cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

EV11 Storage service unreachable.

Go to solution
nwalsh
Level 4

‎01-14-2016 05:26 AM

Hi all,

 

I have a question that maybe someone could point me in the right direction.

I have three EV servers and they sit on a Windows 2012 x64 behind windows firewall.

I have a powershell script setup to set EV into backup mode, Tested and is working fine locally

I have done all of the requrements in setting the executionpolicy and applying the ports for windows firewall under UDP and TCP port numbers.

The port numbers were given to me from symantec tech support. 49152-65535.  

Since applying these changes i am getting the following error messsage from the backup mode script

========================================================================================================

Clear-VaultStoreBackupMode : Unable to clear backup mode from the vault stores
in vault store group 'EURVSG', on Enterprise Vault server 'entjasp01'.
Check that the storage service is running on 'entjasp01'.At line:1 char:4
+ & {Clear-VaultStoreBackupMode -Name EURVSG -EVServerName entmasp01
-EVObjectType ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
    + CategoryInfo          : ResourceUnavailable: (Symantec.Enterp...StoreBac
   kUpMode:ClearVaultStoreBackUpMode) [Clear-VaultStoreBackupMode], COMExcept
  ion
    + FullyQualifiedErrorId : UnableToClearVaultStoreBackupMode,Symantec.Enter
   priseVault.PowerShell.Commands.ClearVaultStoreBackUpMode

========================================================================================================

to find out that it was a firewall issue, i disabled the firewall and the conneciton was able to be made to the vault store.

 

Also i have the same issue on my journal server when i am rebuilding an index. i get an error on the log file saying

12/01/2016 19:00:28 The rebuild subtask has failed. 
Error Code: 62
Description:Could not connect to the storage service on entjasp01 ArchiveId=[12A533B151588BE488B4B8783255298011110000entmasp01]. Retrieving the COM class factory for remote component with CLSID {3A92686F-E5E8-4505-ABB5-49E5F725617A} from machine entjasp01 failed due to the following error: 800706ba.

For more information, see the online index troubleshooting technical note at:

    http://www.symantec.com/docs/TECH160420

 

 

any suggestions or recommendations are wellcome

 

 

 

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
AndrewB
Moderator
Moderator
Partner    VIP    Accredited

‎01-20-2016 07:23 AM

sounds like it's time to get the firewall guys involved so they can look at it from the network level and tell you what's being blocked.

View solution in original post

0 Kudos
13 REPLIES 13

Go to solution
CConsult
Moderator
Moderator
Partner    VIP   

‎01-14-2016 05:48 AM

Have you tried to use the FQDN for the script? 

Did you try to disable Firewall and restarting Index Service after this? This way you can check if the firewall aborts connection from the index service.

0 Kudos

Go to solution
nwalsh
Level 4

‎01-14-2016 06:18 AM

Hi.

 

I havent tried the FQDN script. dont know how too :(

 

Yes i disabled the firewall and retried and it works, you are correct that the ports are not correctly configured. ive set them up accordly to symantec's requirements on a windows 2012 server. but still the same issue.

0 Kudos

Go to solution
CConsult
Moderator
Moderator
Partner    VIP   

‎01-14-2016 06:52 AM

What I mean with FQDN (fully qualified domain name) is the full name instead of the servername write  "servername.domain" for example "entjasp01.ourdomain.com"

have you restarted the index service after changing the firewall setings?

Have you also tried to log on each ev server and type in the command one by one?

For example :Clear-VaultStoreBackupMode -Name EURVSG -EVServerName entmasp01    

on server entmasp01

then Clear-VaultStoreBackupMode -Name EURVSG -EVServerName entjasp01 

on server entjasp01

and so on.

What do you get then?

0 Kudos

Go to solution
AndrewB
Moderator
Moderator
Partner    VIP    Accredited

‎01-14-2016 08:07 AM

what did you do with this information "port numbers were given to me from symantec tech support. 49152-65535" ?

0 Kudos

Go to solution
nwalsh
Level 4

‎01-14-2016 08:26 AM

Hi All,

 

@CConsult sorry yes i do have a FQDN after disabling the firewall i was able to run the commads with no error messages, so it seem that its the confguration on the firewall rule that was setup that is given me the problem.

 

@AndrewB

when i initianly had this problem i logged a support call with Vertitas, the remoted into my EV's the technican said that the reason why this is not working that have i have a windows firewall.

He then setup a firewall rule, ive attached the image of the firewal rull he setup for TCP and UDP

 

thanks

Noel

0 Kudos

Go to solution
nwalsh
Level 4

‎01-14-2016 08:27 AM

Sorry image didnt upload

0 Kudos

Go to solution
AndrewB
Moderator
Moderator
Partner    VIP    Accredited

‎01-14-2016 10:09 AM

i dont think that's how it works. i think you need to also configure windows to use the specific ports. think about it, what's the point of having your firewall on if you just excluded 20000 ports?

0 Kudos

Go to solution
nwalsh
Level 4

‎01-15-2016 01:17 AM

Andrew i agre with you, but due to the company im in, they have a requirement to have a windows firwall on, even the fact that we site behind a proxy that has 2 firewalls. but yet they want it on.

0 Kudos

Go to solution
AndrewB
Moderator
Moderator
Partner    VIP    Accredited

‎01-15-2016 07:23 AM

right but you still need to configure reg keys in windows to tell it to use specific ports (within those high ranges if you insist but not necessarily) instead of what it's using now which is being blocked. see this technote http://www.veritas.com/docs/000005093

0 Kudos

Go to solution
nwalsh
Level 4

‎01-20-2016 05:23 AM

Hi Andrew. i configured the reg keys and i have reduced the number of ports down to 300 and still getting the same error message.

0 Kudos

Go to solution
AndrewB
Moderator
Moderator
Partner    VIP    Accredited

‎01-20-2016 07:23 AM

sounds like it's time to get the firewall guys involved so they can look at it from the network level and tell you what's being blocked.

0 Kudos

Go to solution
nwalsh
Level 4

‎01-20-2016 07:34 AM

Good point. Thanks Andrew.

0 Kudos

Go to solution
nwalsh
Level 4

‎01-21-2016 01:40 AM

just to follow up i found this online. I applied it to all 3 servers and hey presto. it works.

 

Just encase someone else has the same problem as me.

 

Use the steps outlined in the Microsoft TechNet article How to configure RPC dynamic port allocation to work with firewalls to allow DCOM connections to the Server.

This limits the range of ports you need to open on the Windows Firewall. If you do not assign a static port, you must create a firewall rule permitting the entire dynamic range of ports:

  1. On the Archive server, open the Windows Firewall application from the Control Panel.
  2. Click Advanced Settings in the left pane.
  3. Right-click the Inbound Rules node, and click New Rule.
  4. The New Inbound Rule wizard opens. On the Rule Type page, select Custom, and then click Next.
  5. On the Program page, select All Programs, and click Next.
  6. On the Protocol and Ports page:
    1. Select TCP from the Protocol Type drop-down menu.
    2. Select RPC Dynamic Ports from the Local Port drop-down menu.
    3. Select Specific Ports from the Remote Port drop-down menu, and enter 1024-65535 in the associated field.
  7. Click Next.
  8. On the Scope page:
    1. Under Which local IP addresses does this rule apply to, select Any IP Address.
    2. Under Which remote IP addresses does this rule apply to?, select Any IP Address to allow all remote connections, or select These IP addresses and enter the specific IP address(es).

  9. Click Next.

    This is recommended if only one machine or a range of machines are going to connect via DCOM.

  10. On the Action plan, select Allow the connection, and click Next.
  11. On the Profile page, select only the Domain option, and then click Next.
  12. On the Name page, enter a name to identify the rule, for example, ArchiveOne incoming DCOM connections.
  13. Click Finish.
  14. Verify the rule is enabled.
0 Kudos