cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Backing Up 2k8 R2 Server with TMG 2010 Installed

Future5
Level 4

‎06-13-2011 03:31 AM

We are using BE 2010 R3 and I have run into a problem after installing TMG 2010 on one of my test servers.

I cannot get BE to talk to this server.

At first I couldn't deploy the agent, so I did a manual install and that worked fine.

I then discovered from the web that TMG conflicts with port 10000 and that this was the issue.

After changing the port for 9000 on the TMG server (and only the TMG server - didn't know if this was right) I got the agent services to start on this server but couldn't get the BE server to communicate with it.

Is there anything else I need to do so that I can get my BE server to backup the TMG server?

Both servers are running Windows 2008 R2 Enterprise server. We are only using TMG as a proxy cache so have a rule to allow everything to everywhere, so I don't think it's a TMG rule causing the problem.

Thanks in advance.

0 Kudos
24 REPLIES 24

Future5
Level 4

‎09-01-2011 01:11 AM

Thenks for all the comments.

Still cannot get it to work with BE so opted for the script posted by ZeRoC00L which works perfectly - thank you.

I would still like to find a way to get BE backing it up - seems very odd that it is so difficult - but this is a great workaround for now.

0 Kudos

TheGoatreich
Level 3

‎09-01-2011 01:21 AM

The way I finally got it to work was to change the NDMP port to 9000 by adding the line:

ndmp 9000/tcp

to the end of the services file in c:\windows\system32\drivers\etc on the TMG server.

Then create a rule in TMG to allow traffic from the backup exec media server and localhost, to localhost and the backup exec media server.  You need to allow port 9000, and also any ports you have declared in the dynamic range on your BE media server Options>Network&Security Page (all TCP outbound).

I also restarted the backup exec remote agent on the TMG server and made sure only one instance of the process was running using task manager.

0 Kudos

jlawson
Level 3

‎10-25-2011 01:42 PM

Did you end up making the ndmp change on all your other remote servers?  Reason I ask is I'm right in the middle of this process and BE support says I must do this on all my servers which is not an option so I'm looking to perform the following to resolve this:

posts regarding this http://forums.isaserver.org/changing_dynamic_port_starting_point_for_TMG/m_2002110012/tm.htm and

http://forums.isaserver.org/TMG_2010_blocking_Backup_Exec_Remote_Agent/m_2002102772/tm.htm

  1. netsh int ipv4 set dynamicport tcp start=10201 num=55334
  2. netsh int ipv4 set dynamicport udp start=10201 num=55334

TMG current settings:

C:\>netsh int ipv4 show dynamicportrange tcp

Protocol tcp Dynamic Port Range

---------------------------------

Start Port      : 10000

Number of Ports : 55535

C:\>netsh int ipv4 show dynamicportrange udp

Protocol udp Dynamic Port Range

---------------------------------

Start Port      : 10000

Number of Ports : 55535

0 Kudos

HotRob
Level 4
Partner Accredited

‎02-21-2012 07:48 PM

On BackupExec Sever:

In the C:\Windows\System32\Drivers\Etc\Services file added the line:

ndmp 12000/tcp #RAWS

(did not have to reboot server)

Under tool/options set the 'Network and Security' to 'Enable remote agent TCP dynamic port range to 1065-65535 (i suppose i could try dropping it to 10000-120000 but it's working so i'm not keen to test it out yet.

On TMG itself:

In the C:\Windows\System32\Drivers\Etc\Services file added the line:

ndmp 12000/tcp #RAWS

and setup a TMG rule to allow all outbound protocols from Backexec Servers to Localhost

 

On each of the servers that need backing up i had to configure:

In the C:\Windows\System32\Drivers\Etc\Services file added the line:

ndmp 12000/tcp #RAWS

and setup a domain only windows firewall outbound rule to allow all outbound protocols

and reboot each machine for this to work.

 

Ran test run on each of the jobs and made sure the result came back passed with an indication of the data amount on the server being scanned.

 

I don't know why it won't just allow me to set the dynamic port range to 10000-12000 and set TMG on port 12000 and leave the others as the standard 10000, but it took a bit of work and now it is backing everything up again happily.

 

Cheers,
Rob

0 Kudos

Colin_Weaver
Moderator
Moderator
Employee Accredited Certified

‎02-22-2012 01:58 AM

Hi All

The change in NDMP Port requirements from all servers must be same to you can use different setting on a per server was a change that for some reason had not been widely published to the support staff - hence my mistake earlier in this thread that someone corrected.

However I have found out since then that for different NDMP ports on a server by server basis to work, then remote agent publishing/advertsing must be working and the remote servers concerned must show correctly in favorite resources. Along with this if you run a BE Diagnotics Report (bediag.txt) the resulting text file contains a section called
"Backup Exec Agents seen by "

If you check this section it will show you the NDMP port that the media server thinks each remote server is using. ( Network address parameter: --> Port: )

Be aware that agent publishing can be broken by our TLS Handshaking / Certificate issue that is ongoing and pending  a Hotfix

 

0 Kudos