Standalone backup agent for Microsoft Windows servers and workstations (formerly Veeam Endpoint Backup FREE)
Post Reply
evilaedmin
Expert
Posts: 176
Liked: 30 times
Joined: Jul 26, 2018 8:04 pm
Full Name: Eugene V
Contact:

VAW listens on port 6185 despite 6184 available

Post by evilaedmin »

Case # 03410170. Support says this is expected behavior but I would like to control it, it makes planning for organization firewall requests very difficult.

Edit: I reinstalled agent after posting this and it is still listening on 6185 and not 6184. I have not yet tried to install it on a different system.

(https://helpcenter.veeam.com/docs/backu ... l?ver=95u4) it is stated:
[From VBR server] 6184 Default port used for communication with the Veeam Agent for Microsoft Windows Service.If the default port number is already in use, Veeam Agent for Microsoft Windows Service will try to use the next port number.
However in my case, on the agent appears to be listening on 6185 despite 6184 not being in use:

Code: Select all

PS C:\Windows\system32> netstat -atn | select-string 'LISTEN'  
#snip 
TCP    0.0.0.0:5985           0.0.0.0:0              LISTENING       InHost  
TCP    0.0.0.0:6160           0.0.0.0:0              LISTENING       InHost  
TCP    0.0.0.0:6183           0.0.0.0:0              LISTENING       InHost 
TCP    0.0.0.0:6185           0.0.0.0:0              LISTENING       InHost  
TCP    0.0.0.0:7937           0.0.0.0:0              LISTENING       InHost
 
I can confirm that the VBR server fails to inventory the agent as it is sending SYN packets to port 6185, which is not passed through our firewall.on the VBR Server:

Code: Select all

PS C:\Windows\system32> netstat -at | Select-String '6185'  TCP    10.64.22.6:59372       dfstst01b:6185         SYN_SENT        InHost      
Dima P.
Product Manager
Posts: 14945
Liked: 1833 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: VAW listens on port 6185 despite 6184 available

Post by Dima P. »

Hi Eugene,

Port availability is checked during Veeam Agent service start and it the port has already been taken, we will reserve another port. Likely 6184 was taken but then released, thus you see that 6185 is used instead. Makes sense?
evilaedmin
Expert
Posts: 176
Liked: 30 times
Joined: Jul 26, 2018 8:04 pm
Full Name: Eugene V
Contact:

Re: VAW listens on port 6185 despite 6184 available

Post by evilaedmin » 2 people like this post

Hi Dima,

All makes sense except that it is incorrect. Nothing using 6184.

I'm not strong on Windows but I ran procmon which led me to the key:

Code: Select all

HKLM\SOFTWARE\Veeam\Veeam Endpoint Backup\
Index:	5
Name:	ForeignManagementPort
Type:	REG_DWORD
Length:	4
Data:	6185
Changed it to 6184 and everything is fine. Not sure why support couldn't give me this information on first contact. Case was pretty simple, please help me change agent port to correct setting.
Dima P.
Product Manager
Posts: 14945
Liked: 1833 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: VAW listens on port 6185 despite 6184 available

Post by Dima P. »

Eugene,

Thanks a lot for sharing. I'll pass this feedback to RnD team and we will investigate this behavior.

P.S. Just to double check Any chance this key was set by you due to request from our support engineer?
evilaedmin
Expert
Posts: 176
Liked: 30 times
Joined: Jul 26, 2018 8:04 pm
Full Name: Eugene V
Contact:

Re: VAW listens on port 6185 despite 6184 available

Post by evilaedmin »

P.S. Just to double check Any chance this key was set by you due to request from our support engineer?
Hi Dima,

No chance. The case as a whole did not make much progress.

To clarify: I originally installed the agent manually using the setup installer. Subsequent reinstalls using VBR continued to launch on port 6185.

Could you confirm: Is this key removed on uninstall or does it need to be manually removed where it was entered by I assume the Agent itself?
Dima P.
Product Manager
Posts: 14945
Liked: 1833 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: VAW listens on port 6185 despite 6184 available

Post by Dima P. »

Thanks! Checking with RnD team, stay tuned.
Dossing
Influencer
Posts: 21
Liked: 3 times
Joined: May 17, 2021 11:40 am
Full Name: Søren Døssing
Location: Denmark
Contact:

Re: VAW listens on port 6185 despite 6184 available

Post by Dossing »

We are staying tuned.
Meanwhile it's 2021 and still an issue.
Dima P.
Product Manager
Posts: 14945
Liked: 1833 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: VAW listens on port 6185 despite 6184 available

Post by Dima P. »

Hello Dossing,

Windows agent has a port failover logic, so if during Veeam Agent Service start the needed port is occupied by any other process, agent service will start to use next port it the list. The 6184 port in the question is used locally for Veeam agent components communication. Can you ensue that no other application is using 6184? Thanks!
Dossing
Influencer
Posts: 21
Liked: 3 times
Joined: May 17, 2021 11:40 am
Full Name: Søren Døssing
Location: Denmark
Contact:

Re: VAW listens on port 6185 despite 6184 available

Post by Dossing » 1 person likes this post

Hi Dima,

I just wish there was an option to force the agent to stay on the default port.
Dima P.
Product Manager
Posts: 14945
Liked: 1833 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: VAW listens on port 6185 despite 6184 available

Post by Dima P. »

Understood, thank you for the feedback we will discuss it with RnD team!
Dossing
Influencer
Posts: 21
Liked: 3 times
Joined: May 17, 2021 11:40 am
Full Name: Søren Døssing
Location: Denmark
Contact:

Re: VAW listens on port 6185 despite 6184 available

Post by Dossing »

Further investigatedt the issue. It is caused by the agent it self!
The agent was already installed, and the Backup Server when doing a scan, for some reason decides it needed to do a "repair".
It then checks the used ports before the port 6184 is released by the running agent. Hence moving the used port to 6185.
mdiver
Veeam Legend
Posts: 253
Liked: 43 times
Joined: Nov 04, 2009 2:08 pm
Contact:

Re: VAW listens on port 6185 despite 6184 available

Post by mdiver » 1 person likes this post

We were just facing the same issue (V11 latest).
Port 6184 definitely was and is free. VAW still decided to use 6185. On another identical system it took 6184.
In a controlled environment with FW rules in place this leads to agent backups working one time while not working another time.
Error in console during agent discovery is misleading as well: "Failed to send certificate, but certificate is required for remote agent management"

Feature request would be a bit more visibility when defaulting to non-standard ports in VAW and VBR as well.

Thanks,
Mike
Post Reply

Who is online

Users browsing this forum: No registered users and 9 guests