Host-based backup of Microsoft Hyper-V VMs.
Post Reply
Borsh
Influencer
Posts: 20
Liked: 1 time
Joined: May 06, 2013 5:35 am
Full Name: Igor Bonev
Contact:

Veeam uses not default ports

Post by Borsh »

Hello!
We have two site: A and B. In each of them there are two hyper-v 2008 r2 clusters – cluster LAN and cluster DMZ.
Veeam server is on the cluster LAN in site A. Version of Veeam B&R is 6.5.0.144 (with patch 3).
There is Cisco ASA between clusters and sites. But all necessary ports are open for the Veeam.
Sometimes there is a replication error of the two machines:

Code: Select all

Unable to subscribe to guest processing components: RPC function call failed. Function name: [IsSnapshotInProgress]. Target machine: [172.17.65.32]. RPC error:The RPC server is unavailable. Code: 1722. Unable to create snapshot (Microsoft Software Shadow Copy provider 1.0) (mode: Veeam application-aware processing). Details: Failed to prepare guests for volume snapshot. Unable to allocate processing resources. Error: Unable to allocate resources for taskId: '04f68c28-abcc-4ace-8885-909564413ab9'
Look at the pictures (ASA):
Image
Image
Image

Where: 10.1.32.23 – VEEAM server, 172.17.65.32, 172.17.65.31 – replicated virtual machines (Win2008 r2).
So Veeam uses strange ports that are not in the documentation - 23834, 1071, 20688, 1056.

Does anybody met with same problem?

Case #00247416

Thanks
Igor
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Veeam uses not default ports

Post by foggy »

Igor, if you look at the Used Ports section in the user guide (p.67), you will notice that dynamic RPC ports are also required for application-aware image processing of the VM guest OS.
Borsh
Influencer
Posts: 20
Liked: 1 time
Joined: May 06, 2013 5:35 am
Full Name: Igor Bonev
Contact:

Re: Veeam uses not default ports

Post by Borsh »

Alexander, i have looked at the Ports Used Section of cource. But If you look again, you can see, that dynamic RPC port range:
- 1025 to 5000 (for Windows 2003)
- 49152-65535 (for Windows 2008)
http://www.veeam.com/vmware-backup/help ... ports.html

In my case, ports are 23834, 1071, 20688, 1056 - ports that do not fall within the range 49152-65535 (replicated virtual machines with Windows 2008 R2).
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Veeam uses not default ports

Post by foggy »

Do you probably have Exchange Server installed in the affected VMs?
Borsh
Influencer
Posts: 20
Liked: 1 time
Joined: May 06, 2013 5:35 am
Full Name: Igor Bonev
Contact:

Re: Veeam uses not default ports

Post by Borsh »

in one – MSSQL + Oracle Hyperion, in another - Essbase.
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Veeam uses not default ports

Post by foggy »

Igor, could you please check what default dynamic RPC ports are configured on these VMs?
Borsh
Influencer
Posts: 20
Liked: 1 time
Joined: May 06, 2013 5:35 am
Full Name: Igor Bonev
Contact:

Re: Veeam uses not default ports

Post by Borsh »

There are not key Internet in HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc and any another keys in registry.
It should be added?
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Veeam uses not default ports

Post by foggy »

Well, you could create it and probably the ports from the range you specify will then be used. However, I'm not sure why the default range (49152-65535) is not used if there's no range specified at all.

Anyway, these ports are defined by the guest RPC service, so Veeam components are simply instructed to use them.
elwood
Service Provider
Posts: 23
Liked: never
Joined: Jan 30, 2015 10:05 am
Full Name: Eliot Wood
Contact:

Re: Veeam uses not default ports

Post by elwood »

Sorry to dig up an old post.
I'd like a bit more clarity around this.
Default RPC as we know is 49152-65535, and in the case of Veeam Agent for Windows for example it opens up a client side connection from the default RPC range, to the 2500-5000 range on the B&R side for each connection - correct?

We also know that Exchange seems to alter the default range to 6005-59530 - so that's a bit of a pain in itself. (Should this bit of info be added to your used ports documentation? )
Strangely, we've seen non Exchange servers (standard, clean built DC) opening up ephemeral ports outside of the default range.
C:> NETSH INTERFACE IPV4 SHOW DYNAMICPORTRANGE TCP shows the normal 49152-65535 configured, yet something is causing it to open connections outside of the range. It makes firewall configuration exceptionally difficult without opening up blanket holes throughout.

I'm curious as to how common this is, how others are addressing this, and most importantly I'm wondering if it's feasible for the Agent at some time in the future to encapsulate all of this traffic into one transport port in a similar way to Cloud Connect?
Dima P.
Product Manager
Posts: 14396
Liked: 1568 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Veeam uses not default ports

Post by Dima P. »

Hi Eliot,

The specified range is correct. Need some time to check the overlap with Exchange - stay tuned.

EDIT: This RPC range it a default one for any Windows application. In case of overlap (when port is taken by one application and another is trying to use the same one) – application tries to use any other idle port from this range
Post Reply

Who is online

Users browsing this forum: No registered users and 19 guests