none
DPM 2010 Distribted COM RRS feed

  • Question

  • Found this info Windows Essential Business Server:

     

    Would these setting work on a standalone DPM 2010 server, to set ports ranges so DCOM port TCP ranges could be set?

    Looking for Firewall setting that could be set on VPN connections.

     

     

    Use the following procedure to modify registry settings on the Security Server and the DPM server. Modify the registry with care. Serious system-wide problems might occur if you modify the registry incorrectly. To correct such problems, you may need to reinstall the operating system software on these servers.

    To configure registry settings on the Security Server and the DPM server

    1.   Log on to the server as domain administrator.

    2.   Click Start, click Run, type regedit, and then click OK.

    3.   In the left pane of Registry Editor, navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc.

    4.   Right-click the Rpc node, click New, and then click Key. Type Internet as the name of the key.

    5.   Configure the following values for the Internet key:

     

    Name

    Type

    Data

    Ports

    REG_MULTI_SZ

    50000-50050

    PortsInternetAvailable

    REG_SZ

    Y

    UseInternetPorts

    REG_SZ

    Y

     

    6.   To apply the registry settings, close Registry Editor and then restart the server.

    • Moved by Praveen D [MSFT] Saturday, September 4, 2010 5:59 AM Moving to DPM Setup Forum (From:Data Protection Manager)
    Thursday, August 19, 2010 10:42 PM

Answers

All replies

  •  

    As per Configuring Firewalls http://technet.microsoft.com/en-us/library/ff399341.aspx


    By default, DCOM assigns ports dynamically from the TCP port range of 1024 through 65535. However, you can configure this range by using Component Services. For more information, see Using Distributed COM with Firewalls (http://go.microsoft.com/fwlink/?LinkId=46088).

    IMPORTANT: Start with the  (minimum of 100 + (number PS * 10))

    Restricting the Range of TCP Ports

    There are several registry settings that control the DCOM port restriction functionality. All of the named values listed below are located under the HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet registry key (which you must create). Remember that you only need to do this on the DPM server machine. Clients will automatically pick up the right port numbers when they connect to the DPM server machine.


    Regards, Mike J [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, August 19, 2010 11:27 PM
    Moderator
  • The linkId=46088 is broke -  Are these the only registry key that need to be created ? just the 3

     

    Name

    Type

    Data

    Ports

    REG_MULTI_SZ

    50000-50050

    PortsInternetAvailable

    REG_SZ

    Y

    UseInternetPorts

    Name

    Type

    Data

    Ports

    REG_MULTI_SZ

    50000-50050

    PortsInternetAvailable

    REG_SZ

    Y

    UseInternetPorts

    REG_SZ

    Y

    Name

    Type

    Data

    Ports

    REG_MULTI_SZ

    50000-50050

    PortsInternetAvailable

    REG_SZ

    Y

    UseInternetPorts

    Name

    Type

    Data

    Ports

    REG_MULTI_SZ

    50000-50050

    PortsInternetAvailable

    REG_SZ

    Y

    UseInternetPorts

    REG_SZ

    Y

    Name

    Type

    Data

    Ports

    REG_MULTI_SZ

    50000-50050

    PortsInternetAvailable

    REG_SZ

    Y

    UseInternetPorts

    REG_SZ

    Y

    Friday, August 20, 2010 5:55 PM
  • Hello,

    Since you mention DPM 2010, you must be on Win Srv 2008 / 2008 R2. The default dynamic port range for Win Srv 2008 onwards is changed. Please see: http://support.microsoft.com/default.aspx?scid=kb;EN-US;929851 - The default dynamic port range for TCP/IP has changed in Windows Vista and in Windows Server 2008.


    Regards, Rajeev Narshana [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights
    Saturday, September 4, 2010 4:03 PM
    Moderator
  •  

     

    IMPORTANT: Start with the  (minimum of 100 + (number PS * 10))

     

    What does 'PS' stand for?

     

    We are in the process of restricting out environments usage of RPC and have had issues with DPM since (at the same time as moving to Forefront Client Security 2007). I am trying to unpick which part has broken it.

    We opted for 300 ports from 5500 to 5800

    There are lots of errors stating that there are no more endpoints available to the endpoint mapper. How wide does this port range need to be for DPM??

    Thursday, April 7, 2011 1:57 PM
  • Hi Aidan,

    PS stands for Protected Servers. There is no definitive answer to the number of ports you should make available for RPC. It depends on how much RPC traffic your server gets which depends on how many applications use RPC and how many connections those applications utilize. The formula above will help you determine an appropriate amount of ports that DPM will need.

    Thanks,

    Marc

    Friday, April 8, 2011 12:24 PM