Networker

Re: [Networker] sustained firewall config issues

2006-11-10 08:23:48
Subject: Re: [Networker] sustained firewall config issues
From: "Coty, Edward" <Edward.Coty AT AIG DOT COM>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Fri, 10 Nov 2006 08:06:15 -0500
Its nice when running on Unix. You can snoop the interface's on the
backup server and client. This would show you that the server is getting
out to the client on the ports you have open but the client might not be
getting a route back. With windows I am not so sure. The probe succeeded
tells me you got out to the client. The client cannot get back. 

Check dns resolution forward and reverse from the client for the backup
server.

Run a tracrt from a cmd prompt on the client to the backup server. Is it
getting there. IF you are not getting there you are still blocked at one
of the firewalls. Make sure you have tpc/udp bi-directional open. You
could open all ports 7937-9936 and 100001 through 300000 and see if it
works. If it works that way then you know you didn't have all or the
correct ports opened and you can close ports from there.  

EDWARD COTY
OPEN SYSTEMS STORAGE ENGINEER, LCNA
WORK - 973-533-2098
CELL - 973-296-0918
EDWARD.COTY AT AIG DOT COM
-----Original Message-----
From: EMC NetWorker discussion [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU] On
Behalf Of Ty Young
Sent: Thursday, November 09, 2006 11:33 PM
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: [Networker] sustained firewall config issues

NetWorker 7.2.1 (Solaris) server
NetWorker 7.2.1 (Solaris) storage node #1
NetWorker 7.2.1 (Win2k3) storage node #2
NetWorker 7.2.1 (Win2k3) clients

All,

I have lingering firewall issues and I can't make sense of them.   I've
read and I believe followed the directions in the Windows Admin guide on
setting up firewalls for NetWorker, which basically seem to indicate
that
you need to open up a couple of ranges of ports, 7937 to (7937+x) and
10001
to (10001+y), both TCP and UDP, bidirectionally.

I've done that, and I've also configured storage node #2 (behind a
firewall) with nsrports -S 7937-7970 -C 10001-10050 as well as the
clients
(which are behind a second firewall.)   Lastly, I've re-started the
services on all boxes to be sure they're freshly loaded with the right
config out of nsrla.res.

What's happening (still) is that I cannot perform a savegrp backup.  I
get
RPC failures:

 157. sudo savegrp -vvvv -p -l full -c lendb01 -G GOLD-xxxxxx_Bkups
Password:
lendb01:All                               level=full
11/09/06 16:07:55 savegrp: Run up to 24 clients in parallel
11/09/06 16:07:55 savegrp: lendb01:probe
started
savefs -s dalsn004 -c lendb01 -g GOLD-xxxxxxx_Bkups -p -l full -R -v
11/09/06 16:08:19 savegrp: command 'savefs -s dalsn004 -c lendb01 -g
GOLD-xxxxxx_Bkups -p -l full -R -v ' for client lendb01 exited with
return
code 1.
11/09/06 16:08:19 savegrp: lendb01:probe succeeded.
* lendb01:All rcmd lendb01, user root: `savefs -s dalsn004 -c lendb01 -g
GOLD-xxxxxx_Bkups -p -l full -R -v'
* lendb01:All nsrexec: authtype
* lendb01:All savefs: RPC error: Remote system error
* lendb01:All savefs: Cannot access nsr server `dalsn004'
  savefs lendb01: failed.
--- Probe Summary ---

lendb01:All                        level=full, dn=-1, mx=0,
vers=unknown,
p=1
lendb01:All             level=full, pool=xxxxxx, save as of Thu Nov  9
16:08:19 GMT-0600 2006
lendb01:index                      level=full, dn=-1, mx=0,
vers=unknown,
p=1
lendb01:index           level=full, pool=xxxxxx, save as of Thu Nov  9
16:08:19 GMT-0600 2006

I would really appreciate any help you can give me.   TIA


Phillip T. ("Ty") Young, DMA
Manager, Data Center and Backup/Recovery Services
Information Services
i2 Technologies, Inc.

To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu
if you have any problems
wit this list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu 
if you have any problems
wit this list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

<Prev in Thread] Current Thread [Next in Thread>