Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.
Unable to Protect Windows Server with RRAS / Direct Access Role Installed
Description
A condition exists in which RRAS / Direct Access will block incoming connections, even when the firewall is disabled. Users can ping the Core to the agent and the agent to the Core. TCP view shows that there are no conflicts on Port 8006. The agent can communicate with the Core over port 8006, however the Core cannot connect with the agent or port 8006. Users are unable to perform a protection task from the Core to the agent through a browser, but the agent can communicate with itself.
Cause
RRAS supports IP packet filtering, which specifies which type of traffic is allowed into and out of the RRAS server. The packet filtering feature is based on exceptions.
Resolution
There are a few potential solutions to this issue. Please review all of them before selecting an option.
Option 1 (This option is not supported by Quest Support. Making changes as directed in Step 7 can potentially cause loss of connectivity if proper configuration is not done.)
Log onto the RRAS server with administrative rights (if the server is in domain network use the domain administrator credentials )
Open Server Manager
Open Routing and Remote Access MMC. Go to Tools -> Routing and Remote Access
In the left panel select [Server_Name], expand IPv4, select General.
Double click on the Interface name that you are trying to use for protection, to open its properties
Click “Inbound Filters...” button
In the following dialog click “New…” button
Add a rule to allow incoming TCP packets to destination port 8006
Select “Destination network” checkbox
Choose “TCP” option from “Protocol:” dropdown
Set “Source port:” to 8006
Click “Ok”
In analogy to step 8 add next rules:
To allow incoming TCP packets from the source port 8006
To allow incoming TCP packets to the destination port 8009
To allow incoming TCP packets from the source port 8009
10. Click “Ok” to apply Inbound Filters settings
Click “Outbound Filters…” button
Repeat steps from 7 to 9 in Outbound Filters dialog to add next rules:
To allow outgoing TCP packets from the source port 8006
To allow outgoing TCP packets to the destination port 8006
To allow outgoing TCP packets from the source port 8009
To allow outgoing TCP packets to the destination port 8009
These ports are used by Core and Agent to communicate with each other.
Option 2 (Disable IPv6 and RRAS Role if it is not used)
Disable IPv6 via the network adapter settings and registry (click here for more information).
Remove the RRAS Role if it is not used.
Option 3 (Add a second IPv4 address to the current NIC)
On the production server, right-click the network adapter, select Properties, and select IPv4. Click the Properties button.
Click 'Advanced' to bring up advanced properties for IPv4.
Add a second IP - use the same subnet and mask. Be sure that this is a valid IP for the network configurations.
Protect the server using this second IP address rather than the host name.
Option 4
Add a new network adapter to the server
Stop the Agent service
Edit the following registry key on the agent to match the IP address of the newly added NIC: HKEY_local_machine>Software>AppRecovery>agent>serviceHost>ServiceBaseAddress from https://[serverHostName]:8006/apprecovery/api to https://[New_Server_IP]:8011/apprecovery/api
Then run the following under an admin command prompt: "netsh http add iplisten xxx.xxx.xxx.xxx" (replace xxx with new IP address)
Your Request will be reviewed by our technical reviewer team and, if approved, will be added as a Topic in our Knowledgebase.
Welcome to Quest Support
You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.
The Quest Software Portal no longer supports IE8, 9, & 10 and it is recommended to upgrade your browser to the latest version of Internet Explorer or Chrome.