Veeam uses not default ports

Hyper-V specific discussions

Veeam uses not default ports

Veeam Logoby Borsh » Wed Jun 05, 2013 11:03 am

Hello!
We have two site: A and B. In each of them there are two hyper-v 2008 r2 clusters – cluster LAN and cluster DMZ.
Veeam server is on the cluster LAN in site A. Version of Veeam B&R is 6.5.0.144 (with patch 3).
There is Cisco ASA between clusters and sites. But all necessary ports are open for the Veeam.
Sometimes there is a replication error of the two machines:
Code: Select all
Unable to subscribe to guest processing components: RPC function call failed. Function name: [IsSnapshotInProgress]. Target machine: [172.17.65.32]. RPC error:The RPC server is unavailable. Code: 1722. Unable to create snapshot (Microsoft Software Shadow Copy provider 1.0) (mode: Veeam application-aware processing). Details: Failed to prepare guests for volume snapshot. Unable to allocate processing resources. Error: Unable to allocate resources for taskId: '04f68c28-abcc-4ace-8885-909564413ab9'

Look at the pictures (ASA):
Image
Image
Image

Where: 10.1.32.23 – VEEAM server, 172.17.65.32, 172.17.65.31 – replicated virtual machines (Win2008 r2).
So Veeam uses strange ports that are not in the documentation - 23834, 1071, 20688, 1056.

Does anybody met with same problem?

Case #00247416

Thanks
Igor
Borsh
Influencer
 
Posts: 20
Liked: 1 time
Joined: Mon May 06, 2013 5:35 am
Full Name: Igor Bonev

Re: Veeam uses not default ports

Veeam Logoby foggy » Wed Jun 05, 2013 11:51 am

Igor, if you look at the Used Ports section in the user guide (p.67), you will notice that dynamic RPC ports are also required for application-aware image processing of the VM guest OS.
foggy
Veeam Software
 
Posts: 14736
Liked: 1079 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: Veeam uses not default ports

Veeam Logoby Borsh » Wed Jun 05, 2013 12:02 pm

Alexander, i have looked at the Ports Used Section of cource. But If you look again, you can see, that dynamic RPC port range:
- 1025 to 5000 (for Windows 2003)
- 49152-65535 (for Windows 2008)
http://www.veeam.com/vmware-backup/help ... ports.html

In my case, ports are 23834, 1071, 20688, 1056 - ports that do not fall within the range 49152-65535 (replicated virtual machines with Windows 2008 R2).
Borsh
Influencer
 
Posts: 20
Liked: 1 time
Joined: Mon May 06, 2013 5:35 am
Full Name: Igor Bonev

Re: Veeam uses not default ports

Veeam Logoby foggy » Wed Jun 05, 2013 12:52 pm

Do you probably have Exchange Server installed in the affected VMs?
foggy
Veeam Software
 
Posts: 14736
Liked: 1079 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: Veeam uses not default ports

Veeam Logoby Borsh » Wed Jun 05, 2013 1:31 pm

in one – MSSQL + Oracle Hyperion, in another - Essbase.
Borsh
Influencer
 
Posts: 20
Liked: 1 time
Joined: Mon May 06, 2013 5:35 am
Full Name: Igor Bonev

Re: Veeam uses not default ports

Veeam Logoby foggy » Thu Jun 06, 2013 10:09 am

Igor, could you please check what default dynamic RPC ports are configured on these VMs?
foggy
Veeam Software
 
Posts: 14736
Liked: 1079 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: Veeam uses not default ports

Veeam Logoby Borsh » Thu Jun 06, 2013 11:06 am

There are not key Internet in HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc and any another keys in registry.
It should be added?
Borsh
Influencer
 
Posts: 20
Liked: 1 time
Joined: Mon May 06, 2013 5:35 am
Full Name: Igor Bonev

Re: Veeam uses not default ports

Veeam Logoby foggy » Thu Jun 06, 2013 11:51 am

Well, you could create it and probably the ports from the range you specify will then be used. However, I'm not sure why the default range (49152-65535) is not used if there's no range specified at all.

Anyway, these ports are defined by the guest RPC service, so Veeam components are simply instructed to use them.
foggy
Veeam Software
 
Posts: 14736
Liked: 1079 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: Veeam uses not default ports

Veeam Logoby elwood » Wed Jul 26, 2017 2:27 pm

Sorry to dig up an old post.
I'd like a bit more clarity around this.
Default RPC as we know is 49152-65535, and in the case of Veeam Agent for Windows for example it opens up a client side connection from the default RPC range, to the 2500-5000 range on the B&R side for each connection - correct?

We also know that Exchange seems to alter the default range to 6005-59530 - so that's a bit of a pain in itself. (Should this bit of info be added to your used ports documentation? )
Strangely, we've seen non Exchange servers (standard, clean built DC) opening up ephemeral ports outside of the default range.
C:> NETSH INTERFACE IPV4 SHOW DYNAMICPORTRANGE TCP shows the normal 49152-65535 configured, yet something is causing it to open connections outside of the range. It makes firewall configuration exceptionally difficult without opening up blanket holes throughout.

I'm curious as to how common this is, how others are addressing this, and most importantly I'm wondering if it's feasible for the Agent at some time in the future to encapsulate all of this traffic into one transport port in a similar way to Cloud Connect?
elwood
Service Provider
 
Posts: 23
Liked: never
Joined: Fri Jan 30, 2015 10:05 am
Full Name: Eliot Wood

Re: Veeam uses not default ports

Veeam Logoby Dima P. » Fri Aug 11, 2017 6:44 pm

Hi Eliot,

The specified range is correct. Need some time to check the overlap with Exchange - stay tuned.
Dima P.
Veeam Software
 
Posts: 6242
Liked: 440 times
Joined: Mon Feb 04, 2013 2:07 pm
Location: SPb
Full Name: Dmitry Popov


Return to Microsoft Hyper-V



Who is online

Users browsing this forum: No registered users and 10 guests