There are two options to deploy a Change Auditor 6.x and 7.x Agents to a firewalled machine.
1. Manually install the agent (likely the preferred method) - This can be done by copying the agent MSI (located in the extracted downloaded files \installation\msi folder) to the target server and install the file manually.
2. Open specific firewall ports to deploy the agent via the deployment wizard - File & Printer Sharing ports (TCP 135, & TCP 445)
Once the Change Auditor Agent is installed the following ports are required for the Agent to communicate with Coordinator / SQL / Active Directory:
- Changeauditor Agent APort (inbound) (found by looking at the Quest.ChangeAuditor.Coordinator SCP object in AD or from the Coordinator Status of the Coordinator System Tray icon)
Example:
Agent (originating port: RPC (dynamic)) => Coordinator (destination port from RPC range selected automatically during Coordinator installation (dynamic))
How to find the Coordinator Agent port:
ADSIEdit.msc method:
- Open ADSI Edit and navigate to the Change Auditor Coordinator server Active Directory Object
- For Change Auditor Agent port right-click on the Quest.ChangeAuditor.Coordinator SCP object and select "Properties"
- The SCP port is listed in the "serviceBindingInformation" attribute as "APort"
The port information can also be found by right clicking the Coordinator System Tray icon and selecting Coordinator Status. The ports are listed at the bottom of the page.
Please note: If you have a Change Auditor version prior to 6.9.5, any folder/registry paths referenced may contain a non-Quest branded path.