10-25-2011 11:13 PM
I have a couple of TMG servers in my environment that I have to backup. BEWS agent with default settings is installed on both of them and listens on port 10000. I can see it in netstat -a output. From my BE media server I can telnet to port 10000 of each TMG server.
Once media server tries to connect to these clients, backup fails with the following error.
AOFO: Started for resource: "\\TMGSERVER\C:". Advanced Open File Option used: Microsoft Volume Shadow Copy Service (VSS).
The snapshot provider used by VSS for volume C: - Microsoft Software Shadow Copy provider 1.0 (Version 1.0.0.7).
The connection to target system has been lost. Backup set canceled.
According to TMG admin, he's got a rule that permits traffic to port 10000 of TMG server from BE media server.
How should we configure BE media sever and/or TMG firewall rules to take backups from TMG server?
10-25-2011 11:33 PM
Hi
Please check this
http://support.microsoft.com/kb/556069
Or else change the port no of backupexec remote agent service on media server
Please go to the location C:\WINDOWS\system32\drivers\etc & change to 12000 & check
Thanks
10-25-2011 11:34 PM
Your TMG server uses port 10000 which is required by BE. For BE, you got to change this port to something else. See this document
http://www.symantec.com/docs/TECH24410
Note that you would have to change the port of all your remote servers to this new port.
10-26-2011 01:00 AM
Also if your TMG has rules that block ports then be aware that in addition to port 10,000 (or whatever you customize it to) that BE will also need a range of ports for the data connection (range is configurable inside the BE console)
There are also some other ports that might be needed.
Also if you do change BE to something other than port 10,000 then every media server and remote agent in the environment will need changing to the same number.
11-07-2011 10:12 PM
I found technote http://www.symantec.com/docs/TECH72800 that claims that the only thing I should do in order to backup TMG is to add a new firewall rule on the TMG side. There are no suggestions on port change in the technote. TMG admin created a new rule as it is shown in the technote, telnet test on port 10000 works fine, but I have the same connection error.
BE port change would be a real pain in the neck for me.
11-07-2011 10:38 PM
You mentioned you can telnet from the BE server to the TMG servers...but can you telnet successfully from the TMG to the BE server ?