cancel
Showing results for 
Search instead for 
Did you mean: 

How to change random port range of pbx_exchange process

Thosch
Level 3

Hello.
I would like to change the port range of VRTSpbx / Symantec Private Branch Exchange service.

I found this article but it does not work for me.
https://www.veritas.com/support/en_US/article.000011102

How can i set a custom port range for pbx_exchange.exe?

kindly regards
Thorsten

1 ACCEPTED SOLUTION

Accepted Solutions

Mike_Gavrilov
Moderator
Moderator
Partner    VIP    Accredited Certified
8 REPLIES 8

Nicolai
Moderator
Moderator
Partner    VIP   

PBX uses port 1556 - this port is assigned by IANA so nobody else uses it.

I recommend you don't change the default port as you will have to change the port on all other Netbackup client and servers. 

Please explain why you want to change the pbx port - has a oracle listener taken the port on a client ?

Best Regards

Nicolai

 

additional to port 1556 the service is using some random high ports

I don't want to change port 1556.

I want to restrict the upper port range.

See nbtstat -b:

Aktive Verbindungen

Proto Lokale Adresse Remoteadresse Status
TCP 127.0.0.1:6848 hostname:6849 HERGESTELLT
[pbx_exchange.exe]
TCP 127.0.0.1:6849 hostname:6848 HERGESTELLT
[pbx_exchange.exe]
TCP 127.0.0.1:6851 hostname:6858 HERGESTELLT
[pbx_exchange.exe]
TCP 127.0.0.1:6851 hostname:6864 HERGESTELLT
[pbx_exchange.exe]
TCP 127.0.0.1:6851 hostname:6869 HERGESTELLT
[pbx_exchange.exe]
TCP 127.0.0.1:6854 hostname:6855 HERGESTELLT

Nicolai
Moderator
Moderator
Partner    VIP   

I think what you are seeing is normal/expected

When making a network connection you have source and destination port. The destination port is what matters (e.g. port 80 www or 1556) - the source port or change of it is negotiated between the two hosts and can be any unassigned port - usually in the high range. Firewall are also aware of this - this is called stateful inspections.

Here is a example for browser connections made with SSL - port 443.

netstat -a -n | findstr 443
TCP x.x.x.x:50913 x.x.x.x:443 ESTABLISHED
TCP x.x.x.x:61069 x.x.x.x:443 ESTABLISHED

yes, this ist a normal behaviour.

Unfortunately one fixed high port, i.e. 12345 is used for our monitoring tool.

After rebooting the system yesterday, the VRTSpbx service startet faster than the monitoring service and occupied port 12345.
So the monitoring agent could not bind the port and failed to start.
After restarting all NetBackup services, another random port was used for pbx_exchange and i was able to start the monitoring service.

I only want to make sure, this can not happen again.

Nicolai
Moderator
Moderator
Partner    VIP   

Would be possible to start the monitoring tool service before Netbackup ?

 Update: found this text in the pbx manual:

https://www.veritas.com/content/support/en_US/doc/ka6j00000000A5ZAAU - page 8

By default, NetBackup uses ports from the non-reserved range for the source port. Those ports are selected randomly from the range provided by the operating system (also mention in the tech note you reffered to)

The tech note you found is from my point of view your only chance to change pbx behaviour, but the risk is you end up another application using the same port. So consider to go the OS way and reserve it there. 

Starting services of different software products in a fixed sequence is in Windows OS not as easy as in Linux.

Of course it would be possible to make the NetBackup services depend on the monitoring agent.
But this work around would be a very dirty solution and had to be redone after every agent update.

I'm sure there must be a way to set a custom port range in NetBackup.

Mike_Gavrilov
Moderator
Moderator
Partner    VIP    Accredited Certified

You can try to limit port range for _all_ processes  on OS level:

https://support.microsoft.com/en-us/help/929851/the-default-dynamic-port-range-for-tcp-ip-has-change...

I tested it with a very few number of ports and it worked.

Thank you!