- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Systems Insight Manager
- >
- Version Control / Firewall Issues
Server Management - Systems Insight Manager
1753731
Members
4559
Online
108799
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-12-2010 01:08 PM
тАО01-12-2010 01:08 PM
Version Control / Firewall Issues
I have several boxes in a DMZ that I'm trying to get configured to work with my CMS/VC server that's outside the firewall (trusted corp cloud). SIM monitoring works, I can access the SMH on the managed boxes, but I am unable to configure VC on the clients. When I try to configure the client, it says the repository is invalid or unreachable. I have the firewall setup as the doc states...
CMS/VC > DMZ tcp:80
CMS/VC > DMZ tcp:2301
CMS/VC > DMZ tcp:2381
CMS/VC > DMZ udp:161
DMZ > CMS/VC tcp 2381
DMZ > CMS/VC tcp:80
CMS/VC > DMZ tcp:22
I have run Netmon while on SMH and trying to configure the repository...all that port info is valid, tho Netmon also shows DMZ trying to comm back to CMS/VC on 2301 as well, which I don't see in the white papers. Can I get validation that this is correct, and is there any supporting documentation on this? Thanks!
CMS/VC > DMZ tcp:80
CMS/VC > DMZ tcp:2301
CMS/VC > DMZ tcp:2381
CMS/VC > DMZ udp:161
DMZ > CMS/VC tcp 2381
DMZ > CMS/VC tcp:80
CMS/VC > DMZ tcp:22
I have run Netmon while on SMH and trying to configure the repository...all that port info is valid, tho Netmon also shows DMZ trying to comm back to CMS/VC on 2301 as well, which I don't see in the white papers. Can I get validation that this is correct, and is there any supporting documentation on this? Thanks!
5 REPLIES 5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-12-2010 01:58 PM
тАО01-12-2010 01:58 PM
Re: Version Control / Firewall Issues
From what I recall, we need to set up ports to be open in BOTH directions, which it looks like you have already done. From your list, the only that is missing is:
DMZ > CMS/VC tcp 2301
Might be worth a try to allow that port open from DMZ to VC as well, just to eliminate it as a possibility. And who knows - you might get lucky and it will be the fix.
Nelson
DMZ > CMS/VC tcp 2301
Might be worth a try to allow that port open from DMZ to VC as well, just to eliminate it as a possibility. And who knows - you might get lucky and it will be the fix.
Nelson
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-12-2010 02:08 PM
тАО01-12-2010 02:08 PM
Re: Version Control / Firewall Issues
I'm sure you're right; it's needs both ways on 2301, as proven by my netmon while doing it. I wish I could make the change, but unfortunately, I don't own the firewall and in order to get the change in, I need documentation to support the change. Every HP doc I've seen on managing it through the firewall shows 2301 unidirectional only from CMS to DMZ. I called HP, asked them to send me updated white paper and it still shows uni...I asked them to update it with bidirectional...waiting to hear back. Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-15-2010 01:45 PM
тАО01-15-2010 01:45 PM
Re: Version Control / Firewall Issues
Are the DMZ servers using the same DNS servers as the internal ones?
If not, the verify you have proper name resolution for the CMS/VCRM server if you've configured the VCA to contact it by host name. If the DMZ servers are in a different domain then you may also have to specify the FQDN & not just the CMS host name.
Is the VCA account name correct? If it's a domain name then you must include that as well (eg. myCMSdomain\myCMSVCaccount) otherwise it will be attempted as a local account on CMS/VCRM server which will result in the same type message you've mentioned.
If not, the verify you have proper name resolution for the CMS/VCRM server if you've configured the VCA to contact it by host name. If the DMZ servers are in a different domain then you may also have to specify the FQDN & not just the CMS host name.
Is the VCA account name correct? If it's a domain name then you must include that as well (eg. myCMSdomain\myCMSVCaccount) otherwise it will be attempted as a local account on CMS/VCRM server which will result in the same type message you've mentioned.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-15-2010 01:56 PM
тАО01-15-2010 01:56 PM
Re: Version Control / Firewall Issues
BTW, SysInternals Process Explorer is a useful tool to observe what ports & protocol are used.
On DMZ side, select vcagent.exe properties, TCP/IP tab
On CMS/VCRM side, the VCA traffic is proxied through the SMH web ports so select the child hpsmhd.exe process properties (the parent one is monitoring http & https & forwards VCA traffic etc. to it), TCP/IP tab
I believe the 2301 traffic you are seeing from the DMZ is for the backward compatibility mode & from what I've observed in troubleshooting my CMS/VCRM/VCA issue today the VCA is only using https. FYI, My problem was resolved once I realized that the login account setup was not correctly using the required domain name.
On DMZ side, select vcagent.exe properties, TCP/IP tab
On CMS/VCRM side, the VCA traffic is proxied through the SMH web ports so select the child hpsmhd.exe process properties (the parent one is monitoring http & https & forwards VCA traffic etc. to it), TCP/IP tab
I believe the 2301 traffic you are seeing from the DMZ is for the backward compatibility mode & from what I've observed in troubleshooting my CMS/VCRM/VCA issue today the VCA is only using https. FYI, My problem was resolved once I realized that the login account setup was not correctly using the required domain name.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-15-2010 01:59 PM
тАО01-15-2010 01:59 PM
Re: Version Control / Firewall Issues
Speaking of login accounts, are you sure that the login credentials used are correct (ie. is the password case-sensitive & entered correctly)? This could be another reason for not being granted access to CMS VCRM.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP