cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

changing NDMP port for Backup Exec 2010 R3 environment

KeirL
Level 6
Partner

‎02-26-2012 12:29 PM

Hi

Quick question :o)

I have an exising Backup Exec 2010 R3 SP2 environment with a Backup Exec media server and about 200 windows clients. I also have 2 x RHEL clients and have installed the RALUS agent on these. However, I need to use a different NDMP port to the default 10000 for these two servers and have decided on port 12000 as per the whitepaper.

I understand that I need to change the NDMP port on the backup exec media server itself to 12000 too, but will this have an impact on my existing 200 windows clients? It would be quite a task to update ALL 200 clients because of this change.

I don't currently use deduplication but perhaps will sometime in the future - I think that when I introduce this, then I would need to set the NDMP port to 12000 to achieve client dedupe - this is fine as I can schedule this change as part of the dedupe client configuration requirements.

kind regards

Keir

 

0 Kudos
10 REPLIES 10

CraigV
Moderator
Moderator
Partner    VIP    Accredited

‎02-26-2012 12:57 PM

Hi Keir,

 

According to the TN below, it states it needs to be done on each client. However, you'd only need to make this change on servers where port 10000 is in use. Since you're using publishing on the RAWS agent, I'd check the servers first to see if they're using this specific port, make a note of which server is using it, and once you make the change on the media server, only change the ports on the servers you took note of:

http://www.symantec.com/business/support/index?page=content&id=TECH24410

Here's the TN on how to make this change on Linux servers:

http://www.symantec.com/business/support/index?page=content&id=TECH37415

The change above appears to be needed on every Linux server you have.

 

Thanks!

0 Kudos

KeirL
Level 6
Partner

‎02-26-2012 01:28 PM

Thanks Craig for the quick reply

So does publishing not use port 10000 then?

I can see that as soon as I change the media server NDMP port from 10000 to 12000 then anything currently using 10000 would stop commuicating and I would need to change this to 12000 on the affected server(s). But I would have thought it would have been an 'all or nothing' thing as  I've just done a default push from the media server to all my windows clients. So is it likely that they could all be using 10000 or perhaps (hopefully!!) more likely that none will be using port 10000 as publishing is done through some alternative process?

Thanks

K

0 Kudos

pkh
Moderator
Moderator
   VIP    Certified

‎02-26-2012 05:15 PM

See Colin Weaver's comment on the need to change port on other servers.

https://www-secure.symantec.com/connect/forums/backing-2k8-r2-server-tmg-2010-installed#comment-6747...

Basically, with the newer releases of BE, you only need to change the port on the specific remote server.  You don't have to change the port on the other machines, but the R3 security can break this and you may need to change the port for every remote server.  You can either

Disable R3 security

or wait for the fix for the R3 security flaw.  There is no ETA for this fix.

0 Kudos

VJware
Level 6
Employee Accredited Certified

‎02-26-2012 05:16 PM

I can see that as soon as I change the media server NDMP port from 10000 to 12000

Instead of the change on the media server, have you tried keeping the default 10000 port on the media server & changing the port on the Linux server to 12000 or any other NDMP port ?

0 Kudos

KeirL
Level 6
Partner

‎03-01-2012 06:18 AM

Perhaps I'm missing something here....

How does the media server know I've changed the ndmp port on the linux client? All the other clients are set for ndmp on 10000 as is the BE media server itself. I have one client that is behind a firewall and port 10000 is closed and I've opened port 12000 instead. I've changed the /etc/services to ndmp  12000/tcp and restarted the ralus daemon.

When I try to create a trust relationship from the media server I can see attempts from the media server to contact the client on port 10000. At what point does the media server know to contact this particular client on port 12000?

many thanks

0 Kudos

Colin_Weaver
Moderator
Moderator
Employee Accredited Certified

‎03-01-2012 08:05 AM

OK now it gets tricky

RAWS publishing/advertising must work for different NDMP control ports to be used on different remote systems

RAWS Publishing/advertising is initiated from remote system back to media server using port 6101

As such your firewall has to allow 6101 requests in the opposite direction to those for the other rules (as the other connections are usually made from media server to remote.)

Now on top of this add in our current SSL Handshake problem (which also affects publishing and does affact Linux and Windows systems) 

0 Kudos

KeirL
Level 6
Partner

‎03-01-2012 08:26 AM

So - you talk a lot about RAWS - can I assume this is synomonous with RALUS as mine is a RedHat Linux server. In as much as BOTH advertise\publish using port 6101?

I do have 6101 open both ways on the firewall - but can't see any traffic from the Linux client on port 6101.

Am I right in thinking that when the RALUS daemon starts it publishes itself to the media server and somehow updates the media server with it's ndmp port number (in my case 12000) and this is how the media server knows on which port to communicate over?

I have also read your information on disabling the 2010 R3 security (which seems to be based on a registry update). I 've done this one the media server, but you also mention it needs to be done on the client - As this is a Linux box what is the equivalent change to the 'registry' update you've highlighted?

kind regards

Keir

0 Kudos

KeirL
Level 6
Partner

‎03-02-2012 08:37 AM

smiley

So I think the worst of my problems may be due to name resolutions.... I set up hosts files at both ends (client and media server) and this seemed to improve things. I was monitoring the firewall and could see the clients attempting to publish on port 6101 to the servers in the ralus.cfg file. I have now introduced a second media server and want to publish to both. One of my linux servers seems to be acting fine and I can see two attempts from the client on 6101 (one to each server) - happy days!

But the other server is only publishing to one of the two media servers - despite the ralus.cfg file having entries for both - subsequently only one of the media servers can access the linux client and the not the other.

Has anyone an idea on why the linux client may only be publishing to one of the two media servers configured within the ralus.cfg file?

 

Thanks

0 Kudos

nearyou
Level 3

‎03-05-2012 03:20 AM

I also faced the same issue.

So I have tried a workaround of installing old agent from release 1 media of backup exec. As old agent doesn't have encryption so no need to change anything (Disable Encryption) on the media server.

Only Linux server communication is not encrypted and all other communication remain encrypted.

 

 

 

 

0 Kudos

Colin_Weaver
Moderator
Moderator
Employee Accredited Certified

‎03-21-2012 03:39 AM

Just for info the Security Handshaking issues should now be resolved by Hotfix 180429 As such you should not need to disable security if this Hotfix is installed to the Media Server and the remote agents have been updated since the Hotfix was installed.

Also if you are using the Security Disabled option you should be able to re-enable it after applying the Hotfix.

0 Kudos