Failed to add a new cloud connect server

[sarapinho]

Hello,

I'm trying to add a new cloud connect server to my portal, but the following error occurs "Failed to contact the server to validate user credentials"

Has anyone ever had this problem?

These are my firewall rules

Code: Select all

access-list fw_outside line 1 extended permit tcp any any eq https
access-list fw_outside line 2 extended permit tcp any any eq 6169
access-list fw_outside line 3 extended permit tcp any any eq 6180
access-list fw_outside line 4 extended permit tcp any any eq 9999
access-list fw_outside line 5 extended permit tcp any any eq 135
access-list fw_outside line 6 extended permit tcp any any eq 6160
access-list fw_outside line 7 extended permit tcp any any eq 6168
access-list fw_outside line 8 extended permit tcp any any eq 445
access-list fw_outside line 9 extended permit tcp any any range 2500 5000
access-list fw_outside line 10 extended permit tcp any any range 49152 65535

Veeam Case# 07157646

Thanks.

[Mildur]

Hello Amauri

I'm trying to add a new cloud connect server to my portal

Portal can mean alot (We have a few of them). So let's assume you mean the Veeam Service Provider Console.

Port requirement for the Service Provider console is listed in our user guide. I can see that our support engineer has shared this list with you as well. Please make sure together with your network team that those ports are open.
https://helpcenter.veeam.com/docs/vac/d ... tml?ver=80

Necessary ports for adding cloud connect server to the service provider console:

Source: Veeam Service Provider Console Server
Destination: Veeam Cloud Connect server
Ports: 135, 445, 49152 to 65535

Source: Veeam Cloud Connect server
Destination: Veeam Service Provider Console Server
Ports: 9999

Source: Veeam Cloud Connect server
Destination: Cloud gateway Server
Ports: 2500-5000

These are my firewall rules

I'm not a firewall or network specialist, but line 5 and 8 looks dangerous to me. Allowing any to any for ports 135 (RPC) and 445 (SMB) is not recommended (security). May I ask, are you trying to add a cloud connect server over NAT/Internet to the Service Provider Console? It may be possible that your internet provider blocks 445 (SMB) connections over the internet. Please use a VPN for the service provider console and cloud connect server in that case.

Best,
Fabian

PS:
Please register yourself in our service provider user group if you are a service provider. This gives you access to our hidden service provider sub forums where service provider products are discussed: Apply for the Cloud and Service Providers user group

[sarapinho]

Hi Fabian,

Thanks for the answer.

Now the issue of ports is a little clearer, as it is an approval environment I am trying directly over the internet, without using a VPN (In my opinion, the cloud connect solution was not designed to work with this type of access.).

In the firewall logs I see the connection exists, so I believe there is no blocking by the internet provider.

Best Regards.