name to IP address...
Name resolved to ...
querying...
TCP port 445 (microsoft-ds service): FILTERED
portqry.exe -n *********dc2 -e 445 -p TCP exits with return code 0x00000002.
=============================================
Starting portqry.exe -n *********dc2 -e 137 -p UDP ...
portqry.exe -n *********dc2 -e 137 -p UDP exits with return code 0x80000003.
=============================================
Starting portqry.exe -n *********dc2 -e 138 -p UDP ...
Querying target system called:
*********dc2
Attempting to resolve name to IP address...
Name resolved to ...
querying...
UDP port 138 (netbios-dgm service): LISTENING or FILTERED
portqry.exe -n *********dc2 -e 138 -p UDP exits with return code 0x00000002.
=============================================
Starting portqry.exe -n *********dc2 -e 139 -p TCP ...
Querying target system called:
*********dc2
Attempting to resolve name to IP address...
Name resolved to ...
querying...
TCP port 139 (netbios-ssn service): FILTERED
portqry.exe -n *********dc2 -e 139 -p TCP exits with return code 0x00000002.
=============================================
Starting portqry.exe -n *********dc2 -e 42 -p TCP ...
Querying target system called:
*********dc2
Attempting to resolve name to IP address...
Name resolved to ...
querying...
TCP port 42 (nameserver service): FILTERED
portqry.exe -n *********dc2 -e 42 -p TCP exits with return code 0x00000002.*
Firewall rules:
2: /api/attachments/164759-image.png?platform=QnA