Zabbix agent can conflict with Microsoft Forefront Threat Management Gateway (TMG)
Error message "listener failed: bind() for [[-]:10050] failed: [0x0000271D] An attempt was made to access a socket in a way forbidden by its access permissions." in Zabbix's log file (by default, C:\zabbix_agentd.log) may indicate another service process is listening at Zabbix's default listen port (TCP 10050). In this case Windows reports successfully starting Zabbix agent ("service [Zabbix Agent] started successfully"), but the agent doesn't stay running.
Note: alternative fix options are available: you could change the Zabbix agent listen port (and corresponding Zabbix server configuration), or you could eliminate Zabbix agent "passive checks" so that the agent doesn't require a listen port at all.
Error message "listener failed: bind() for [[-]:10050] failed: [0x0000271D] An attempt was made to access a socket in a way forbidden by its access permissions." in Zabbix's log file (by default, C:\zabbix_agentd.log) may indicate another service process is listening at Zabbix's default listen port (TCP 10050). In this case Windows reports successfully starting Zabbix agent ("service [Zabbix Agent] started successfully"), but the agent doesn't stay running.
zabbix_agentd.exe --config "C:\Program Files\Zabbix\zabbix_agentd.win.conf" --install
zabbix_agentd.exe --config "C:\Program Files\Zabbix\zabbix_agentd.win.conf" --start
sc query | find /i "zabbix"
type C:\zabbix_agentd.log
Check for a conflicting process as follows:zabbix_agentd.exe --config "C:\Program Files\Zabbix\zabbix_agentd.win.conf" --start
sc query | find /i "zabbix"
type C:\zabbix_agentd.log
netstat -anbop tcp
netstat -anbop tcpv6
Normally, other services don't listen on port 10050, but installing Forefront TMG changes this. Per <http://support.microsoft.com/kb/929851>, Windows' standard dynamic port range is either 1025 to 5000, or 49152 to 65535 -- these prevent dynamic RPC service processes from conflicting with Zabbix agent (port 10050). Per http://social.technet.microsoft.com/...-e0fa3b7a1944/, installing Forefront TMG sets the dynamic port range as 10000 to 65534 (range 55535) -- this unfortunately allows conflicts with Zabbix agent. Check the dynamic port range as follows:netstat -anbop tcpv6
netsh int ipv4 show dynamicport tcp
netsh int ipv4 show dynamicport udp
netsh int ipv6 show dynamicport tcp
netsh int ipv6 show dynamicport udp
Per http://blogs.dirteam.com/blogs/chris...ckup-exec.aspx and http://social.technet.microsoft.com/...-0a4743aeba4f/, we can adjust the dynamic port range as follows:netsh int ipv4 show dynamicport udp
netsh int ipv6 show dynamicport tcp
netsh int ipv6 show dynamicport udp
netsh int ipv4 set dynamicport tcp start=10100 num=55435
netsh int ipv4 set dynamicport udp start=10100 num=55435
netsh int ipv6 set dynamicport tcp start=10100 num=55435
netsh int ipv6 set dynamicport udp start=10100 num=55435
:Update all combinations of ipv4/v6 and tcp/udp, to keep them in sync.
:Now reboot the TMG server.
And verify that the issue is resolved:netsh int ipv4 set dynamicport udp start=10100 num=55435
netsh int ipv6 set dynamicport tcp start=10100 num=55435
netsh int ipv6 set dynamicport udp start=10100 num=55435
:Update all combinations of ipv4/v6 and tcp/udp, to keep them in sync.
:Now reboot the TMG server.
netstat -anbop tcp
netstat -anbop tcpv6
netsh int ipv4 show dynamicport tcp
netsh int ipv4 show dynamicport udp
netsh int ipv6 show dynamicport tcp
netsh int ipv6 show dynamicport udp
sc query | find /i "zabbix"
type C:\zabbix_agentd.log
This issue and fix were verified with Zabbix agent 2.0.4, on Windows 2008 R2 SP1, with Forefront TMG 7.0.netstat -anbop tcpv6
netsh int ipv4 show dynamicport tcp
netsh int ipv4 show dynamicport udp
netsh int ipv6 show dynamicport tcp
netsh int ipv6 show dynamicport udp
sc query | find /i "zabbix"
type C:\zabbix_agentd.log
Note: alternative fix options are available: you could change the Zabbix agent listen port (and corresponding Zabbix server configuration), or you could eliminate Zabbix agent "passive checks" so that the agent doesn't require a listen port at all.