Accessing additional domain on DMZ for backup

Question

Hi, wonder if anyone can help with this?&nbsp;I have an SBS 2003 (don't ask) sitting on a DMZ. I need to backup various components of it. Currently, I have Backup Exec 12 installed on a server on the LAN, backing up itself and another server (exchange) on the LAN.&nbsp;I have successfully managed to get the remote agent installed onto the server on the DMZ, but cannot access that domain to select files for backup from the 'selections' area of the backup job. I can add the domain in, by righ clicking domains &gt; manage domains &gt; adding in the domain. Once it's there however I cannot open it. I have tried adding in an additional backup exec logon account (the administrator account for the domain on the DMZ, but to no avail). Also, does backup exec mind having more than one logon account, so long as the main one is the default?&nbsp;Is my problem the fact that the firewall is in the way? If so, what ports need opened up between the OPT (DMZ) and the LAN? Should I have a trust between the domains? Currently, I cannot set a trust, again pointing at the firewall.&nbsp;Our network is quite regular (three servers (2 DCs and 1 TS) and 100 PCs. The server on the DMZ is just there as it is an SBS. The wrong software was bought for a project, so the only thing I could think to do, was to put the SBS on the DMZ. This is all working fine as it happens, if I could just back it up!&nbsp;&nbsp;any help appreciated,Stephen

hywel_mallett · Answer

Stephen May wrote:Hi, wonder if anyone can help with this?&nbsp;I have an SBS 2003 (don't ask) sitting on a DMZ. I need to backup various components of it. Currently, I have Backup Exec 12 installed on a server on the LAN, backing up itself and another server (exchange) on the LAN.&nbsp;I have successfully managed to get the remote agent installed onto the server on the DMZ, but cannot access that domain to select files for backup from the 'selections' area of the backup job. I can add the domain in, by righ clicking domains &gt; manage domains &gt; adding in the domain. Once it's there however I cannot open it. I have tried adding in an additional backup exec logon account (the administrator account for the domain on the DMZ, but to no avail). Also, does backup exec mind having more than one logon account, so long as the main one is the default?&nbsp;Is my problem the fact that the firewall is in the way? If so, what ports need opened up between the OPT (DMZ) and the LAN? Should I have a trust between the domains? Currently, I cannot set a trust, again pointing at the firewall.&nbsp;Our network is quite regular (three servers (2 DCs and 1 TS) and 100 PCs. The server on the DMZ is just there as it is an SBS. The wrong software was bought for a project, so the only thing I could think to do, was to put the SBS on the DMZ. This is all working fine as it happens, if I could just back it up!&nbsp;&nbsp;any help appreciated,StephenTo get your firewall to allow access to the server in the DMZ, in BE's options, set it to use ports 10000-10025 for communication. Then open those TCP ports on your firewall.In terms of authentication, you'll have difficulty setting up a domain trust, as SBS doesn't do domain trusts ;) You should be able to add an additional logon account in BE just for the SBS server.

stephen_may · Answer

Thankyou for replying. I have set the ports as you say in the backup exec options, and opened up the ports on the firewall, but still cannot connect to the other domain.

Any more ideas? My feeling is that although Backup Exec traffic might be communicating ok, some kind of windows traffic isn't. Should I open up dns between the LAN and DMZ? Or other ports? Kerberos etc? When I managed to get the remote agent installed onto the server on the DMZ, I referred to it by IP address rather than by name. Now BE is trying to find another domain NAME through the firewall.

Infact, it is tempting to just open everything between the LAN and the DMZ. The only reason the SBS is on the DMZ is that I didn't want it on the same network as the DCs. Maybe an over reaction? You can put additional DCs onto a network with an SBS ( I presume it's like the SBS holds the FSMO roles) but I wouldn't go putting an SBS onto a pre-existing network where there are alreay DCs.

Stephen

Message Edited by Stephen May on 03-07-2008 07:21 AM

Message Edited by Stephen May on 03-07-2008 07:44 AM

ken_putnam · Answer

This Tech Note goes into a little more detail than the 10,00 foot view that Hywell gave you&nbsp;http://seer.entsupport.symantec.com/docs/278944.htm

Forum Discussion

Accessing additional domain on DMZ for backup

3 Replies

Related Content

Replication to multiple domains

S3 bucket deleting Access 3350

Very cool addition. This

Can't restore from old domain

Migration from one domain to new domain

Recent Discussions

Backup Exec Job got canceled

BackupExec for Oracle 23ai?

Add Oracle DB in Backup Exec

Veritas Backup Exec version upgrade & migrate to another new Server

Veritas Backup Exec 23 - Slow Backup after Windows server 2019 upgrade