VOX

Hello,
Yes I have examined the document you listed 255174, which leads us to look at 255500 & 255498.
Document 255498 leads us to look @ the following 255500, 256076 (which has nothing to do with
determining a port in use problem), 256312 (which tells us to figure out whose application is
using that port (1000) and report them), & 263176 which lead us back to 255498 & 255174. I also
found another document, specific to Version 9.0 & 9.1 258334, document scheduled to expire on
Mar 03, 2005, that lists still more port information, and additional doc 255831.

What I believe would be helpful is a specific listing of the exact port number and protocol
used by the agents that are part of the Veritas package, if it changed by version then list
accordingly. Then the system admin could know what ports/protocols are needed by the application
(Backup Exec and its agents). Then it would be easier to ensure those ports are open before and
after the application of W2K3 SP1, it would also be beneficial in troubleshooting from a user,
product support/network support, security analyst position.

Hello,

As per the different technotes that you have mentioned, they seem to be discussing various issues related to the ports. The technote 255174 gives the steps for setting the dynamic port range. Port 10000 is used by the remote agent. Other than that ,Backup exec will bind to the ports that are available from the range specified in the default options. You can accordingly set the options from tools- options -network tab.

We hope this helps. In case you have further queries related to this issue, you can write back to the forum. However If we do not receive your intimation within two business days, this post would be assumed answered and archived.

Regards.

From Veritas article 263176.htm

Europa: 2075391 A restore job to a remote server during IDR fails if the Media Server is not configured to use the default NDMP port 10,000.

From Veritas article 255831.htm
VERITAS Backup Exec (tm) 9.0 for Windows Servers has improved support for backups of remote computers. This article is the most descriptive one for version 9.x, currently scheduled for expiration on 04/16/2006.

This article does describe some very specific information on a per server basis:

When specifying these ports, it's not recommended that they overlap and that there are two ports opened per resource in the backup/restore job. A resource is considered a drive, an information store, a SQL server, and so on. The C drive, D drive, Exchange 2000 Information
Store, SQL Server, and System State would be considered five resources.

The number of ports varies, and it is recommend that two ports be opened per resource. One port should be opened for the media server, and one port for the remote server.

Just imagine trying to figure all this out when your media server is backing up about 25 Exchange and or SQL servers. It seems your mileage may vary and you will need to trial & error your way thru, thus trying to automate the method would be very dicey as well. Oh can you
imagine the document you will need to reflect backing up the C,D,E,F,G,H,I,J, plus system state on one Exchange system with three IS, what ports you assigned this machine on it's specific firewall (W2K3 SP1). Then multiply this by number of machines of this type, then do the same
for your SQL machines and their specific discs plus system state. Then apply the total numbers on the specific media server and open those ports while working with the network guys.

It's just nice to know that so as tech support goes, for the most part the folks in the forum will attempt to answer while in a lot of instances the Veritas guys point us back to a tech article, that may or may not answer your questions.

Hello,



You have not precised whether the issue you had has been resolved oe not.




NOTE : If we do not receive your intimation within two business days, this post would be marked assumed answered and would be moved to the ‘answered threads’ pool.

No the original question has not been answered. However it also doesn't look like it ever will be. Will the document listed below remain available for the forseeable future since at least it does offer part of the answer.
http://seer.support.veritas.com/docs/258334.htm

I am trying to understand why if a customer is paying for the product, ( Backup Exec ), that we as users must resort to finding answers via a collective group, instead of the vendor. This almost seems like how Linux is evolving, instead of an "enterprise worthy" commercial product.
I would also note that the constant barrage of "canned Messages" saying that if you do not answer in two business days the post will be marked as answered is very insulting. Remember we are lead to believe we might get useful answers here from the folks whom are using the product.

I agree that Veritas has not answered the question. I am also having an issue with win2k3 sp1 and wish a simple answer to your question was forthcoming.

Capt Mike

I found a clue to the issue at 255831 and an additional clue at http://support.microsoft.com/?kbid=892500 from deynub.

The hunt for an answer is on. Wheres my Indiana Jones hat and whip??

Capt Mike

Hello,



Title : Backup Exec 9.x for Windows Servers has improved support for backups of remote computers.
http://support.veritas.com/docs/255831




1. If you are looking for some document on the ports used by backup exec I think the above article should help also the administrator's guide has more information on this:



.2 However we do not have any official document as of now on the precautions to be taken before installing Sp1 for Win 2003.
However you may also do the following:



a. Sp1 for WIn 2003 has enhanced security and a built in firewall. Include the beremote.exe in the exceptions for the firewall.



To add the Remote Agent to the Exceptions list, perform the following:



1. Open the Control Panel by clicking on Start > My Computer > Control Panel.
2. Double Click on Network Connections.
3. Right click on the connection for the network card, and choose Properties. (By default this will be Local Area Connection 1)
4. Click the Advanced tab.
5. Click the Settings button under Windows Firewall.
6. Click the General tab.
7. Verify that Don't Allow Exceptions is not selected.
8. Click the Exceptions tab.
9. Click the Add Program button
10. Click the Browse button.
11. Browse to the default location of C:\Program Files\VERITAS\Backup Exec\RANT, and select BEREMOTE.EXE. Then click Open.

11. Click OK.
12. Verify that BEREMOTE has a check mark next to it

13. Click OK to close the Windows Firewall Settings.
14. Click OK to close the Local Area Connection Properties.



b. Also you need to open 25 ports on the BE server and 50 ports on the remote server in Tools>Options > Network and firewall.



c. Also open the 10000 port which is used by Backup exec remote server.



d.We are sorry that the statement for response within two days annoys you but it is been added for better management of the forum as per company policy.



e. Your query is yet not very clear since it has changed over the responses. So if this does not answer your question,thank you for rephrasing your query.






NOTE : If we do not receive your intimation within two business days, this post would be marked assumed answered and would be moved to the ‘answered threads’ pool.

So at this point you are saying, There is no official Veritas position, but suggest the following. Refer to article 255831, Check/ adjust the firewall settings on the W2K3SP1 system to allow the "beremote.exe" program to be allowed in the firewall exceptions list. Open 25 ports on the local server and 50 ports on the remote system as suggested in the article above, as well as port 10000.

Ok since the system is now using the "beremote.exe" process supplied via RANT, and I want to back up my LOCAL system only, just how many of these ports are needed.
Remember LOCAL system only, no remote systems.

Hello,

The above posted response applies in case of a remote Backup. In any case port 10,000 has to be open.
If that does not answer your question please elaborate.

Thanks.

NOTE : If we do not receive your reply within two business days, this post would be marked assumed answered and would be moved to answered questions pool.

I repeat the question: I am backing up my "local system" with the "local administrator" account, NO external systems/network drives. What ports are required to be allowed access, what processes added to the allow access list. I presently am seeing BOTH "beremote.exe AND bengine.exe" as accessing ports, beremote on port 10000 and bengine on 4229.

Rarely in this thread has any real information been offered other than the usual "read the manual" and please elaborate. Since we have been directed to this process one would hope for more concise answers.

The most recently released document:
http://support.veritas.com/docs/276538.htm is very brief and claims some compatibilty while listing multiple issues, and as you can see from others still offers very little in the way of factual information.

Hello,

We would like to know if you are having any issues after installing Windows 2003 SP1 with Backup Exec v9.1 ?

If so then please let us know the exact error message. Does the error talk about the problems with ports ?

If you are not receiving any errors, then please ensure that you have checked and followed all the steps mentioned in previous replies regarding the issue as they address the questions that you have asked.

Regards.



NOTE : If we do not receive your reply within two business days, this post would be marked ‘assumed answered’ and would be moved to ‘answered questions’ pool.

Did you actually read the message above. You are the fifth Veritas employee whom has made comments to this thread, and aside from teeling me to read the manual you just don't appear to read the question being asked. As I asked in message just above, I am backing up a local system, no remote ones, in the port monitor I have running I see that the processes BERemote.exe on port 10000 and Bengine.exe on port 4229 are active. Are these port settings specific to this machine configuration and these need to be added to the W2K3 SP1 firewall as allowed? Am I going to have to examine each specific installation of the Backup Exec process and setup the firewall settings on a case-by-case basis on every machine I install it on?

Hello,


As mentioned in your current post, you have written that "As I asked in message just above, I am backing up a local system, no remote ones, in the port monitor I have running I see that the processes BERemote.exe on port 10000 and Bengine.exe on port 4229 are active.Are these port settings specific to this machine configuration and these need to be added to the W2K3 SP1 firewall as allowed?",

please understand that Port 10000 should be always "OPEN". This is because Backup Exec Remote Agent (BERemote.exe) uses port 10000 and is a default port. This remote agent is also present on the media server and is used during local backups also. Therefore, port 10000 should be open.

Regarding Port 4229 used by Bengine.exe, this port number can be different if you have not specified port range, as Default port ranges are 1025 to 65535. You can very much specify the range of ports to be used on media server by going to Tools - Options - Network - Enable media server TCP dynamic port range. As said in Administrators Guide , page no. 336 for Veritas Backup Exec v9.1, " VERITAS recommends using a range of 50 allocated ports for the media server if using Backup Exec with a firewall."
The above explanation is for the local backups only.

If you wish to take remote server backup, then also you can specify a specific number of ports to be used. For that again you need to go to Tools - Options - Network - Enable Remote Agent TCP dynamic port range. For this Default port ranges are 1025 to 65535. VERITAS recommends using a range of 25 allocated ports for the remote systems if using Backup Exec with a firewall. You may like to refer to the page no 337 of Administrators Guide for Backup Exec for Windows Servers v9.1.
Note that these 25 ports should be different from the 50 ports set aside to be used by media server as well as port 10000.

So please specify the range of ports to be used during local backups and if needed for remote system backups also.

Hope this answers your question.

Regards.


NOTE : If we do not receive your reply within two business days, this post would be marked assumed answered and would be moved to answered questions pool.

As per our previous reply, marking the case as assumed answered and moving it to answered questions pool.