just to follow up i found this online. I applied it to all 3 servers and hey presto. it works.
Just encase someone else has the same problem as me.
Use the steps outlined in the Microsoft TechNet article How to configure RPC dynamic port allocation to work with firewalls to allow DCOM connections to the Server.
This limits the range of ports you need to open on the Windows Firewall. If you do not assign a static port, you must create a firewall rule permitting the entire dynamic range of ports:
- On the Archive server, open the Windows Firewall application from the Control Panel.
- Click Advanced Settings in the left pane.
- Right-click the Inbound Rules node, and click New Rule.
- The New Inbound Rule wizard opens. On the Rule Type page, select Custom, and then click Next.
- On the Program page, select All Programs, and click Next.
- On the Protocol and Ports page:
- Select TCP from the Protocol Type drop-down menu.
- Select RPC Dynamic Ports from the Local Port drop-down menu.
- Select Specific Ports from the Remote Port drop-down menu, and enter 1024-65535 in the associated field.
- Click Next.
- On the Scope page:
- Under Which local IP addresses does this rule apply to, select Any IP Address.
- Under Which remote IP addresses does this rule apply to?, select Any IP Address to allow all remote connections, or select These IP addresses and enter the specific IP address(es).
-
Click Next.
This is recommended if only one machine or a range of machines are going to connect via DCOM.
- On the Action plan, select Allow the connection, and click Next.
- On the Profile page, select only the Domain option, and then click Next.
- On the Name page, enter a name to identify the rule, for example, ArchiveOne incoming DCOM connections.
- Click Finish.
- Verify the rule is enabled.