Joel, we backup 3 Windows boxes through a firewall but no MSCS. What we did is start a backup (manually or scheduled) and check at the firewall which packets were dropped. This way we found which ports needed to be accepted. We needed several test runs until we found all affected ports. HTH Reinhold Joel Cooper schrieb: > I have a situation that I'm having a problem with. I wanted to see if anyone > knows the quick answer. This message is long, so thanks to anyone that reads it > and even more to anyone that has an idea. > > First, ADSM didn't used to be supported through a firewall even though it would > work in many situations. I don't know in this day and age if that non-support is > still official. If it is, I really feel it needs to be changed because in this > age of the Internet, I am having web server TSM clients added like you wouldn't > believe. If the problem is the client opening up additional ports and not being > able to predict the random port it will use, why not have an option file setting > to set valid ports for the client to try? Even if Tivoli won't "support > firewalls", at least give us some functionality where we can do our jobs. I've > got a few million dollars worth of servers outside firewalls and they haven't > quit ordering them. So far, we've been backing up about 2 or 3 dozen b/a clients > and a few SQL agents for awhile through a firewall. > > To accomplish this, we've been having our Security department implement firewall > rules that allow bi-directional TCP/IP traffic on 1500 and 1501. No problems. > > My situation is this: I just setup 2 Windows 2000 based cluster server (MSCS) > outside a firewall, one for SQL 7.0 and one for Exchange 2000. According to TSM > v4 instructions, I need a client for the Windows nodes that could run the > cluster and I need a client for each cluster group, in my case a group for the > quorum and a group for Exchange 2000. With Exchange 2000, I also need the TDP > for Exchange v2. > > I have these clients all installed and they all work manually. My problem is > with the scheduler service. The first service to run on 1500 works; the > subsequent services never answer the server. According to the error logs, they > found the TCP/IP port busy and picked another at random. It appears they picked > 56582 and then 56583, etc. > > I made each service work on 1500 by itself, but I need them to run together. I > thought the answer was in TCPPort in dsm.opt. I got them to open ports 1500 - > 1505 and put each client on its own port. The firewall part works, showing a > session going through w/o a problem. I am getting ANS1017 Session rejected: > TCP/IP connection failure, though. I am not sure why. I'm not getting activity > log errors for this on my last test. > > Does anyone have any ideas? Is this because my server has the option to be > contacted on TCPPort 1500? I don't want to use the Windows scheduler to handle > this, but I have to cover these servers. > > I don't see what a support call will accomplish yet, but if I get a little more > information I'm willing to try to get some answers. > > Thanks in advance, > > Joel Cooper > [EMAIL PROTECTED]
begin:vcard n:Wagner;Reinhold tel;fax:+49 821 4103 7490 tel;work:+49 821 4103 490 x-mozilla-html:TRUE url:http://www.zeunastaerker.de org:Zeuna Staerker GmbH & Co. KG;IM adr:;;Biberbachstr. 9;Augsburg;;86157; version:2.1 email;internet:[EMAIL PROTECTED] fn:Reinhold Wagner end:vcard
