While the server is running 2003 with SP1, the firewall is not turned on. It is in our DMZ though, which has firewall between it and our internal network, as well as one between it and the external Internet.
The internal network operates on the private ip range, and I have had to put special routing into the routing table to get the server to be able to see the internal network.
Here's the thing. The Linux remote agent is set to know the range of BE servers it will talk to. You set them when you configure the agent, and it broadcasts it's availability to those servers. The Windows agent seems to have no such option, or at least not documented, which prevents a specific destination for the broadcast message (I believe). If that is so, then it must be using the broadcast for its subnet or the global 255.255.255.255, which is prevented from traversing my internal firewall, and I'm loath to turn that protection off.
I'm hoping there's a way to direct the broadcast, similiar to the Linux implementation, or at least confirmation on how it is working, so I can fix my problem.