Last Updated: June 1, 2011

Intermediate Diagnostics

The second level of network diagnostics performs queries on ports commonly used to connect to Microsoft Online Services. Port queries output the port responses to verify they are open, listening and able to connect. If the ports are not open from either the service side or the client side, the user may still be able to resolve the DNS name, but may continue to have connectivity issues.

The intermediate diagnostics’ purpose, after verifying basic connectivity, is to determine if any of the ports necessary to use Microsoft Online Services (BPOS-S) are open and accessible. The ports can be blocked on the client’s side by their network administrator or by their home router.

PortQry Files

PortQry.exe (pronounced “Port-query”) is a command line utility that anyone can use to help troubleshoot TCP/IP connectivity issues. Portqry.exe can query a single port, an ordered list of ports, or a sequential list of ports. It runs on all Windows-based computers, including Windows 7. The utility reports the port status of TCP and UDP ports on a computer that you select. This functionality is packaged within MOSDAL, and the resulting log files are located in: MOSDALReports > Network Diagnostics > NetworkPortQry.

NOTE: Users can also run the PortQry themselves at a command line prompt independently of MOSDAL.

Open the Port_Queries folder to view the log files, which contain information about cloud servers or resources and whether they are offering a service at that time (connectivity). An example of the PortQry log files’ naming convention is as follows:


Graphic14 – PortQry successful log file.

The following table assists in decoding the PortQry log file naming convention.




Queries the Microsoft Online Services Administration Center (MOAC) server.


Queries the My Company Portal server.


Queries the Live Meeting server.


Internal DNS servers. When a customer creates an account (URL/FQDN) it is set up on DNS servers on Microsoft cloud space. If these DNS servers are not accessible on the Internet, SharePoint site collections cannot be accessed by customers.


Queries a Migration Web service server for online directory objects. Used by the DirSync tool.


Queries mobile devices, used for OWA.


Queries the Sign On Web service server.


Slow. This indicates to the PortQry that it should not timeout, which would prevent a response from being sent.

- p

Specifies the protocol to use when querying the ports

-p both

Uses both the TCP and UDP protocols for querying the ports.

Table 2 – PortQry log file identification.

Using Table 2, users can quickly identify which of the PortQry log files needs to be reviewed, depending on the circumstances. For example, if a customer in North Carolina (United States) cannot log on to the service, check one of the PortQry log files (depending upon the connection of the customer):


Port Number

Protocol Type




SMTP – used for e-mail routing between mail servers



Domain Name System (DNS)



Hypertext Transfer Protocol (HTTP)



Hypertext Transfer Protocol (HTTP) over TLS/SSL (HTTPS)



Post Office Protocol (POP3) used to retrieve e-mail from a POP3 server.

Table 3 – Port numbers, protocol types, and use.

Two protocol types are used, TCP and UDP. TCP is connection oriented and more reliable, but both can be used. When connecting from a workstation to the server in the cloud (, the load balancer only shows one server.

The customer’s router or infrastructure should always allow for outbound port 443 to be open (LISTENING) for the Microsoft® Online Services (BPOS-S) service. If the customer cannot connect to My Company Portal, review both of the appropriate PortQry log files ( with -sl and without.