Thank you for your reply

takertx · ‎07-03-2011

Hi there people,

I have been struggling to set up a back up scheme using BESR 2010 (V9.0.0.35656) for our domain of 15 stations and I have been receiving contradicting results, which are driving me up the wall.

My configuration is as follows:

A domain of 15 stations and three servers
All the stations have Windows XP Sp2 and Sp3 installed
All the stations are part of the domain
All have almost identical make and application architecture.
And are all configured pretty much the same way

I have set up another XP machine to act as my offsite bunker for the backups generated by the other 15 stations and also as a monitoring and managing station for all the rest.

I have successfully connected and deployed agents to 4 stations (with both Sp2 and 3) with ease. I have also set up backups on each and carried them out with no problems what so ever.

However the next two stations in the line have done anything but!

Upon my attempts at connecting with the machines I receive the "you will not be able to connect to the network unless you enter a valid user name and password" prompt and I am asked to try again and again.

My user credentials are indeed valid and entered in the syntax advised by the Symantec manual. FYI; I have made a dedicated user in our domain in charge of the backup projects which also happens to be the local administrator on all the 15 stations. I have also used the same user credentials for the initial 4 which went ahead without a hitch.

I should also mention that one of the stations has XP Sp2 and the other Sp3 installed.

I have been desperately searching the net for an answer but all instances I have dug up are in peer to peer networks and are ultimately caused by a stupefying oversight.

I am left with no real solution to the matter and would appreciate it if you could help me out of this ditch

Thanks

Markus_Koestler · ‎07-04-2011

Give this one a try:

http://www.symantec.com/business/support/index?page=content&id=TECH62419

takertx · ‎07-04-2011

Thank you for your reply Markus,

I actually ran into this solution in my searches online earlier and I did do as it says. But the security configuration and analysis tool revealed no differences what so ever. According to its analysis all, including the log on as a batch job entry have the same settings. Also the Administrator who is to configure the backups has full access to the detailed areas and still nothing.

Any other ideas?

Markus_Koestler · ‎07-04-2011

Maybe a DCOM issue but this is very unlikely: http://www.symantec.com/business/support/index?page=content&id=TECH54862

takertx · ‎07-05-2011

I have tried this article before resorting to this forum as well Markus but to no avail.

FYI; both the systems in question are having the very same security system and firewall in place as all the others with the very same configuration to begin with. But even though the other stations did not need such settings, I have configured the security system and the firewall of the systems in question so as to allow all the actions and traffic made by the BESR and its agents. Furthermore to make sure if there was s.th that I was overseeing I even turned them both off completely and still the same results.

I'm stuck! for the first time in a loooong time every little piece of the puzzle is right and even where it should be but for some inexplicable reason they just don't go together and its driving me NUTS!

Markus_Koestler · ‎07-05-2011

Well in this case you'd better file a case with Symantec.

Andreas_Horlach · ‎07-05-2011

Please follow the steps outline within each section on the client/agent system experiencing connecting/re-connecting issues to the console. This was written for BackupExec System Recovery and LiveState Recovery. If you see a reference to LiveState Recovery, adjust accordingly for BESR or SSR.

Section 1: Creating Application firewall exceptions

1. Go into Windows Control Panels and double click the icon for Windows Firewall or launch the local software client side base firewall user interface.

2. On the General tab of the Windows Firewall pop-up screen make sure that the, 'Don't allow exceptions,' check box is unchecked.

3. Click on the Exceptions tab.

4. Check within the list of exceptions in the Programs and Services field if one or both of the following executables are listed:

VProSvc.exe

VProTray.exe

5. If one or both of the executables are listed from step 4, perform one of the following steps listed below. If no executable are listed from step 4 skip to step #6.

Choice #1 - Delete the executables listed and add new ones: Choose this one if planning not to install an earlier version of Livestate Recovery AND and it is desired to minimize the number of exceptions to the firewall.

a. Single left click on one of them. If one is shown on the list from step 4 single left click on it.

b. Click the Delete button.

c. Repeat steps a through b on the remaining items listed from step 4 when finished go to step d.

d. Skip to Step #6

Choice #2 - Modify the executables listed to correct settings: Perform this procedure if the required permissions are now available to create new exceptions or delete exceptions that have already been made.

a. Single left click on one of them. If one is shown on the list from step 4 single left click on it.

b. Click the Edit button

c. Change the path to the executable to: C:\Program Files\Symantec\Backup Exec System Recovery\Agent\

d. Repeat steps a through b on the remaining items listed from step 4 when finished go to step e.

e. Skip to Step #10

Choice #3 - Add additional executables to the list: Do this when planning to install or have installed an earlier version of Livestate Recovery on this system AND it is not needed to minimize the number of exceptions to the firewall to handle AND have permissions to create new exceptions.

a. Skip to Step #6

6. Click the Add Program button. On the window that appear click the Browse button.

7. Fill in the Filename field with the following path and filename value and click the open button:

C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe

8. Fill in the Filename field with the following path and filename value and click the open button:

C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe

9. Click OK

NOTE: Click the change scope button to narrow down the range of IP addresses capable of accessing this application/service for greater security. Please review the following Microsoft Article for more details:

How to Configure Windows Firewall on a Single Computer

http://www.microsoft.com/technet/security/smallbusiness/prodtech/windowsxp/cfgfwall.mspx

10. Repeat steps 6 through 9 for the following filename and path:

C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe

11. Reboot. Try to connect to the modified agent. If a connection still cannot be made, follow the steps outlined in the section titled, ' Create restrictions for DCOM,' listed below.

NOTE: Reboot for these changes to take affect or Windows will not allow the RPC Service to start.

Network administrators:

Below is an example batch script that will delete any previous Microsoft Windows firewall application exceptions for default installs of Symantec Livestate Recovery version 6.x. In their place this batch will create simple application exceptions for the Vprosvc.exe and Vprotray.exe applications. To change the scope - to specify the set of computers for which this program is unblocked - consult the documentation on the netsh command.

Netsh firewall add allowedprogram "C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe" VProTray.exe ENABLE Netsh firewall add allowedprogram "C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe" VProSvc.exe ENABLE Netsh firewall delete allowedprogram "c:\program files\symantec\liveState Recovery\Desktop 6.0\Agent\VProSvc.exe"

Netsh firewall delete allowedprogram "c:\program files\symantec\liveState Recovery\Standard Server 6.0\Agent\VProSvc.exe"

Netsh firewall delete allowedprogram "c:\program files\symantec\liveState Recovery\Advanced Server 6.0\Agent\VProSvc.exe"

Netsh firewall delete allowedprogram "c:\program files\symantec\liveState Recovery\Desktop 6.0\Agent\VProTray.exe"

Netsh firewall delete allowedprogram "c:\program files\symantec\liveState Recovery\Standard Server 6.0\Agent\VProTray.exe"

Netsh firewall delete allowedprogram "c:\program files\symantec\liveState Recovery\Advanced Server 6.0\Agent\VProTray.exe"

Create restrictions for DCOM

By default, DCOM is free to use any port between 1024 and 65535 when it dynamically selects a port for an application like Backup Exec System Recovery (BESR). Reduce this range by creating registry keys on the computer that hosts the DCOM service; the firewall router can then be configured to forward only these TCP ports. Open up a range of ports above port 5000. Port numbers below port 5000 may already be in use by other applications and can cause conflicts with DCOM applications. At least 100 ports should be opened, because several system services rely on these RPC ports to communicate with each other.

To allow management of BESR agents behind a firewall, restrict DCOM to using a manageable range of dynamic ports and then create an explicit firewall rule to open those ports.

NOTE: The BESR console must be able to reach the server by its actual IP address. DCOM cannot be used through firewalls that do address translation. For more information, read the Microsoft article PRB: DCOM Does Not Work over Network Address Translation-Based Firewall

Markus_Koestler · ‎07-21-2011

Have you solved the issue ?

VOX

Urgent! Can not connect to my BESR 2010 Agents in my domain!