Netbackup 7.6 media server ports needed for install?
New installation - Master server - running as a cluster on W2K8 R2. Media server - W2K8 R2. Both have the Windows firewall enabled. Running the media server install get the "Unable to communicate with Master" popup message. Continue on with the install - the media server does not show up in the EMM database unless i manually add it. Disable the Windows firewall on Master/media - the install works flawlessly. I have updated the Hosts file on both ends - master and media can ping each other and resolve via DNS.
Re-enabled the firewall on media server and added the following rules:
Inbound - allow ports: 1556, 13724, 2821, 4032, 13782
Outbound - allow ports: 1556, 13724, 2821, 4032, 13782
Re-enabled the firewall on the master and added the following rules:
Inbound - allow ports: 1556, 13724, 13783, 13722, 13782, 2821, 4032
Outbound - allow ports: 1556, 13724, 13783, 13722, 13782, 2821, 4032
-------------------------------------------------------------------------------------------
Re-attempted the Media server install - still get the "Unable to communicate .." error message. I validated that the master server was listening on the ports via telnet and netstat.
I then installed a protocol analyzer on the Master - re-attempted the install and captured the traffic up to the point of reaching the summary page during the install. Here is what i found:
Source (media server) ports: 57077, 57078
Destination (master server) ports: 13720
-------------------------------------------------------------------------------------------
I have read and re-read the Symantec Netbackup Network Ports Reference Guide Release 7.6 ... as well as the Technote Symantec Support forwarded and nowhere can i find any mention of ports 57077 and 57078 - nor any indication of a dynamic range that would include these two ports. Unfortunately, i cannot leave the Windows firewall disabled on the servers. Any ideas?
It is possible that NBU installation on Windows will still use ports used from 'the beginning of time' such as 13720 and 13782, but as long as forward and reverse lookup works in all directions and port 1556 is open in both directions, there is no need for any other ports and the installation message can be ignored.
If features like MSDP, Resilient network and NBAC will not be used, you only ever need port 1556 between master and media servers as well as clients.If DNS entries were updated recently, use 'bpclntcmd -clear_host_cache' on the master to refresh NBU host cache.
Media servers must always be added manually on the master server.
Use Host Properties -> Master -> Servers.
Restart NBU on master after new media server(s) were added.I prefer to disable Windows Firewall for internal comms within the same domain en rely on the company's external firewall for protection.