System.Net.Sockets.SocketException (0x80004005)

[slrslr]

Windows 10 as a client of SS. SS client version: 4.1.10.0 Linux CentOS as a server is shadowsocks-libev 3.2.0 from repo librehat-shadowsocks

cat /etc/shadowsocks-libev/config.json

{ "server":"myserverpublicIP", "server_port":8388, "local_port":1082, "password":"mypassword", "timeout":60, "method":"aes-256-cfb" }

part of the gui-config.json file on client:

{
  "server": "myserverpublicIP",
  "server_port": 8388,
  "password": "mypassword",
  "method": "aes-256-cfb",
  "plugin": "",
  "plugin_opts": "",
  "plugin_args": "",
  "remarks": "namehere",
  "timeout": 5
}

Internet does not work (Firefox shows "PR_CONNECT_RESET_ERROR") when SS is enabled and as a web browser proxy i am using socks5 127.0.0.1:1082)

SS client log:

2020-04-16 ::* |WARN|Shadowsocks.Controller.TCPHandler|System.Net.Sockets.SocketException (0x80004005): Došlo k pokusu o přístup k soketu způsobem zakázaným jeho přístupovými oprávněními v Shadowsocks.Util.Sockets.WrappedSocket.EndConnect(IAsyncResult asyncResult) v Shadowsocks.Proxy.DirectConnect.EndConnectDest(IAsyncResult asyncResult) v Shadowsocks.Controller.TCPHandler.ConnectCallback(IAsyncResult ar)

english version of the error is: "System.Net.Sockets.SocketException (0x80004005): An attempt was made to access a socket in a way forbidden by its access permissions"

but when i try to connect to different SS server which has identic server config.json file (except of course public IP), then the connection works.

-- what i tried: -- i checked my client firewall and it looks not to block port/app (not even ss_polipo.exe) nor IP.

On the "non working" SS server i ran:

$ netstat -tulnp|grep 8388 tcp 0 0 myserverpublicIP:8388 0.0.0.0: LISTEN 28527/ss-server udp 0 0 myserverpublicIP:8388 0.0.0.0: 28527/ss-server

$ service iptables status|egrep -i "ss|8388|1082" nothing, but full iptables output is here (p@$$w0rd: ss)

The log file of the SS should possibly be /var/log/messages, i am emptying this file every minute. The entries that appear during SS server restart: /usr/bin/ss-server[30699]: UDP relay enabled /usr/bin/ss-server[30699]: initializing ciphers... aes-256-cfb /usr/bin/ss-server[30699]: tcp server listening at myserverpublicIP:8388 /usr/bin/ss-server[30699]: udp server listening at myserverpublicIP:8388 /usr/bin/ss-server[30699]: running from root user

What is that mentioned error 0x80004005 shown on the client and what can be its causes? How to find out more detail? Thank you in advance

[chenshaoju]

This looks weird, Can you try changing your local proxy port in your Edit Server window to another port like 10800?

[slrslr]

Can you try changing your local proxy port in your Edit Server window to another port like 10800?

Thx, but that not helped. The same error. I changed it on the client and also in server's config.json and restarted shadowsocks-libev service on server. Then in the web browser proxy configuration, set 127.0.0.1:10800, socks5.

[chenshaoju]

Are you using Hyper-V?

Under normal conditions, This issue can be fixed by change local proxy port: https://github.com/shadowsocks/shadowsocks-windows/issues/2449

[slrslr]

no, OpenVZ is the virtualization on the SS server, but i do not think that should be a problem as the SS worked on this virtualization previously if i am not wrong.

[chenshaoju]

You may try resetting the Windows 10 TCP/IP and Winsocks: https://github.com/shadowsocks/shadowsocks-windows/issues/2474

[slrslr]

@chenshaoju thank you. That apparently WORKED. I executed that commands from within command prompt launched as an administrator (click Windows menu, type "cmd" right click item and launch as admin.) then i quit SS client and start it again. Now firewall asked me to allow the connection and everything works.. I am unsure if this is something to be fixed, yet i am closing this issue since it is away after that "hack".

[r57zone]

It would be possible to add a message to the error saying that it might be necessary to reset TCP / IP and Winsocks and a list of instructions for the CMD.

[chenshaoju]

Reset TCP/IP in some cases may risky, for example, some network may request set IP Address/Mask/Gateway/DNS manually.

After reset TCP/IP, these settings will lost.

[r57zone]

It looks like the reset only works temporarily. After the reset, the situation repeated itself 2 times. Problems started after updating Windows 10, probably due to this there are problems.

[chenshaoju]

Can you check your system (OS) or software environment?

Are you using some VPN or security software?

I guess there is some software using a little trick in your system to change something. (sorry for my English)

[r57zone]

Yes, I can, I don't use VPN, only ShadowSocks.

It looks like it worked again today without a reset.

[DuckSoft]

Taken from https://qv2ray.net/en/faq/v2ray-core.html#windows-reserved-by-system. License: CC-BY-SA 4.0

Windows: Reserved by System

This happens only on Windows, whose error log usually looks like this:

An attempt was made to access a socket in a way forbidden by its access permissions.

Microsoft launched KB4074588 patch on February 13th in 2018, which will modify the reserved port range on Windows operating system, so you may be affected.

As is stated, you can use netsh interface ipv4 show excludedportrange protocol=tcp command to show the reserved ports. If a port is reserved, you should avoid that port and just change the listening port to another one.