lundi 23 avril 2012
[Ports used] How to protect TMG with DPM : Part 1
After my article on the Microsoft MVP Award Program Blog, you will found the "full" version of it.
When we try to protect a Forefront TMG (or UAG) server with Microsoft System Center Data Protection Manager (DPM) 2010, we naturally apply the required port official listed on this article: http://technet.microsoft.com/en-us/library/ff399341.aspx. But we meet the following error when we try to attach the agent deployed on the TMG server (http://technet.microsoft.com/en-us/library/bb870935.aspx) to the DPM 2010 server:
This error means that some required ports are missing in Forefront TMG, confirmed by the entry on the event log on the DPM server:
Indeed when we make some tests we observe that the DPM server can't reach properly the TMG server on the required protocols.
First of all a ping to the TMG / UAG server fail:
The administrative file sharing access too:
The RPC call is also not reachable:
And finally the WMI call fails:
Next we will see the different objects to create in order to minimize the surface area on our TMG firewall in order to make the DPM protection work fine.