Port reservation on Windows Server 2008 and 2008 R2 included SBS 2011

Jan 28

If you need to reserve a port in Windows Server 2008, 2008 R2 or SBS 2001 (which is in fact a 2008 R2), it does not make any sense to modify the registry value




as indicated at in the Microsoft KB 812873, because Windows Server 2008 and 2008 R2 does not support this setting anymore.
You need to request a hotfix from this page KB 2665809, install it and then you can control your port ranges with the commands (from an administrative command prompt of course):

netsh int ipv4 show excludedportrange protocol=tcp

to display active reservations, and add with

netsh int ipv4 add excludedportrange protocol=tcp startport=8000 numberofports=1

The command is documented at the MS KB page where you can find the hotfix.

Open firewall from your application

Jan 28

Since I had added SSL support to the SMTP sending from my application using stunnel, some users don’t opened up the firewall when requested from the operating system (from Windows Vista up).

Therefore I needed to open up the firewall directly from the application.

Since I don’t like to have run the application with elevated rights, I decided to make this change from an external app to spawn from my own application.

It is very simply to add a firewall rule using the netsh command:

netsh advfirewall firewall add rule name=”stunnel” dir=in action=allow program=”c:\tools\stunnel.exe” enable=yes profile=any

(where the stunnel.exe path should be adapted to your own settings).

The problem now was that this command needed to be run with elevated rights, and there is no option to do so.
After a quick search on the internet, I found elevate.exe – a small .NET executable that does what I need: launch a program with elevated rights.

So it was easy: launch elevate.exe (downloadable with sources) and pass as command line the call to netsh.exe.