Tuesday, April 24, 2012

DPM–DPM to DPM Replication with DPM 2010 / DPM 2012 through Firewall

There was a request by one of the end users that they would like to bring down the Dynamic Ports range. Currently the Microsoft default Dynamic Ports are from 1024-65535.

Therefore the following are requested to be lock down.

image

The following steps are needed to be perform for all the DPMs and also the protected servers.

Now open up the command prompt (run as Administrator).

image

View through the Component Services from the Administrative Tools.

DPMPRDSVR-05-13

Scroll down to Windows Management and Instrumentation and then right click to view the properties :

DPMPRDSVR-05-17

The click on the Endpoints Properties of the TCPIP.

Should be able to see as above.

Next is to amend the Registry for the Dynamic Port range.  Execute the command with regedt32 and not regedit

DPMPRDSVR-05-19

Scroll down to the HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\

image

Create the key Internet

Then navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet to create the following

image

By end of the result, you should see the below.

image

Reboot the Protected Servers, Primary DPM & the Secondary DPM server

Configure the Firewall ports accordingly as below to allow the Primary DPM server and the Secondaray DPM server to communicate.  Also the firewall MUST allow the Secondary DPM server to communicate with the Primary Protected Servers by having the firewall ports configured too.

image

Thanks to the TechNet resource and also to Lai YS for his guide.

keywords : DPM to DPM replication, limit Dynamic ports, firewall configuration for DPM 2010 DPM 2007, Protected servers through firewall

No comments:

Post a Comment