none
Protecting a server behind a firewall RRS feed

  • Question

  • I am trying to protect a non-domain member server sitting behind a firewall in a DMZ but having problems with the agent communication.

    I have:

    1. Opened up what I believe to be the correct firewall ports as specified by Microsoft - http://technet.microsoft.com/en-us/library/ff399341.aspx
    2. Disabled the Windows firewall on both servers
    3. Added the name of the DPM server into the DMZ server's LMHOST file - OK (they can now both ping each other by name)
    4. Installed the DPM agent locally on the DMZ server - OK
    5. Used the SetDPMServer -isNonDomainServer command to successfully point the DMZ server to the DPM server - OK
    6. Run the RPCPing command on each server against the other - OK (Completed 1 calls in 16 ms)
    7. Run the attach procedure on the DPM server - It gets added to the protected list but refuses to communicate with the agent, listing it as Unavailable

    What am I doing wrong?

    Here is what I believe to be the events from the DPM server's error log: 

     

    WARNING Failed: Hr: = [0x800706ba] CCommandProcessor::CreateInstance, Aborting CCIE loop because the time limit was reached. CCIE mqi.hr: 0x800706ba, sm_bIsShutdownReqd: 0
    WARNING Failed: Hr: = [0x800706ba] : F: lVal : hr
    WARNING Failed: Hr: = [0x800706ba] : F: lVal : CreateInstance( strCmdTarget, clsidTarget, hrDLS, (IUnknown **)&pAgentCommand, (pCommand->GetSenderToken() == 0), pCommand->IsNonDomainAgent(), fIsNonADMachine, cmdTargetIP )
    WARNING CCommandProcessor::SendOutboundCommand this:[0000000019D25490], ServerName: DMZ01
    NORMAL Task: Received tiemout message from CmdProc '<?xml version="1.0" encoding="utf-16"?>
    NORMAL <TECommand xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/2003/dls/Commands.xsd">
    NORMAL   <Command xmlns="http://schemas.microsoft.com/2003/dls/GenericCommand.xsd">
    NORMAL     <CommandInstanceID>bd712df3-55b8-4404-a1ea-75b8d7f24f08</CommandInstanceID>
    NORMAL     <AgentTypeID>da6aa17a-d61c-4e9c-8cea-db25dea52a95</AgentTypeID>
    NORMAL     <WorkItemID>2ac9910c-8338-4350-8e2d-3e422104a8ee</WorkItemID>
    NORMAL     <TETaskInstanceID>2ac9910c-8338-4350-8e2d-3e422104a8ee</TETaskInstanceID>
    NORMAL     <ServerIdFilter>00000000-0000-0000-0000-000000000000</ServerIdFilter>
    NORMAL     <VerbIndexFilter>45</VerbIndexFilter>
    NORMAL     <DatasourceIndexFilter>0</DatasourceIndexFilter>
    NORMAL   </Command>
    NORMAL   <GetProperties />
    NORMAL </TECommand>' Error CmdProcCommunicationError
    WARNING CheckTimeoutMessage: code[0x00000103], detailedCode[0x800706ba], errMgs[The RPC server is unavailable (0x800706BA)]
    WARNING [<?xml version="1.0" encoding="utf-16"?>
    WARNING <Status xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" StatusCode="-2147023174" Reason="Timeout" CommandInstanceID="bd712df3-55b8-4404-a1ea-75b8d7f24f08" CommandID="GetProperties" GuidWorkItem="2ac9910c-8338-4350-8e2d-3e422104a8ee" TETaskInstanceID="2ac9910c-8338-4350-8e2d-3e422104a8ee" xmlns="http://schemas.microsoft.com/2003/dls/StatusMessages.xsd">
    WARNING   <ErrorInfo ErrorCode="259" DetailedCode="-2147023174" DetailedSource="2" ExceptionDetails="" xmlns="http://schemas.microsoft.com/2003/dls/GenericAgentStatus.xsd">
    WARNING     <Parameter Name="servername" Value="DMZ01" />
    WARNING   </ErrorInfo>
    WARNING </Status>].
    NORMAL FailTask[InstallListRefresh]
    NORMAL RaiseAgentUnreachableAlert serverName -> DMZ01
    WARNING Task Diagnostic Information - <?xml version="1.0" encoding="utf-16"?>
    WARNING <TaskExecutionContext>
    WARNING   <AMServerName>DMZ01</AMServerName>
    WARNING   <AMOsType>None</AMOsType>
    WARNING   <AMClusterName>
    WARNING   </AMClusterName>
    WARNING   <TEVerb>InstallListRefresh</TEVerb>
    WARNING   <TEErrorState>InstallListRefresh.AgentInstallStatusInquiring</TEErrorState>
    WARNING   <TEErrorDetails>&lt;?xml version="1.0" encoding="utf-16"?&gt;
    WARNING &lt;q1:ErrorInfo ErrorCode="308" DetailedCode="-2147023174" DetailedSource="2" ExceptionDetails="" xmlns:q1="http://schemas.microsoft.com/2003/dls/GenericAgentStatus.xsd"&gt;
    WARNING   &lt;q1:Parameter Name="servername" Value="DMZ01" /&gt;
    WARNING &lt;/q1:ErrorInfo&gt;</TEErrorDetails>
    WARNING </TaskExecutionContext>
    NORMAL Publishing event from TaskInstance.cs(825): TaskStop, [TaskID=2ac9910c-8338-4350-8e2d-3e422104a8ee]
    NORMAL Retrieving information for JobType for jobid 0c26297f-1fd7-46e9-8782-701759a4b52a
    FATAL Task stopped (state=Failed, error=AMAgentCommunicationError; -2147023174; WindowsHResult), search "Task Diagnostic Information" for details.
    NORMAL Retrieving a deployment for task[2ac9910c-8338-4350-8e2d-3e422104a8ee].
    WARNING  Fail: Task '2ac9910c-8338-4350-8e2d-3e422104a8ee' failed with error during execution.
    WARNING ASSERT: (FileName:Deployment.cs; LineNumber:1545)
    WARNING AgentDeployment: bad column count in result set.
    NORMAL  Changing task state from 'GenerateWorkplan' -> 'Failed' (2ac9910c-8338-4350-8e2d-3e422104a8ee)
    NORMAL  Dispatching RetireJob.
    NORMAL  Changing state of job: '0c26297f-1fd7-46e9-8782-701759a4b52a' from 'Execute' -> 'Retire'
    NORMAL Publishing event from ActiveJob.cs(1043): JobStateChange, [JobID=0c26297f-1fd7-46e9-8782-701759a4b52a]
    NORMAL  Changing task state from 'Failed' -> 'Retire' (2ac9910c-8338-4350-8e2d-3e422104a8ee)
    NORMAL RetireWorkplan(job=0c26297f-1fd7-46e9-8782-701759a4b52a) - Calling derived RetireWorkplan
    ACTIVITY RetireWorkplan(job=0c26297f-1fd7-46e9-8782-701759a4b52a) - Retiring task: Failed

    Thursday, July 29, 2010 10:33 AM

Answers

All replies

  • Problem solved. Not all the ports had been opened up on the firewall. It all works nicely now.
    Friday, July 30, 2010 8:57 AM
  • Hi Andy, 

    I am closing this thread for now. Feel free to create a new thread/reopen this one if you encounter any more problem. 

     

    thanks,

    Parag Agrawal

    This posting is provided "AS IS" with no warranties, and confers no rights.

    Monday, August 2, 2010 12:55 PM
    Moderator