| Author |
Message |
Whispering Leaf
Guest
|
 Posted:
Mon Oct 31, 2005 5:51 pm Post subject:
DCOM PORT RANGE? |
|
|
Can someone explain how to allow MOM to work for hosts in a DMZ?
What is meant by DCOM PORT RANGE?
How do I configure this?
Thanks ... |
|
| Back to top |
|
 |
Daniel Lai [MVP-Managemen
Guest
|
| Posted:
Tue Nov 01, 2005 1:50 am Post subject:
Re: DCOM PORT RANGE? |
|
|
Hello,
Thank you for your posting!
It are Dynamic ports.
So, You are unable to configure the firewall between MOM and MOM Agent,
Please install the MOM agent locally on the Server at DMZ, and then allow
the port 1270 on the firewall.
If you have any questions, please feel to let me know. I am glad to be of
assistance.
--
Daniel Lai
Microsoft MVP Program Top Contributor
Windows Server-Management Infrastructure
Microsoft Management Solution Consultant
http://msmvps.com/daniel
"Whispering Leaf" <WhisperingLeaf@discussions.microsoft.com> wrote in
message news:30F6C6DB-23F9-4881-AA70-22CE9EE527C6@microsoft.com...
| Quote: | Can someone explain how to allow MOM to work for hosts in a DMZ?
What is meant by DCOM PORT RANGE?
How do I configure this?
Thanks ... |
|
|
| Back to top |
|
|
davidtyra@hotmail.com
Guest
|
| Posted:
Tue Nov 01, 2005 5:51 pm Post subject:
Re: DCOM PORT RANGE? |
|
|
The management server uses DCOM to push the agent installation to other
servers. DCOM uses a dynamic range of ports (meaning it does not use
the same ports for each connection). If a firewall exists between the
management server and the prospective agent, the firewall would have to
keep the entire DCOM range of ports open in order to allow the push
installation of the MOM agent and other management server
communication. This is a large range of ports so this is not usually
acceptable to firewall administrators because it poses a significant
security risk (the firewall is basically opened up). Instead, you
should manually install agents on servers in a DMZ and set the Agent
Control Level to None. This only requires that port 1270 (UDP and TCP)
be open on the firewall to allow the agent to communicate with the
management server.
If you search on "MOM 2005" and "firewall", you will find a number of
articles that will explain this in great detail.
Regards,
David Tyra |
|
| Back to top |
|
|
Arie de Haan
Guest
|
| Posted:
Wed Nov 02, 2005 9:51 pm Post subject:
Re: DCOM PORT RANGE? |
|
|
In article <30F6C6DB-23F9-4881-AA70-22CE9EE527C6@microsoft.com>,
WhisperingLeaf@discussions.microsoft.com says...
| Quote: | Can someone explain how to allow MOM to work for hosts in a DMZ?
What is meant by DCOM PORT RANGE?
How do I configure this?
Thanks ...
The DCOM port range would be any port above 1023. As a firewall admin |
you don't want that (for obvious reasons) therefore pushing an mom agent
accross the firewall is not supported.
You have to install the agent manually at the machines in the DMZ, but
before that you have to map port 1270 TCP and 1270 UDP on the firewall
to the internal MOM management server.
Then you can install the agent in the DMZ and then have the ip-address
filled in whre it asks for the Management server, or if you have dns set
up correctly in your DMZ, you could use the hostname which maps to the
DMZ facing NIC of the firewall.
--
Greetz,
Arie
This posting is provide "AS IS" with no guarantees, warranties, rigths
etc. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in