none
RPC issue with VPN RRS feed

  • Question

  • I'm trying to protect a server that is not in a trusted domain and have taken the following steps:

    1. Connected DPM server and protected server via VPN

    2. Name resolution is working fine...pings and rpcping works in both directions

    3. Ran the DPM agent installed with the IsNonDomainServer.  I used the internal FQDN of the DPM server as the server name.  This is the name tested in step 2.

    4. Telnet to RPC ports works fine.

    When I go to install/attach the agent, I get the following error in the MSDPMCurr log where REMOTEFQDN has replaced the FQDN of the remote server:

    0128 11F8 05/28 16:53:38.565 07 AgentCommunication.cs(322) NORMAL Created NTLM user account DPM10100147SVR

    0128 11F8 05/28 16:53:38.565 07 AgentCommunication.cs(649) NORMAL Setcommunication on server REMOTESERVERFQDN: Created user account IPTEST\DPM10100147SVR

    0128 11F8 05/28 16:53:38.579 07 Win32LG.cs(690) NORMAL Added account[IPTEST\DPM10100147SVR] to group[Distributed COM Users] on server [].

    0128 11F8 05/28 16:53:38.592 07 Win32LG.cs(690) NORMAL Added account[IPTEST\DPM10100147SVR] to group[MSDPMTrustedMachines] on server [].

    0128 11F8 05/28 16:53:38.603 07 Win32LG.cs(690) NORMAL Added account[IPTEST\DPM10100147SVR] to group[DPMRADmTrustedMachines] on server [].

    0128 11F8 05/28 16:53:38.920 22 agentserviceproxy.cpp(250) [000000001ECB0A80] WARNING Failed: Hr: = [0x800706ba] : error in CoCreateInstanceEx for server [REMOTESERVERFQDN]

    0128 11F8 05/28 16:53:38.920 22 agentserviceproxy.cpp(155) [000000001ECB0A80] WARNING Failed: Hr: = [0x800706ba] : F: lVal : InitInterfaceRemote()

    0128 11F8 05/28 16:53:38.924 07 AgentCommunication.cs(518) WARNING comException = System.Runtime.InteropServices.COMException (0x800706BA): The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

    0128 11F8 05/28 16:53:38.924 07 AgentCommunication.cs(518) WARNING   at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)

    0128 11F8 05/28 16:53:38.924 07 AgentCommunication.cs(518) WARNING   at Microsoft.Internal.EnterpriseStorage.Dls.DPMRA.DPMRAServicesProxy.Initialize()

    0128 11F8 05/28 16:53:38.924 07 AgentCommunication.cs(518) WARNING   at Microsoft.Internal.EnterpriseStorage.Dls.AgentManager.AgentCommunication.GetNonDomainServerProperties(NetworkCredential userCredentials, String serverName, DpsTimeZone& timeZone, Version& osVersion, SystemOSType& osType, Boolean& isDpm, Boolean& isDc, FqMachineName& psMachine, Int64& serverAttributes)

    0128 11F8 05/28 16:53:38.927 07 AgentCommunication.cs(574) NORMAL CleanupOnAttachFailure: Delete user DPM10100147SVR

    0128 11F8 05/28 16:53:38.948 09 serviceutils.cpp(476) WARNING Caught Dls exception: Microsoft.Internal.EnterpriseStorage.Dls.Utils.DlsException: exception ---> System.Runtime.InteropServices.COMException (0x800706BA): The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

    0128 11F8 05/28 16:53:38.948 09 serviceutils.cpp(476) WARNING   at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)

    0128 11F8 05/28 16:53:38.948 09 serviceutils.cpp(476) WARNING   at Microsoft.Internal.EnterpriseStorage.Dls.DPMRA.DPMRAServicesProxy.Initialize()

    0128 11F8 05/28 16:53:38.948 09 serviceutils.cpp(476) WARNING   at Microsoft.Internal.EnterpriseStorage.Dls.AgentManager.AgentCommunication.GetNonDomainServerProperties(NetworkCredential userCredentials, String serverName, DpsTimeZone& timeZone, Version& osVersion, SystemOSType& osType, Boolean& isDpm, Boolean& isDc, FqMachineName& psMachine, Int64& serverAttributes)

    0128 11F8 05/28 16:53:38.948 09 serviceutils.cpp(476) WARNING   --- End of inner exception stack trace ---

    0128 11F8 05/28 16:53:38.948 09 serviceutils.cpp(476) WARNING   at Microsoft.Internal.EnterpriseStorage.Dls.AgentManager.AgentCommunication.GetNonDomainServerProperties(NetworkCredential userCredentials, String serverName, DpsTimeZone& timeZone, Version& osVersion, SystemOSType& osType, Boolean& isDpm, Boolean& isDc, FqMachineName& psMachine, Int64& serverAttributes)

    0128 11F8 05/28 16:53:38.948 09 serviceutils.cpp(476) WARNING   at Microsoft.Internal.EnterpriseStorage.Dls.AgentManager.AgentCommunication.SetCommunication(String productionServerXML, String userName, String password, String domain, Boolean configurePS, Boolean isNonDomainServer, Guid& serverId)

    0128 11F8 05/28 16:53:38.948 09 serviceutils.cpp(476) WARNING   at Microsoft.Internal.EnterpriseStorage.Dls.Engine.CAgentManagerServices.SetCommunication(UInt16* bstrProductionServerXML, UInt16* bstrUserName, UInt16* bstrPassword, UInt16* bstrDomain, Byte configurePS, Byte isNonDomainServer, _GUID* pguidServerId)

    0128 11F8 05/28 16:53:38.948 09 serviceutils.cpp(476) WARNING   at Microsoft.Internal.EnterpriseStorage.Dls.Engine.CCoreServices.SetCommunication(CCoreServices* , UInt16* productionServerXML, UInt16* bstrUserName, UInt16* bstrPassword, UInt16* bstrDomain, Byte configurePS, Byte isNonDomainServer, _GUID* pguidServerId, tagSAFEARRAY** exceptionResult)

    0128 11F8 05/28 16:53:38.948 09 serviceutils.cpp(476) WARNING *** Mojito error was: AMNonDomainDPMRAGenericFailure; 0; None

    0128 11F8 05/28 16:53:38.976 23 emservices.cpp(156) NORMAL CEMServices::RaiseOrResolveAlert()

    0128 11F8 05/28 16:53:38.990 02 EventManager.cs(88) NORMAL Publishing event from ServerAlert.cs(556): AlertStateChange, [ObjectId=00000000-0000-0000-0000-000000000000]

    0128 11F8 05/28 16:53:39.364 09 coreservices.cpp(7011) NORMAL CCoreServices::UpdateAlertVisibilityIfInvisible() entered

    0128 11F8 05/28 16:53:39.367 16 engineservices.cpp(356) NORMAL CEngineServices::UpdateAlertVisibilityIfInvisible entered. alertId={2F7D4A1C-F18E-4854-92A9-486DFBA284F0}, newVisibility=0, invisibilityTi


    Rob
    Saturday, May 28, 2011 4:54 PM

Answers

  • Hi,

    It seems the RPC endmapper port is open (tcp 135), but possibly the ephemeral port(s) used by RPC blocked. I'd recommend disabling the firewalls on the servers and, if there are any firewalls on the VPN endpoints make sure they allow RPC traffic through both directions (or disable these firewalls also). If you still get the same errors try using Network Monitor to take a network trace while reproducing the issue.

    Thanks,

    Marc

    • Proposed as answer by ShaneB. _ Sunday, June 5, 2011 10:18 AM
    • Marked as answer by ip-rob Sunday, June 5, 2011 11:03 PM
    Wednesday, June 1, 2011 1:23 PM
    Moderator

All replies

  • Hi,

    It seems the RPC endmapper port is open (tcp 135), but possibly the ephemeral port(s) used by RPC blocked. I'd recommend disabling the firewalls on the servers and, if there are any firewalls on the VPN endpoints make sure they allow RPC traffic through both directions (or disable these firewalls also). If you still get the same errors try using Network Monitor to take a network trace while reproducing the issue.

    Thanks,

    Marc

    • Proposed as answer by ShaneB. _ Sunday, June 5, 2011 10:18 AM
    • Marked as answer by ip-rob Sunday, June 5, 2011 11:03 PM
    Wednesday, June 1, 2011 1:23 PM
    Moderator
  • I agree it is most likely the RPC return traffic getting blocked.  We scrapped testing the product.  The protocols are not really "firewall friendly" like other products.  
    Rob
    Sunday, June 5, 2011 11:05 PM