Here are a list of ports: http://technet.microsoft.com/en-us/library/hh427328.aspx
Management Point -- > SQL Server<javascript:void(0)> Description UDP TCP SQL over TCP -- 1433 (See note 2, Alternate Port Available) Site Server -- > Distribution Point<javascript:void(0)> (See note 5, Communication between the site server and site systems) Description UDP TCP Server Message Block (SMB) -- 445 RPC Endpoint Mapper 135 135 RPC -- DYNAMIC (See note 6, Dynamic ports) SQL Server --> SQL Server<javascript:void(0)> Intersite database replication requires the SQL Server at one site to communicate directly with the SQL Server of its parent or child site. Description UDP TCP SQL Server Service -- 1433 (See note 2, Alternate Port Available) SQL Server Service Broker -- 4022 (See note 2, Alternate Port Available) Michael Dzikowski Senior Systems Engineer | Ally Technical Infrastructure - Windows Hosting [cid:[email protected]] From: [email protected] [mailto:[email protected]] On Behalf Of Brian McDonald Sent: Wednesday, February 26, 2014 12:28 PM To: [email protected] Subject: RE: [mssms] SQL Ports/Firewall must be my issue Thanks Jason. I believe this is a firewall issue from my Primary Site server on the internal domain (local SQL) and my Site System in the DMZ (untrusted domain). I need to have ports 1433 and 4022 configured to allow SQL traffic, correct? To or From what??? Thanks, Brian ________________________________ From: [email protected]<mailto:[email protected]> To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] MP errors (SQL) on site system in DMZ Date: Wed, 26 Feb 2014 15:52:05 +0000 Brian I am not sure that the untrusted forest site system should itself be granted permissions rather that you will create a username/Password combination for access and then send that information down to the site system when you configure it. There is a good set of blogs http://blogs.technet.com/b/neilp/archive/2012/08/24/cross-forest-support-in-configmgr-2012-part-3-deploying-site-server-site-systems-in-an-untrusted-forest.aspx which look at this Jason ________________________________ From: [email protected]<mailto:[email protected]> To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] MP errors (SQL) on site system in DMZ Date: Wed, 26 Feb 2014 09:39:59 -0600 I'm looking into this further and as I understand I need to give my computer account (Site System in the DMZ) local admin rights to my Primary Site Server in my internal domain. This is something I have not done yet, while isn't going to be the problem solver as the below is SQL issues draws up more questions on the requirements for deploying site systems in the DMZ in an UNTRUSTED domain. :) Is anyone else running DMZ site systems in an untrusted domain that has experience with this? Thanks, Brian ________________________________ From: [email protected]<mailto:[email protected]> To: [email protected]<mailto:[email protected]> Subject: [mssms] MP errors (SQL) on site system in DMZ Date: Tue, 25 Feb 2014 18:01:36 -0600 I installed a MP/DP in my DMZ recently (in an untrusted domain) in my SCCM 2012 R2 environment. I checked Site Status and noticed the following error: Message ID: 9804 Notification Server on BOBBY.XYZ.COM failed to connect to the site database CM_P1. Possible cause: Notification Server failed to connect to the site database. Possible causes: 1) Network is temporarily unavailable 2) Firewall misconfiguration 3) Authentication issues ERROR: Can't retrieve SQL connection. Exception: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - No such host is known.)~~ $$<SMS_NOTIFICATION_SERVER><02-25-2014 17:19:54.801+360><thread=2688 (0xA80)> ERROR: Don't have SQL connection when get resync flag~~ $$<SMS_NOTIFICATION_SERVER><02-25-2014 17:19:54.801+360><thread=2688 (0xA80)> ERROR: Don't have SQL connection when retrieve push tasks~~ $$<SMS_NOTIFICATION_SERVER><02-25-2014 17:19:54.801+360><thread=4892 (0x131C)> Seems to be an issue connecting to SQL from my MP/DP. From the above it appears to be either Firewall ports or authentication. Firewall ports 4022 are open I believe. Is there anything else I should be looking at or have my networking team review? Thanks, Brian
<<inline: image001.png>>
