There was a request by one of the end users that they would like to bring down the Dynamic Ports range. Currently the Microsoft default Dynamic Ports are from 1024-65535.
Therefore the following are requested to be lock down.
The following steps are needed to be perform for all the DPMs and also the protected servers.
Now open up the command prompt (run as Administrator).
View through the Component Services from the Administrative Tools.
Scroll down to Windows Management and Instrumentation and then right click to view the properties :
The click on the Endpoints Properties of the TCPIP.
Should be able to see as above.
Next is to amend the Registry for the Dynamic Port range. Execute the command with regedt32 and not regedit
Scroll down to the HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\
Create the key Internet
Then navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet to create the following
By end of the result, you should see the below.
Reboot the Protected Servers, Primary DPM & the Secondary DPM server
Configure the Firewall ports accordingly as below to allow the Primary DPM server and the Secondaray DPM server to communicate. Also the firewall MUST allow the Secondary DPM server to communicate with the Primary Protected Servers by having the firewall ports configured too.
Thanks to the TechNet resource and also to Lai YS for his guide.
keywords : DPM to DPM replication, limit Dynamic ports, firewall configuration for DPM 2010 DPM 2007, Protected servers through firewall
No comments:
Post a Comment