Wandering port connections throught Firewalls

L

LarryB

ADSM.ORG Member
Joined
Apr 17, 2008
Messages
94
Reaction score
1
Points
0
Location
Auckland, New Zealand
Website
www.telstraclear.co.nz
Hi all,

I have a firewall arrangement setup. The node is setup as....

HLADDRESS: 10.201.204.19
LLADDRESS: 5081
TSM client Version 5.3 (old one)
Client is a windows box

We are using 5081 as we believe the application on the server is interfering with 1500, 1501. I understand the server will connect on this port to backup. We cannot initiate a backup from the server. If I look in the
Activity log it appears to be prompting the client on ports 3760, 1965, 4188… and not port 5081. Why is this? The firewall does not prevent contact. How can this be corrected ?


12/17/09 09:36:24 ANR0406I Session 2889794 started for node WLGWPCTISTH01 (WinNT) (Tcp/Ip 10.201.204.19(3760)). (SESSION: 2889794) ……..12/17/09 09:44:01 ANR2716E Schedule prompter was not able to contact client WLGWPCTISTH01 using type 1 (10.201.204.19 4476). (SESSION: 1965) 12/17/09 09:45:49 ANR0406I Session 2892300 started for node WLGWPCTISTH01 (WinNT) (Tcp/Ip 10.201.204.19(4186)). (SESSION: 2892300) 12/17/09 09:45:58 ANR0406I Session 2892307 started for node WLGWPCTISTH01 (WinNT) (Tcp/Ip 10.201.204.19(4188)). (SESSION: 2892307) 12/17/09 09:45:58 ANR0403I Session 2892307 ended for node WLGWPCTISTH01 (WinNT). (SESSION: 2892307) 12/17/09 09:49:20 ANR0406I Session 2893662 started for node WLGWPCTISTH01 (WinNT) (Tcp/Ip 10.201.204.19(4367)). (SESSION: 2893662) 12/17/09 09:49:20 ANR0403I Session 2893662 ended for node WLGWPCTISTH01 (WinNT). (SESSION: 2893662) 12/17/09 09:50:40 ANR0403I Session 2889794 ended for node WLGWPCTISTH01 (WinNT). (SESSION: 2889794) 12/17/09 09:50:43 ANR0406I Session 2893855 started for node WLGWPCTISTH01 (WinNT) (Tcp/Ip 10.201.204.19(4424)). (SESSION: 2893855) 12/17/09 09:56:03 ANR0406I Session 2893878 started for node WLGWPCTISTH01 (WinNT) (Tcp/Ip 10.201.204.19(4698)). (SESSION: 2893878)
 
Post your client dsm.opt contents and Q NODE <nodename> F=D
 
//DSM.opt
PASSWORDACCESS GENERATE
TCPCLIENTADDRESS 10.201.204.19
TCPCLIENTPORT 5081
HTTPPORT 5081
TCPPORT 1500
TCPADMINPORT 1500


DOMAIN C:
DOMAIN D:
DOMAIN E:
DOMAIN F:
DOMAIN H:
DOMAIN L:
DOMAIN SYSTEMSERVICES
DOMAIN SYSTEMSTATE
DOMAIN V:
DOMAIN ALL-LOCAL
TCPSERVERADDRESS TDTSMSVR1.moon.co.nz

MANAGEDSERVICES WEBCLIENT SCHEDULE
SCHEDMODE PROMPTED


//q node
N11:23:56 WGN_TD_SVR1B : q node WLGWPCTISTH01 f=d
Node Name: WLGWPCTISTH01
Platform: WinNT
Client OS Level: 5.02
Client Version: Version 5, Release 3, Level 4.0
Policy Domain Name: PD_WINDOWS
Last Access Date/Time: 12/17/2009 10:34:52
Days Since Last Access: <1
Password Set Date/Time: 11/06/2009 12:08:45
Days Since Password Set: 41
Invalid Sign-on Count: 0
Locked?: No
Contact: PRD:
Compression: Client
Archive Delete Allowed?: Yes
Backup Delete Allowed?: No
Registration Date/Time: 10/06/2009 10:07:13
Registering Administrator: LFRED
Last Communication Method Used: Tcp/Ip
Bytes Received Last Session: 244,624.63 M
Bytes Sent Last Session: 490.15 M
Duration of Last Session: 121,105.16
Pct. Idle Wait Last Session: 3.70
Pct. Comm. Wait Last Session: 41.57
Pct. Media Wait Last Session: 1.14
Optionset: WINDOWS
URL: http://client.host.name:1581
Node Type: Client
Password Expiration Period:
Keep Mount Point?: No
Maximum Mount Points Allowed: 2
Auto Filespace Rename : No
Validate Protocol: No
TCP/IP Name: WLGWPCTISTH01
TCP/IP Address: 10.201.204.19
Globally Unique ID: 4b.2b.ae.31.b6.a0.11.de.a9.0d.00.1e.c9.d6.85.e8
Transaction Group Max: 0
Data Write Path: ANY
Data Read Path: ANY
Session Initiation: ClientOrServer
High-level Address: 10.201.204.19
Low-level Address: 5081
Collocation Group Name:
Proxynode Target:
Proxynode Agent:
 
Firewall is definitely open both ways on port 5081?

Try commenting out the MANAGEDSERVICES line, turn off your TSM CAD, then at command line run "dsmc sched" so it waits for the server.

On the TSM server, setup a schedule for that node and let it start. It will prompt you on the client for password, then see if that runs. No need to let it complete, just see if it it begins. Then change MANAGEDSERVICES back to your normal method and it "should" act normal.

I've had instances that do this too and that normally gets it on the right track, but normally it's with clients in the DMZ that are not allowed to initiate contact with the TSM server. It may also be due to the change in your port. Maybe someone else can shed some light better.
 
I have been told the ports are open and a few simple telnet test implies this. The server cannot talk to the client. It is "hardwired" on Port 5081, yet it tries and contacts the client on various port.
 
You must log in or register to reply here.

Data Privacy Impact Assessment

Compliance Assurance in Every Byte: Discover the Impact of Our DPIA Services.

Sponsor ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

Navigation Menu

Forums
   IBM TSM
   EMC Backup and Recovery
   Symantec NetBackup  
   SAN  
   NAS
   Platforms / OS
Mailing List Archives
   ADSM-L
User Groups

NordVPN 3 Months FREE

Help Support ADSM.ORG and Get NordVPN with 64% Off and 3 Months FREE.

NordVPN with 64% off + 3 months FREE

Forum statistics

Threads
31,974
Messages
135,448
Members
21,953
Latest member
jrogers
Back
Top