34 Posts
0
3647
nsr ports conflict
Hello,
We have a port conflict between a production application and Legato in our company on a client server (networker client). it is about port 8543. nsrexecd used this port also.
I have been reading some threads of people having similar issue in the past. Is the solution is to run against the client?:
for example:
1) client_sever>nsrports -s -S 7937-8540
2) restart networker services
I read that 4 ports are usually used by nsrexecd in the case of normal networker clients (not having NMC or being a storage node) so I think this is a sufficient range.
my question are:
1)running this command on the client will not harm the configuration on the networker server and the other clients?
2) also, is there any additional steps that should be performed ( firewall config ) so nsrexed takes this modification into account?
3) is there a command with that skips specific ports?
Thank you
bingo.1
2.4K Posts
2
April 16th, 2021 05:00
Your information seems to be a bit obsolete. The NW client uses some more incoming port (aka as service ports), depending of whether you have the Extended Client software package installed or not.
If installed, you can use the built-in NW command nsrrpcinfo to verify the current configuration. Here is an example for the default range for NW 19.3.0.1:
C:\>nsrrpcinfo -p localhost
PROGRAM VERSION PROTOCOL PORT SERVICE
100000 2 tcp 7938 nsrportmapper Port Mapper
100000 2 udp 7938 nsrportmapper Port Mapper
390436 1 tcp 8006 nsrexecd GSS Authentication
390435 1 tcp 9219 nsrexecd Resource Mirror
390440 1 tcp 8608 nsrexecd_nsrfa Remote File Access
390113 1 tcp 7937 nsrexecd Remote Execution
390408 1 tcp 9622 nsrpsd Snapshot Management
390409 1 tcp 9853 nsrsnapckd Snapshot Management
C:\>
Now, with nsrports, you may limit the port range while the ports 7937 & 7938 are fixed. So for example, you may do the following:
C:\>nsrports -S 7937-7945
C:\>
C:\>net stop nsrexecd
The NetWorker Remote Exec Service service is stopping.
The NetWorker Remote Exec Service service was stopped successfully.
C:\>net start nsrexecd
The NetWorker Remote Exec Service service is starting.
The NetWorker Remote Exec Service service was started successfully.
C:\>
C:\>nsrrpcinfo -p
PROGRAM VERSION PROTOCOL PORT SERVICE
100000 2 tcp 7938 nsrportmapper Port Mapper
100000 2 udp 7938 nsrportmapper Port Mapper
390436 1 tcp 7943 nsrexecd GSS Authentication
390435 1 tcp 7945 nsrexecd Resource Mirror
390440 1 tcp 7942 nsrexecd_nsrfa Remote File Access
390113 1 tcp 7937 nsrexecd Remote Execution
390408 1 tcp 7940 nsrpsd Snapshot Management
390409 1 tcp 7941 nsrsnapckd Snapshot Management
C:\>
As you can see, a fraction of the default range is necessary to achieve the same functionality.
You can even setup more than one range, if necessary. The command line reference provides more information. Do not forget that the two ports 7937 & 7938 are fixed.
BTW - for whatever reason nsrrpcinfo is only installed with the Extended Client software - it is not part of the Standard Client package. But you may copy it from an appropriate client (or storage node or server) wherever it is available.
Hope this helps.
barry_beckers
393 Posts
1
April 17th, 2021 06:00
and be aware that the method some sysadmins use to "fix" (ahum) backup issues by simply deleting the nsrladb directory on client end (with nw shutdown, delete of nsrladb contents, nw start), that then your client port range will be back to the original larger range again as it is contained in the nsrladb directory on the client. Those sysadmins then also completely ignore (or are oblivious to) the fact that the client will then create a new nsr peer certificate and hence the backup server will report a clash as it will have an older nsr peer certificate for the client and will complain about that, requiring the nsr peer certificate for said cleint to be deleted on backup server end so that client and server can perform a new handshake again and exchange their nsr peer certificates.
So if it is important that the limited port range remains active, you might want to put a check in place that validates if still the required limited port range is configured.
hend_bs
34 Posts
0
April 18th, 2021 07:00
Thank you Bingo ! that was very helpful.
hend_bs
34 Posts
0
April 18th, 2021 07:00
Good to know these details ! thanks barry for this information
STIV1992
5 Posts
1
April 19th, 2021 04:00
You can even setup more than one range, if necessary. The command line reference provides more information. Do not forget that the two ports 7937 & 7938 are fixed.