-
- Veteran
- Posts: 515
- Liked: 100 times
- Joined: Sep 17, 2017 3:20 am
- Full Name: Franc
- Contact:
Failed to open deployer service management port
Hi,
Case # 07053128
When changing settings our immutable repository we get the following warnings:
Warning Failed to open deployer service management port
Warning Failed to close deployer service management port
According to support this is because we don't have a firewall installed on the repository server and this is a new pre-requisite of V12.1. We don't have a firewall on the repo-server itself, since we have a hardware firewall in front of it and the repo server is in it's own zone.
The documentation about this new pre-requisite doesn't mention this because it's still in the process of being updated. However, in my opinion, Veeam shouldn't raise this warning if it doesn't detect a firewall installed on the repository server.
Also, the Security & Compliance analyzer doesn't have a check for the missing firewall on the Linux repository.
So is it really true that you must have a firewall (uwf or iptables) installed on the immutable repository server, or is this a product glitch and we can safely ignore this warning for now?
Case # 07053128
When changing settings our immutable repository we get the following warnings:
Warning Failed to open deployer service management port
Warning Failed to close deployer service management port
According to support this is because we don't have a firewall installed on the repository server and this is a new pre-requisite of V12.1. We don't have a firewall on the repo-server itself, since we have a hardware firewall in front of it and the repo server is in it's own zone.
The documentation about this new pre-requisite doesn't mention this because it's still in the process of being updated. However, in my opinion, Veeam shouldn't raise this warning if it doesn't detect a firewall installed on the repository server.
Also, the Security & Compliance analyzer doesn't have a check for the missing firewall on the Linux repository.
So is it really true that you must have a firewall (uwf or iptables) installed on the immutable repository server, or is this a product glitch and we can safely ignore this warning for now?
-
- Veteran
- Posts: 515
- Liked: 100 times
- Joined: Sep 17, 2017 3:20 am
- Full Name: Franc
- Contact:
Re: Failed to open deployer service management port
update: just installing the ufw package without activating and configuring it removes the warning when modifying the setting of the immutable repository.
Now it reports:
Opening deployer service management port
Closing deployer service management port
So this looks like a glitch in VBR to me since opening and closing the port on an inactive UFW firewall doesn't have any effect
Now it reports:
Opening deployer service management port
Closing deployer service management port
So this looks like a glitch in VBR to me since opening and closing the port on an inactive UFW firewall doesn't have any effect
-
- Novice
- Posts: 3
- Liked: 1 time
- Joined: Dec 28, 2023 1:13 pm
- Contact:
Re: Failed to open deployer service management port
Same error here when trying to change the mount server
-
- Veeam Software
- Posts: 361
- Liked: 72 times
- Joined: Jul 03, 2023 12:44 pm
- Full Name: Rovshan Pashayev
- Location: Czechia
- Contact:
Re: Failed to open deployer service management port
Hello guillaumedb,
Could you share the steps you're taking to change the mount server?
Knowing the process will assist in pinpointing where the error is occurring.
Rovshan.
Could you share the steps you're taking to change the mount server?
Knowing the process will assist in pinpointing where the error is occurring.
Rovshan.
Rovshan Pashayev
Analyst
Veeam Agent for Linux, Mac, AIX & Solaris
Analyst
Veeam Agent for Linux, Mac, AIX & Solaris
-
- Novice
- Posts: 3
- Liked: 1 time
- Joined: Dec 28, 2023 1:13 pm
- Contact:
Re: Failed to open deployer service management port
Hello
Going to Backup repository, my harened repository, "mount server" in the left panel, and changing parameter to veeam server (was on host before)
Going to Backup repository, my harened repository, "mount server" in the left panel, and changing parameter to veeam server (was on host before)
-
- Product Manager
- Posts: 9385
- Liked: 2500 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Failed to open deployer service management port
Hi @FrancWest, @guillaumedb
We will check this internally and come back with an answer. If a firewall is mandatory in v12.1, we will update the user guide and release notes.
Best,
Fabian
We will check this internally and come back with an answer. If a firewall is mandatory in v12.1, we will update the user guide and release notes.
Indeed. Thanks for reportingNow it reports:
Opening deployer service management port
Closing deployer service management port
So this looks like a glitch in VBR to me since opening and closing the port on an inactive UFW firewall doesn't have any effect
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Novice
- Posts: 3
- Liked: 1 time
- Joined: Dec 28, 2023 1:13 pm
- Contact:
Re: Failed to open deployer service management port
No more warning after installing UFW on repository
-
- Product Manager
- Posts: 14599
- Liked: 2969 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: Failed to open deployer service management port
Hello,
first: there seems to be a misunderstanding somewhere. The "warning" is not a "system requirement". We implemented the warning to show customers, that the automatic setting of firewall rules did not work. In most cases, that's no problem, because Linux admins in most cases know what they do So you can simply ignore the warning.
An alternative workaround is disabling firewall management globally
On the backup server set the following to keys (HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Backup and Replication, DWORD)
LocalLinuxAutoOpenPortsOnThisHost = 0
LinuxAutoOpenPorts = 0
Best regards,
Hannes
first: there seems to be a misunderstanding somewhere. The "warning" is not a "system requirement". We implemented the warning to show customers, that the automatic setting of firewall rules did not work. In most cases, that's no problem, because Linux admins in most cases know what they do So you can simply ignore the warning.
An alternative workaround is disabling firewall management globally
On the backup server set the following to keys (HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Backup and Replication, DWORD)
LocalLinuxAutoOpenPortsOnThisHost = 0
LinuxAutoOpenPorts = 0
Best regards,
Hannes
-
- Veteran
- Posts: 515
- Liked: 100 times
- Joined: Sep 17, 2017 3:20 am
- Full Name: Franc
- Contact:
Re: Failed to open deployer service management port
Hi,
thanks, but why not first detect if a firewall is installed on the repository and then raise a warning if something went wrong? Now you raise a warning for something that will never work because the required package is not installed.
Please don't go down the road that warnings are being raised which can be ignored if they aren't applicable.
Franc.
thanks, but why not first detect if a firewall is installed on the repository and then raise a warning if something went wrong? Now you raise a warning for something that will never work because the required package is not installed.
Please don't go down the road that warnings are being raised which can be ignored if they aren't applicable.
Franc.
-
- Product Manager
- Posts: 14599
- Liked: 2969 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: Failed to open deployer service management port
Hello,
well, if a customer is using nftables for example, then the warning would be useful. Writing a "green" message with "iptables / ufw / firewall-cmd not found" would be an alternative that might be overlooked (vs. a warning which is more likely to be read). In any case, we will discuss internally about improvements in this area. Thanks for bringing it up!
Best regards,
Hannes
well, if a customer is using nftables for example, then the warning would be useful. Writing a "green" message with "iptables / ufw / firewall-cmd not found" would be an alternative that might be overlooked (vs. a warning which is more likely to be read). In any case, we will discuss internally about improvements in this area. Thanks for bringing it up!
Best regards,
Hannes
Who is online
Users browsing this forum: oleg.feoktistov and 219 guests