Host-based backup of Microsoft Hyper-V VMs.
Post Reply
Zhilenko Ivan
Novice
Posts: 3
Liked: never
Joined: Mar 19, 2014 9:33 am
Full Name: Zhilenko Ivan
Contact:

Veeam uses not default ports (Exchange 2013)

Post by Zhilenko Ivan »

Hello!
We have two zones: A and B. Veeam server is in zone A. Version of Veeam B&R is 7.0.0.839.
There is Cisco ASA between zones. All necessary ports are open for the Veeam.
We have an error with backup job server in zone B (Exchange 2013).

Unable to subscribe to guest processing components: RPC function call failed. Function name: [IsSnapshotInProgress]. Target machine: [172.18.0.2]. RPC error:Сервер RPC недоступен. Code: 1722.
Unable to create snapshot (Microsoft Software Shadow Copy provider 1.0) (mode: Veeam application-aware processing). Details: Failed to prepare guests for volume snapshot.
Error: Failed to prepare guests for volume snapshot.

Also on ASA we see that Veeam try to connect to Exchange Server on port tcp/7026, tcp/6267 and this denied by ASA.

Is it normal that Veeam use these ports?

Thanks.
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Veeam uses not default ports (Exchange 2013)

Post by foggy »

Ivan, haven't you changed the default dynamic RPC port range on this VM by any chance? Just a thought.
Zhilenko Ivan
Novice
Posts: 3
Liked: never
Joined: Mar 19, 2014 9:33 am
Full Name: Zhilenko Ivan
Contact:

Re: Veeam uses not default ports (Exchange 2013)

Post by Zhilenko Ivan »

No, we just Install Exchange 2013 on this server.

Key from registry

Code: Select all

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc]
"UuidSequenceNumber"=dword:01bcf674
"DCOM Protocols"=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,69,00,70,00,5f,00,\
  74,00,63,00,70,00,00,00,00,00
"DisableTcpLoopbackToNpfsMapping"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\ClientProtocols]
"ncadg_ip_udp"="rpcrt4.dll"
"ncacn_ip_tcp"="rpcrt4.dll"
"ncacn_np"="rpcrt4.dll"
"ncacn_http"="rpcrt4.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions]
"RemoteRpcDll"=hex(2):52,00,70,00,63,00,52,00,74,00,52,00,65,00,6d,00,6f,00,74,\
  00,65,00,2e,00,64,00,6c,00,6c,00,00,00
"NdrOleExtDll"=hex(2):63,00,6f,00,6d,00,62,00,61,00,73,00,65,00,2e,00,64,00,6c,\
  00,6c,00,00,00
"TrustRidDll"=hex(2):6c,00,6f,00,67,00,6f,00,6e,00,63,00,6c,00,69,00,2e,00,64,\
  00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy]
"Enabled"=dword:00000001
"ValidPorts"="UAC-GP-EX001:593;UAC-GP-EX001:49152-65535"
"AllowAnonymous"=dword:00000001
"WebSite"="Exchange Back End"
"ValidPorts_AutoConfig_Exchange"="localhost:6001;UAC-GP-EX001:6001;UAC-GP-EX001.UAC-GP.RU:6001"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService]
"10"="sspicli.dll"
"16"="sspicli.dll"
"14"="schannel.dll"
"9"="sspicli.dll"
"68"="netlogon.dll"
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Veeam uses not default ports (Exchange 2013)

Post by foggy »

Then I suggest contacting support for closer look at your environment. Using these ports looks to be unexpected.
Zhilenko Ivan
Novice
Posts: 3
Liked: never
Joined: Mar 19, 2014 9:33 am
Full Name: Zhilenko Ivan
Contact:

Re: Veeam uses not default ports (Exchange 2013)

Post by Zhilenko Ivan »

We try to check ports by commands

netsh
interface
ipv4
show dynamicportrange tcp

and see that start port is 6005. After that we change ASA rules and all work fine.
Post Reply

Who is online

Users browsing this forum: No registered users and 20 guests