How to Test Port Connectivity
Purpose
Most connection errors involving ports in the 61xx, 93xx, 94xx, and 10xxx ranges are related to Veeam product-related services. Determine if the port in the connection error is associated with a Veeam product service. If so, ensure that the service is running on the target machine specified in the error.
Each product's user guide includes a comprehensive list of all the ports utilized by the respective product. Below are convenient links to the most frequently accessed port lists for popular products.
- Veeam Backup & Replication Ports
- Veeam ONE Ports
- Veeam Agent for Microsoft Windows Ports
- Veeam Agent for Linux Ports
Ports 2500-3300 are dedicated to data transport. Those ports will only be associated with a VeeamAgent process when data is actively being transferred. When testing connection issues related to ports in that range, you will likely have to start a listener on the target machine manually.
Solution
Check Port Ownership
To test the connection to a specific port, you must first ensure that a process is actively listening on that port.
- If a process is associated with the port, proceed to the Testing Connection section of this article.
- If no process is associated with the port specified, proceed to the Creating a Listener section of this article.
Check Port Ownership in Windows
Use the following PowerShell command to check which process is locking a specific port.
Update the -LocalPort value to specify the port being tested.
Check Port Ownership in Linux
Use the following command to check which process is associated with a specific port.
Replace the portnumber placeholder with the port being tested.
Creating a Listener
If the port you are testing does not currently have a process associated with it, you must create a listener to own that port before attempting to test if the port can be reached.
Creating a Listener in Windows
Use the following PowerShell command to start a listener on the specified port.
Replace 6160 in this example with the port you are testing.
The above command will start a process in the background on the specified port. You can reuse the command from the Check Port Owner section to verify that the port is now associated with a process.
Below is an example of:
- Identifying that no process is associated with a port.
- Creating a listener on that port
- Verifying the port ownership.
Creating a Listener in Linux
Use the following command to start a listener on the specified port.
Replace 6160 in this example with the port you are testing.
This example uses Netcat (nc), which may not be installed by default on all Linux systems. Although other applications can also be used, Netcat is a commonly used tool for this purpose.
To stop the netcat listener, use Ctrl+C to stop the process.
Testing Connection
When testing connectivity to a port, it's important to test first from the machine that Veeam used to initiate communication. If the test fails, test locally from the target machine, and then test from other machines. We test from multiple locations because firewalls within the environment may allow connections from some sources while blocking others.
Testing Connection From Windows
The following native PowerShell command will test connectivity to the specified computer and port.
Update the -ComputerName and -Port values.
Testing Connection From Linux
The following command will test connectivity to the specified computer and port.
Replace the targetmachine and port placeholders in this example.
Interpreting the Results
If the connection test is successful, but the task within Veeam still fails, do the following:
- Review the error and determine which machine Veeam was using to initate the connection, and test with that machine.
It's important to note that some Veeam products rely on a central control server with components on other machines. Therefore, it's possible that the primary Veeam-machine is not at fault and that the issue lies with one of the remote component machines. - In environments with a signature-based firewall, the test packets may be permitted to pass, but Veeam traffic may be blocked—review Troubleshooting Signature-Based Firewalls for more information.
After a failed connection test do the following:
- Double check that you specified the correct IP and Port.
- Double check that there is a process on the target machine listening on the port.
- Run the test command from the target machine to test if it can talk to itself on that port.
- Run the test command on another remote machine to to isolate whether the port connection is blocked for all remote machines or only the first machine you tested from.
If the target machine can test the port to itself succesfully, but remote machines are unable to reach that same port, it is highly likely that a firewall is blocking connections.
Windows Test Results
Below are a series of screenshot demonstrating results you will see while testing.
Successful Connection Test
This is an example of a complete success, indicated by the "TcpTestSucceeded: True."
Failed Connection Test
The Test-NetConnection cmdlet will first attempt to connect to the port, if that fails it will attempt to ping the remote machine. While a succesful Ping is not a requirement of Veeam, in the first example it serves to show us that some connection is possible, just not to the port specified.
Linux Test Results
Successful Connection Test
This is an example of a success, indicated by the "Connect to x.x.x.x:xxxx."
Failed Connection Test
The following example is of a complete failure, indicated by the "Ncat: TIMEOUT" meaning the connection to the port timed out.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.