ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] Firewall problem

2012-02-06 15:17:58
Subject: Re: [ADSM-L] Firewall problem
From: "Clark, Margaret" <MClark AT SDDPC DOT ORG>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Mon, 6 Feb 2012 20:11:11 +0000 
You doubtless checked the DNSLOOKUP option, and set it the same way on all your 
servers.
Is it possible that the DNS for the problem client is also the only DNS that is 
also behind the firewall?   - Margaret

-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Richard Rhodes
Sent: Monday, February 06, 2012 3:47 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: [ADSM-L] Firewall problem

Hi Everyone,

We have six TSM v5.5.5 instances (on AIX)  named TSM1 to TSM6.   All six
instances  handle backups for nodes that are  behind firewalls, although only 
five work.  The six instances are on separate servers, so each has it's own  IP 
address and firewall rules.  The firewall rules are all identical so we can put 
any node on any TSM server.

We cannot get firewall backups to work to our TSM5 instance.  Since it was 
brought up a couple years ago we have fought to get firewall backups to work 
but have failed.  Nodes out behind a firewall are able to contact the TSM 
server, a sessions is established, then it is immediately disconnected.  This 
repeats over and over as the node retries.  You can sometimes see 50 or more 
sessions - all hung - for a firewalled node.
We've done everything we can think of:  check/double/triple checked FW rules, 
talked with IBM support, run traces for them, check AIX setup, checked TSM5 
setup, compared anything related to TSM5 to the other working instances.  If we 
move the node to one of our other TSM instances it worked just fine!! In all, 
we firgured this HAD to be a firewall setup problem of some kind.

This past weekend we move TSM5 (and TSM6 also) to new servers/lpars.  The new 
servers had to have new IP addresses and run a newer AIX v6.  We've done this 
upgrade for the other TSM servers already.  With new IP addresses we had to 
create new FW rules.  We figured that with a whole new setup FW backups would 
have to work - we're kicking it real hard!!!! NOPE
- it didn't help!   The only thing that didn't change in this server swing
was the actual TSM instance.  It seems our FW backup problem on this one 
instance HAS to be in TSM itself.

Question:  Is there any setting in TSM that could explain failing backups for 
firewalled servers?

Thanks

Rick






-----------------------------------------
The information contained in this message is intended only for the personal and 
confidential use of the recipient(s) named above. If the reader of this message 
is not the intended recipient or an agent responsible for delivering it to the 
intended recipient, you are hereby notified that you have received this 
document in error and that any review, dissemination, distribution, or copying 
of this message is strictly prohibited. If you have received this communication 
in error, please notify us immediately, and delete the original message.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] Isilon backup, Allen S. Rout
Next by Date:  [ADSM-L] Excessive number of filling tapes..., Allen S. Rout
Previous by Thread:  Re: [ADSM-L] Firewall problem, Schneider, Jim
Next by Thread:  Re: [ADSM-L] Firewall problem, Thomas Denier
Indexes:  [Date] [Thread] [Top] [All Lists]