cancel
Showing results for 
Search instead for 
Did you mean: 

Netbackup 7.6 media server ports needed for install?

Flyinraptr
Level 5

New installation - Master server - running as a cluster on W2K8 R2.    Media server - W2K8 R2.   Both have the Windows firewall enabled.  Running the media server install get the "Unable to communicate with Master" popup message.  Continue on with the install - the media server does not show up in the EMM database unless i manually add it.   Disable the Windows firewall on Master/media - the install works flawlessly.  I have updated the Hosts file on both ends - master and media can ping each other and resolve via DNS.

Re-enabled the firewall on media server and added the following rules:

Inbound - allow ports:   1556, 13724, 2821, 4032, 13782

Outbound - allow ports:  1556, 13724, 2821, 4032, 13782

Re-enabled the firewall on the master and added the following rules:

Inbound - allow ports: 1556, 13724, 13783, 13722, 13782, 2821, 4032

Outbound - allow ports: 1556, 13724, 13783, 13722, 13782, 2821, 4032

-------------------------------------------------------------------------------------------

Re-attempted the Media server install - still get the "Unable to communicate .." error message.   I validated that the master server was listening on the ports via telnet and netstat.

I then installed a protocol analyzer on the Master - re-attempted the install and captured the traffic up to the point of reaching the summary page during the install. Here is what i found:

Source (media server) ports:  57077, 57078

Destination (master server) ports: 13720

-------------------------------------------------------------------------------------------

I have read and re-read the Symantec Netbackup Network Ports Reference Guide Release 7.6 ... as well as the Technote Symantec Support forwarded and nowhere can i find any mention of ports 57077 and 57078 - nor any indication of a dynamic range that would include these two ports.  Unfortunately, i cannot leave the Windows firewall disabled on the servers.  Any ideas?

 

 

 

 

 

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

It is possible that NBU installation on Windows will still use ports used from 'the beginning of time' such as 13720 and 13782, but as long as forward and reverse lookup works in all directions and port 1556 is open in both directions, there is no need for any other ports and the installation message can be ignored.
If features like MSDP, Resilient network and NBAC will not be used, you only ever need port 1556 between master and media servers as well as clients.

If DNS entries were updated recently, use 'bpclntcmd -clear_host_cache' on the master to refresh NBU host cache.

Media servers must always be added manually on the master server.
Use Host Properties -> Master -> Servers.
Restart NBU on master after new media server(s) were added.

I prefer to disable Windows Firewall for internal comms within the same domain en rely on the company's external firewall for protection.

 

View solution in original post

4 REPLIES 4

Nicolai
Moderator
Moderator
Partner    VIP   

13720 is netbackup  bprd service.

Source is a random socket choosen by the OS. This is normal IP behaviour  - port are "call to" adresses. Firewall are built to track the source port from initiating applications.

From : http://en.wikipedia.org/wiki/Port_(computer_networking)

While the listening port number of a server is well defined (IANA calls these the well-known ports), the client's port number is often chosen from the dynamic port range

Hope this clarify :)

Best Regards

Nicolai

PS: Please remember all NBU services are running as TCP and not UDP.

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

It is possible that NBU installation on Windows will still use ports used from 'the beginning of time' such as 13720 and 13782, but as long as forward and reverse lookup works in all directions and port 1556 is open in both directions, there is no need for any other ports and the installation message can be ignored.
If features like MSDP, Resilient network and NBAC will not be used, you only ever need port 1556 between master and media servers as well as clients.

If DNS entries were updated recently, use 'bpclntcmd -clear_host_cache' on the master to refresh NBU host cache.

Media servers must always be added manually on the master server.
Use Host Properties -> Master -> Servers.
Restart NBU on master after new media server(s) were added.

I prefer to disable Windows Firewall for internal comms within the same domain en rely on the company's external firewall for protection.

 

Flyinraptr
Level 5

Thanks for the replies.  Unfortunately,  i cannot leave the Windows firewall disabled (higly secure environment), however, it sounds like i could either ignore the message or disable it for the install and renable it afterwards (as long as the rules allowing the required ports remain).

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

The message can be ignored during installation.

Just ensure port 1556 connectivity, forward and reverse name lookup and SERVER entries added on the master server for new media server(s).