cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

backup server through firewall

CVelocity
Level 2

‎09-18-2009 12:53 PM

I am trying to backup a windows 2003 server in the dmz through a cisco asa. I've created the rules to allow the source  backupserver to destination servertobebackedup using ports 10000 and 49152. ( I can reach the server for file sharing, and rdp and such for what it's worth) .  I cannot though reach the server to run the backups though.  I manually installed the remote backup agent and when I try to add the server to a selection list I get the error that the directory or file was not found or could not be accessed.  What are the next best steps in this situation.
0 Kudos
6 REPLIES 6

Ken_Putnam
Level 6

‎09-18-2009 01:34 PM


Take a read through

How to configure Backup Exec For Windows Servers (BEWS) with Firewalls.
http://seer.entsupport.symantec.com/docs/278944.htm
0 Kudos

CVelocity
Level 2

‎09-18-2009 01:56 PM

Promise before I ask for help I comb the docs and forums and still do after asking.
I've got the write ports open as mentioned above and can telnet to the server.
I also have turned windows firewall off to guard against that threat.
I've used .\username and I am connecting to \\ipaddress\c$ for the user defined selection.

I'm not sure why but I do notice that if I use the wrong password the error returned actually reflects that so I'm guessing I'm doing something dumb with the user defined selection.
0 Kudos

CVelocity
Level 2

‎09-21-2009 05:14 AM

I've tried everything I an with the user defined selection.  Is there anything else that can be done to troubleshoot. I can even browse the share from the backup exec machine.
0 Kudos

Colin_Weaver
Moderator
Moderator
Employee Accredited Certified

‎09-21-2009 05:56 AM

I am not sure what version of Backup Exec you are using, but the latest versions need Port 10000 for the NDMP Control connection and a range of ports (that can be configured) for the NDMP data connections.- note it does have to be a range of at least 25-50 ports - and this range has to be allowed through the firewall.

Also the latest versions don't use share level access (as a default anyway) so you user defined selection would just need to be \\ipaddress and then when you open the user defined selection you would see the local drives (as drives not shares)

0 Kudos

CVelocity
Level 2

‎09-21-2009 06:50 AM

Running version 12.5
I have opened ports 10000-10025 and 41952 to 41977
I've gone into tools and options network and security and enabled the remote agent tcp dynamic port range.
I go to Selection List and right click and add a new Selection List.
I select User-Defined Selection and click on New
I then add the \\ipaddress and use user .\username and the password with a local machine account.  (ensure I'm not using the default domain account I use for the servers on the local network). 

I can telnet to the ipaddress usign port 10000 and can browse the shares using the ipaddress.  I can even use a bogus username and password and get this bad boy to return a bad username password error message.   All of that imples no firewall issue. 

This is only a demo and I'm considering purchasing I wish Symantec would be like other companies and have support for people demoing there product.   I'm pretty sure I've done something dumb just cannot figure out what.
0 Kudos

Colin_Weaver
Moderator
Moderator
Employee Accredited Certified

‎09-21-2009 07:40 AM

When you enabled the remote agent tcp dynamic port range did you enter 41952 to 41977?

Also I am not sure you username should start with a \ symbol.

Think it should be formatted as one the the following
username
machinename\username
domainname\username
ipaddress\username

(where the machinename,domainname or the ipaddress apply to the server running the remote agent)
0 Kudos