01-14-2016 05:26 AM
Hi all,
I have a question that maybe someone could point me in the right direction.
I have three EV servers and they sit on a Windows 2012 x64 behind windows firewall.
I have a powershell script setup to set EV into backup mode, Tested and is working fine locally
I have done all of the requrements in setting the executionpolicy and applying the ports for windows firewall under UDP and TCP port numbers.
The port numbers were given to me from symantec tech support. 49152-65535.
Since applying these changes i am getting the following error messsage from the backup mode script
========================================================================================================
Clear-VaultStoreBackupMode : Unable to clear backup mode from the vault stores
in vault store group 'EURVSG', on Enterprise Vault server 'entjasp01'.
Check that the storage service is running on 'entjasp01'.At line:1 char:4
+ & {Clear-VaultStoreBackupMode -Name EURVSG -EVServerName entmasp01
-EVObjectType ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
+ CategoryInfo : ResourceUnavailable: (Symantec.Enterp...StoreBac
kUpMode:ClearVaultStoreBackUpMode) [Clear-VaultStoreBackupMode], COMExcept
ion
+ FullyQualifiedErrorId : UnableToClearVaultStoreBackupMode,Symantec.Enter
priseVault.PowerShell.Commands.ClearVaultStoreBackUpMode
========================================================================================================
to find out that it was a firewall issue, i disabled the firewall and the conneciton was able to be made to the vault store.
Also i have the same issue on my journal server when i am rebuilding an index. i get an error on the log file saying
12/01/2016 19:00:28 The rebuild subtask has failed.
Error Code: 62
Description:Could not connect to the storage service on entjasp01 ArchiveId=[12A533B151588BE488B4B8783255298011110000entmasp01]. Retrieving the COM class factory for remote component with CLSID {3A92686F-E5E8-4505-ABB5-49E5F725617A} from machine entjasp01 failed due to the following error: 800706ba.
For more information, see the online index troubleshooting technical note at:
http://www.symantec.com/docs/TECH160420
any suggestions or recommendations are wellcome
Solved! Go to Solution.
01-20-2016 07:23 AM
sounds like it's time to get the firewall guys involved so they can look at it from the network level and tell you what's being blocked.
01-14-2016 05:48 AM
Have you tried to use the FQDN for the script?
Did you try to disable Firewall and restarting Index Service after this? This way you can check if the firewall aborts connection from the index service.
01-14-2016 06:18 AM
Hi.
I havent tried the FQDN script. dont know how too :(
Yes i disabled the firewall and retried and it works, you are correct that the ports are not correctly configured. ive set them up accordly to symantec's requirements on a windows 2012 server. but still the same issue.
01-14-2016 06:52 AM
What I mean with FQDN (fully qualified domain name) is the full name instead of the servername write "servername.domain" for example "entjasp01.ourdomain.com"
have you restarted the index service after changing the firewall setings?
Have you also tried to log on each ev server and type in the command one by one?
For example :Clear-VaultStoreBackupMode -Name EURVSG -EVServerName entmasp01
on server entmasp01
then Clear-VaultStoreBackupMode -Name EURVSG -EVServerName entjasp01
on server entjasp01
and so on.
What do you get then?
01-14-2016 08:07 AM
what did you do with this information "port numbers were given to me from symantec tech support. 49152-65535" ?
01-14-2016 08:26 AM
Hi All,
@CConsult sorry yes i do have a FQDN after disabling the firewall i was able to run the commads with no error messages, so it seem that its the confguration on the firewall rule that was setup that is given me the problem.
@AndrewB
when i initianly had this problem i logged a support call with Vertitas, the remoted into my EV's the technican said that the reason why this is not working that have i have a windows firewall.
He then setup a firewall rule, ive attached the image of the firewal rull he setup for TCP and UDP
thanks
Noel
01-14-2016 08:27 AM
Sorry image didnt upload
01-14-2016 10:09 AM
i dont think that's how it works. i think you need to also configure windows to use the specific ports. think about it, what's the point of having your firewall on if you just excluded 20000 ports?
01-15-2016 01:17 AM
Andrew i agre with you, but due to the company im in, they have a requirement to have a windows firwall on, even the fact that we site behind a proxy that has 2 firewalls. but yet they want it on.
01-15-2016 07:23 AM
right but you still need to configure reg keys in windows to tell it to use specific ports (within those high ranges if you insist but not necessarily) instead of what it's using now which is being blocked. see this technote http://www.veritas.com/docs/000005093
01-20-2016 05:23 AM
Hi Andrew. i configured the reg keys and i have reduced the number of ports down to 300 and still getting the same error message.
01-20-2016 07:23 AM
sounds like it's time to get the firewall guys involved so they can look at it from the network level and tell you what's being blocked.
01-20-2016 07:34 AM
Good point. Thanks Andrew.
01-21-2016 01:40 AM
just to follow up i found this online. I applied it to all 3 servers and hey presto. it works.
Just encase someone else has the same problem as me.
Use the steps outlined in the Microsoft TechNet article How to configure RPC dynamic port allocation to work with firewalls to allow DCOM connections to the Server.
This limits the range of ports you need to open on the Windows Firewall. If you do not assign a static port, you must create a firewall rule permitting the entire dynamic range of ports:
Click Next.
This is recommended if only one machine or a range of machines are going to connect via DCOM.