Service Listens to 127.0.0.1 Instead of 0.0.0.0

Azure AD Connect failure 127.0.0.1 binding instead of 0.0.0.0

In some cases, the Windows operating system will bind service listeners to 127.0.0.1 instead of the default 0.0.0.0 (all IP addresses on the system).

This will cause your system to stop responding to remote connections on all services bound to 127.0.0.1 instead of 0.0.0.0.

One example of this is when Azure AD Connect stops accepting WinRM (remote PowerShell) sessions:

Azure AD Connect WinRM Connection Failed

Another example could be IIS stopping servicing web requests.

To verify if you’re experiencing this issue, check what IP listener is registered for your service.

E.g., if you’re seeing problems with remote PowerShell (WinRM), check the listener port of the WinRM service (TCP 5985):

C:\>netstat -nao | findstr "5985"
  TCP    127.0.0.1:5985         0.0.0.0:0              LISTENING       4

As seen in the above example, port 5985 is bound to 127.0.0.1 and not 0.0.0.0 (as expected).

If you take a look at the registered listeners, you’ll see the following output, which further validates the cause of the problem:

C:\>PS C:\>netsh http show iplisten

IP addresses present in the IP listen list:
-------------------------------------------

    127.0.0.1

This configuration will block remote TCP connections to port 5985 and effectively breaks remote PowerShell.

To solve this issue, remove the 127.0.0.1 listener by issuing the following command in an administrative command prompt:

C:\>netsh http delete iplisten ipaddress=127.0.0.1

IP address successfully deleted

Immediately after issuing this command, the WinRM service will bind to the default listener:

C:\>netstat -nao | findstr "5985"
  TCP    0.0.0.0:5985           0.0.0.0:0              LISTENING       4
  TCP    [::]:5985              [::]:0                 LISTENING       4

Remote PowerShell will start working again, and this is reflected in the Easy365Manager settings:

Easy365Manager settings configuration