Skip to main content

RunApp Proxy is not running well and find 8101 and 8100 port can not be accessed.

Admin
Updated

Sympton

Proxy Mode is not working in some Client Machine and find the following error in the %localappdata%\LocalWeb.log

[2026-03-05 09:08:49] [runappproxy.go:211] [info] StartRunAppProxy sshListenPort:8101 rdpListenPort:8100 connHost:10.0.220.183 connPort:443
[2026-03-05 09:08:49] [runappproxy.go:58] [fatal] listen tcp 127.0.0.1:8101: bind: An attempt was made to access a socket in a way forbidden by its access permissions.

 

Check the port is using

netstat -aon | findstr "8101"
netsh interface ipv4 show excludedportrange protocol=tcp

 

 

That output shows that the range 8091–8190 has been reserved by the Windows Host Network Service (HNS). When a port range is "excluded" like this, Windows prevents any other application from using those ports to avoid conflicts with internal services.

The most common reason for these specific blocks is Hyper-V.

Why is this happening?

When Hyper-V (or features that rely on it, like Docker, WSL2, or Windows Sandbox) is enabled, Windows reserves various "random" blocks of ports for its internal virtual networking needs. These are called dynamic port reservations.

The range you see isn't "forbidden" because of a security threat; it's effectively "booked" by the system.

How to verify and fix it

If you need those specific ports for an application, you can try the following steps:

1. Confirm Hyper-V is the cause

You can check which service is responsible for the reservation by running this command in an Admin PowerShell:

PowerShell

 
netsh int ipv4 show dynamicport tcp

If the "Start Port" of your dynamic range overlaps with the excluded ranges shown in your image, it confirms Hyper-V is managing them.

2. The "Quick Fix" (Restarting the service)

Sometimes simply restarting the network service releases these temporary blocks:

  1. Open Command Prompt as Administrator.

  2. Run: net stop hns (This will temporarily disconnect Docker/WSL2).

  3. Run: net start hns.

  4. Check netsh interface ipv4 show excludedportrange protocol=tcp again to see if the range has moved.

3. The "Permanent Fix" (Set a specific range)

If you want to ensure Hyper-V stays away from certain ports, you can manually set the range it is allowed to use. Run these as Administrator:

DOS

 
:: Set the dynamic port range to start higher up (e.g., 49152)
netsh int ipv4 set dynamicport tcp start=49152 num=16384
netsh int ipv4 set dynamicport udp start=49152 num=16384

Note: You may need to restart your computer for this to fully take effect and clear the old exclusions.

 

Related to

Related articles

Comments

0 comments

Article is closed for comments.