none
Can somone show me how to add the right exception to allow agent install through Windows Firewall RRS feed

  • Question

  • Hi,

    I am trying to add the DPM Client to my machines, and I have tried everything.

    I have read about opening the recommended ports, but I still can't get it to work.

    What is the easiest setting that I need to add to the Windows Firewall?

    Thanks

    Saturday, June 21, 2014 9:05 AM

All replies

  • Hi,

    Add firewall rules that will allow the incoming network connections required for the DPM agent installation process. The main benefit of this method is that you can automate the process using the commands below, allowing you to script the solution and deploy it via GPO or other methods.

    These commands must be run from an elevated command prompt (Run As Administrator) and should be run on all target computers that have the firewall enabled. 

     

    NOTE DPM version information will need to reflect your current DPM version. A sample path is given below. Replace <DPMVersion> with the correct x.x.xxxx.x number.

    DPM 2010 – version:     3.0.7696.0
    DPM 2012 – version:  4.0.1908.0
    DPM 2012 SP1 – version: 4.1.3313.0
    DPM 2012 R2 - version:  4.2.1205.0

    The initial command below should allow the agent to be installed:


    Netsh advfirewall firewall add rule name = "dpmac" dir=in program="C:\Windows\Microsoft Data Protection Manager\DPM\ProtectionAgents\AC\<DPMVERSION>\dpmac.exe" action=allow

    If the command above does not allow the agent install to succeed, add following additional rules:


    Netsh advfirewall firewall add rule name="Microsoft System Center Data Protection Manager" dir=in program="C:\Program Files\Microsoft Data Protection Manager\DPM\bin\msdpm.exe" profile=Any action=allow
    Netsh advfirewall firewall add rule name="Microsoft System Center Data Protection Manager Replication Agent" dir=in program="C:\Program Files\Microsoft Data Protection Manager\DPM\bin\dpmra.exe" profile=Any action=allow
    Netsh advfirewall firewall add rule name="Microsoft System Center Data Protection Manager DCOM setting" dir=in action=allow protocol=TCP localport=135 profile=Any
    Netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=yes
    Netsh advfirewall firewall add rule name="DPMAM_WCF_SERVICE" dir=in program="C:\Program Files\Microsoft Data Protection Manager\DPM\bin\AMSvcHost.exe" profile=Any action=allow
    Netsh advfirewall firewall add rule name="DPMAM_WCF_PORT" dir=in action=allow protocol=TCP localport=6075 profile=Any


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Sunday, June 22, 2014 7:27 PM
    Moderator