06-13-2011 03:31 AM
We are using BE 2010 R3 and I have run into a problem after installing TMG 2010 on one of my test servers.
I cannot get BE to talk to this server.
At first I couldn't deploy the agent, so I did a manual install and that worked fine.
I then discovered from the web that TMG conflicts with port 10000 and that this was the issue.
After changing the port for 9000 on the TMG server (and only the TMG server - didn't know if this was right) I got the agent services to start on this server but couldn't get the BE server to communicate with it.
Is there anything else I need to do so that I can get my BE server to backup the TMG server?
Both servers are running Windows 2008 R2 Enterprise server. We are only using TMG as a proxy cache so have a rule to allow everything to everywhere, so I don't think it's a TMG rule causing the problem.
Thanks in advance.
06-13-2011 03:45 AM
You can try to create a rule to allow all traphic to and from the Backup Exec media server to/from the TMG server.
Otherwise you can setup monitoring by monitoring the ip-adress of the Backup Exec media server and see what ports are trying to connect to the TMG server.
06-13-2011 03:47 AM
I already have a rule to allow everything to everywhere.
I am new to TMG and am just testing etc. so not sure how to do monitoring.
06-13-2011 06:14 AM
Ah, now I see that you have changed the port on the remote server only, you also need to configure the port range in the backup exec media server as shown in the following article
http://www.symantec.com/business/support/index?page=content&id=TECH24256
06-13-2011 06:21 AM
The port which is causing the conflict (10000) is not in my dynamic range as specified in BE.
However if I change NDMP (using the services file) to a different port (I tried 9000), the agent service starts.
Do I need to add 9000 NDMP to ALL servers now? Will that allow the agent and BE server to communicate as despite the agent service being started on the TMG server the BE server cannot browse to it or select any files for backup.
Thanks
06-13-2011 06:45 AM
You can create a test-job for only the TMG server, change the port number in the job and see if that works.
If it's working fine you can descide if you make a separate job for the TMG server, or change the port on all remote agents.
07-21-2011 01:54 AM
@ Future5,
What is the solution?
We have got the same problem.
- We have change the port on the TMG server to 9000,
- TMG rule allows port 9000 - 9999 inbound and outbound,
- We have change the port range in the media server from 9000 - 9999,
TMG logging still give the warning "Unidentified IP Traffic (TCP:10000)"
@ ZeRoC00L,
any other ideas?
07-21-2011 02:02 AM
What if you open port 10000 from/to the backup server ?
07-21-2011 04:45 AM
I have change the rules.
BE server to TMG server > Outbound > allow all
TMG server tot BE server > Outboud > allow all
BE freeze when browsing to the TMG server, no errors in TMG logging.
Still searching....
07-21-2011 05:29 AM
If you change the NDMP Port on one server from 10000 to something else then you have to change the port on all Backup Exec Media Servers and Remote Agents (Windows and Linux) as the port has to be common across all.
07-21-2011 06:08 AM
If you only need to backup the configuration of TMG, you can use this script to make a backup to a (remote) folder:
Create a Script with the following content and save the script TMG2010Backup.vbs with the .VBS extension.
Dim fileName
Dim WSHNetwork
Dim shareName: shareName = WScript.Arguments(0)
Dim xmldom : set xmldom = CreateObject("Msxml2.DOMDocument")
Dim fpc : set fpc = WScript.CreateObject("Fpc.Root")
Dim array : set array = fpc.GetContainingArray
set WSHNetwork = CreateObject("WScript.Network")
fileName=shareName & "\" & WSHNetwork.ComputerName & "-" & _
Month(Now) & "-" & Day(Now) & "-" & Year(Now) & ".xml"
array.Export xmldom, 0
xmldom.save(fileName)
To execute the script, use the following syntax:
Cscript TMG2010Backup.vbs \\SERVERNAME\TMGBACKUP
08-31-2011 02:05 AM
Hi Colin,
according to the Symantec article posted above you do not have to change the port on all media servers and remote agents if you're using version 11d and above, which the OP is. I am also getting this problem and finding myself increasingly frustrated with not being able to backup my TMG servers.
The quote from the article is
Note for Backup Exec 11d and above: The steps above can be done on the only the server/s affected. All other remote servers can have the existing/default NDMP Port.
I'd appreciate any advice you can give.
08-31-2011 02:19 AM
Quote from the Technote:
When a media server makes a connection with a remote system, the initial connection will be initiated on port 10000. The Remote Agent will be listening for connections on this pre-defined port.
and view the section:
Setting the dynamic port range for Backup Exec 11.x and above :
You will have to create a rule to open the initial port AND the dynamic port range in order to be able to create a backup.
But TMG 2010 comes with a very good monitoring tool.
Open it, and select the backup server as source/destination and try to start a backup and you can see in the monitoring window the ports that BE is trying to use.
08-31-2011 02:55 AM
Thanks,
I can see that the media server is trying to access my server via port 10000, Microsoft CIFS and PING. All of which are allowed in my rule from the media server to the TMG server.
08-31-2011 02:57 AM
What if you (temporary) create a rule to allow any from/to the TMG server and BE server ?
08-31-2011 03:19 AM
Good idea, I'll try that now.
08-31-2011 03:48 AM
It looks like I can only create an "All outbound traffic" rule. Which when selected I get denied requests on port 10000, these are allowed when the rule is in place as it was initially.
I have the backup exec media servers in the from and to tabs, and also the TMG servers in the from and to tabs, so traffic should be allowed both ways.
08-31-2011 04:30 AM
You are right, you can only create an "All outbound traffic" rule.
This seems to be a limitation of TMG, not BE.
But what I suggested before, you better use a script to backup the TMG configuration, a new server is build faster (and restore the configuration) than a complete restore with BE.
08-31-2011 06:17 AM
hmm, this is bad news.
I'm ok with having a script backing up the config as a temporary measure, but ideally I'd want this in with all my other servers. Hopefully it's something that will get fixed in a future patch, either from BE or TMG's end.
Thanks.
08-31-2011 06:58 AM