dd1980
2 Iron

NetWorker through a firewall

Hi Guys,

I am trying to configure a client to back up through the firewall. I am running 7.4.1 on the server and on the client. Both are Windows 2003 SP1.

The firewall guys have opened 7937-7941 ports on the firewall.

When I try to configure the port range through local hosts I am getting "failed on UDP ping".

Also when running nsrports -s "servername" on the client I am getting :
"nsrports: RAP error: Service not available."

All hosts files are correctly populated with short and FQDN with correct IPs on both server and client.

If I run ping and ping -a, both ways, I am getting successful name resolution. When trying to run save -vvv from the client to the server I am getting the following errors:

39076:save: RPC warning: RPC cannot make a procedure call: Create failed: 352:Remote system error - Connection refused

When running rpcinfo -p from the client to the server I am getting the following:
C:\Documents and Settings\administrator.EXTRANET>rpcinfo -p 10.0.0.60
rpcinfo: can't contact lgtomapper: rpcinfo: 344:RPC receive operation failed.
network connection could not be established with the host.; errno = Connection
reset by peer

Can anyone help please?
Tags (1)
0 Kudos
7 Replies
ble1
6 Indium

Re: NetWorker through a firewall

UDP port can be disable from NMC.

Not sure why nsrports doesn't work, but it could be already set range. Try to change it via nsradmin.

rpcinfo is using port 111 which probably is not open - instead use nsrexecd port with nsradmin to test remote connectivity.
0 Kudos
dd1980
2 Iron

Re: NetWorker through a firewall

Hello Crvelin,

as always you are very helpful (thanks a bunch ;-))

No I tried to run the following from the client:

nsradmin -p nsrexec -s 10.0.0.60 "NetWorker server"

This is what I am getting

39078:nsradmin: RPC error: RPC receive operation failed. A network connection c
ould not be established with the host.

There does not appear to be a NetWorker nsrexecd server running on 10.0.0.60.

Now I know that nsrexecd is running on the networker server as there are other backups running.

I did try to telnet back to the server on port 111 and that is closed, so I have just put in a request to have that open.

It should be done in an hour or so so I will keep you posted.

Thanks
dd1980
0 Kudos
ble1
6 Indium

Re: NetWorker through a firewall

Use: echo p | nsradmin -p 390113 -i - -s <remote side name>

You can use this against any client/server from any client/server.
0 Kudos
dd1980
2 Iron

Re: NetWorker through a firewall

Thanks for that.

I tried what you suggested and here is the outcome:

C:\Documents and Settings\administrator.EXTRANET>echo p | nsradmin -p 390113 -i
- -s 10.0.0.60
39078:nsradmin: RPC error: RPC receive operation failed. A network connection c
ould not be established with the host.

There does not appear to be a NetWorker nsrexecd server running on 10.0.0.60.

I have checked and the RPC service is started on both machines.
0 Kudos
ble1
6 Indium

Re: NetWorker through a firewall

It means you can't connect via RPC to nsrexeced port (ONC 390113). That does seem to be blocked (or maybe whole RPC protocol might be blocked). Can you confirm 7937 and 7938 ports are open for communication?
0 Kudos
dd1980
2 Iron

Re: NetWorker through a firewall

Both ports are open for communication.

If I run

telnet 10.0.0.60 7937
telnet 10.0.0.60 7938

from the client

and

telnet 172.16.1.54 7937
telnet 172.16.1.54 7938

from the server, they all run successfully.
0 Kudos
ble1
6 Indium

Re: NetWorker through a firewall

That means TCP runs fine... then RPC remains to be checked. To make it easier, check with fw admin if at the time when you try to connect fw gets anything logged.
0 Kudos