Last Updated: June 1, 2011

Intermediate Diagnostics

The second level of network diagnostics performs queries on ports commonly used to connect to Microsoft Online Services. Port queries output the port responses to verify they are open, listening and able to connect. If the ports are not open from either the service side or the client side, the user may still be able to resolve the DNS name, but may continue to have connectivity issues.

The intermediate diagnostics’ purpose, after verifying basic connectivity, is to determine if any of the ports necessary to use Microsoft Online Services (BPOS-S) are open and accessible. The ports can be blocked on the client’s side by their network administrator or by their home router.

PortQry Files

PortQry.exe (pronounced “Port-query”) is a command line utility that anyone can use to help troubleshoot TCP/IP connectivity issues. Portqry.exe can query a single port, an ordered list of ports, or a sequential list of ports. It runs on all Windows-based computers, including Windows 7. The utility reports the port status of TCP and UDP ports on a computer that you select. This functionality is packaged within MOSDAL, and the resulting log files are located in: MOSDALReports > Network Diagnostics > NetworkPortQry.

NOTE: Users can also run the PortQry themselves at a command line prompt independently of MOSDAL.

Open the Port_Queries folder to view the log files, which contain information about cloud servers or resources and whether they are offering a service at that time (connectivity). An example of the PortQry log files’ naming convention is as follows:

PortQry_good.png

Graphic14 – PortQry successful log file.

The following table assists in decoding the PortQry log file naming convention.

ID

Description

admin

Queries the Microsoft Online Services Administration Center (MOAC) server.

home

Queries the My Company Portal server.

lm

Queries the Live Meeting server.

ns1/ns2

Internal DNS servers. When a customer creates an account (URL/FQDN) it is set up on DNS servers on Microsoft cloud space. If these DNS servers are not accessible on the Internet, SharePoint site collections cannot be accessed by customers.

provisioning

Queries a Migration Web service server for online directory objects. Used by the DirSync tool.

red001.mail

Queries mobile devices, used for OWA.

signinservice

Queries the Sign On Web service server.

sl

Slow. This indicates to the PortQry that it should not timeout, which would prevent a response from being sent.

- p

Specifies the protocol to use when querying the ports

-p both

Uses both the TCP and UDP protocols for querying the ports.

Table 2 – PortQry log file identification.

Using Table 2, users can quickly identify which of the PortQry log files needs to be reviewed, depending on the circumstances. For example, if a customer in North Carolina (United States) cannot log on to the service, check one of the PortQry log files (depending upon the connection of the customer):

 

Port Number

Protocol Type

Use

25

TCP

SMTP – used for e-mail routing between mail servers

53

TCP, UDP

Domain Name System (DNS)

80

TCP

Hypertext Transfer Protocol (HTTP)

443

TCP, UDP

Hypertext Transfer Protocol (HTTP) over TLS/SSL (HTTPS)

995

TCP

Post Office Protocol (POP3) used to retrieve e-mail from a POP3 server.

Table 3 – Port numbers, protocol types, and use.

Two protocol types are used, TCP and UDP. TCP is connection oriented and more reliable, but both can be used. When connecting from a workstation to the server in the cloud (multiple-admin.microsoft.com), the load balancer only shows one server.

The customer’s router or infrastructure should always allow for outbound port 443 to be open (LISTENING) for the Microsoft® Online Services (BPOS-S) service. If the customer cannot connect to My Company Portal, review both of the appropriate PortQry log files (home.microsoftonline.com) with -sl and without.