Troubleshooting Communication Issues With Backup Exec System Recovery (BESR)}.
1. What Ports does Backup Exec System Recovery Utilize?
2. How Do I set the DCOM Security Settings?
3. How Do I make exceptions in Windows Firewall for Backup Exec System Recovery?
The Backup Exec System Recovery agent cannot deploy/connect from the Backup Exec System Recovery console. This is typically caused by improper environmental settings.
Backup Exec System Recovery requires opening the following ports:
137 (inbound and outbound TCP and UDP)
138 (inbound and outbound UDP)
139 (inbound and outbound TCP)
By default, DCOM is free to use any port between 1024 and 65535 when it dynamically selects a port for an application. This range can be reduced by creating registry keys on the computer that hosts the DCOM service; the firewall router can then be configured to forward only these TCP ports. Ports above port 5000 should be used since numbers below port 5000 may already be in use by other applications and can cause conflicts with other DCOM applications. Experience shows that at least 20 ports should be opened, because several system services rely on these RPC ports to communicate with each other.
In order to open ports, perform the following steps:
1. Click on Start and then Run
2. Type Regedit and click OK
3. Click on File then Export
4. Give this file the name RegistryBackup and click OK
Edit the registry:
1. On the agent machine, open HKLM\Software\Microsoft\Rpc\Internet. Create the
Internet subkey under
Internet, create a REG_MULTI_SZ - With
Internet highlighted, right click in the right pane and select
3. Name the new string
Ports and set its value to
Create a REG_SZ - Right click again in the right pane and select
4. Name this new string
PortsInternetAvailable and set its value to
5. Create a second REG_SZ called
UseInternetPorts and set its value also to
6. Reboot. The machine will need a reboot for these changes to take affect.
Create a firewall rule that allows TCP 135 inbound (from the Symantec Backup Exec System Recovery console to the Symantec Backup Exec System Recovery agent) and a second rule that allows 5001-5100. Destination host addresses may be added so that
only machines with Symantec Backup Exec System Recovery agents are reachable on these ports. If using the Windows built-in firewall, the range of ports cannot be specified. Therefore 100 separate rules must be created. This however, can be accomplished in XP SP2 and 2003 SP1 by running NETSH from the command line:
Simple File Sharing will need to be disabled. To disable simple file sharing go to My Computer/Tools/Folder options/View and at the bottom take the check mark out for "Use Simple File Sharing" then reboot the machine. The agent machine will also need to be a member of the same domain and/or workgroup as the console system and on the same subnet.
Imported Document Id
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.