There are two options to deploy a ChangeAuditor Agent to a firewalled machine.
- Manually install the agent (likely the preferred method) - This can be done by copying the agent MSI (located in the extracted downloaded files \installation\msi folder) to the target server and install the file manually
- Open specific firewall ports to deploy the agent via the deployment wizard - File & Printer Sharing ports (TCP 135, UDP 137, UDP 138, TCP 139, & TCP 445)
Once the ChangeAuditor Agent is installed the following ports are required for the Agent to communicate with Coordinator / SQL / Active Directory:
- SQL port 1433 (inbound) (required for 5.x Agents only)
- Change Auditor Agent port (inbound) (found by looking at the ChangeAuditor.Coordinator SCP object in AD or by viewing the Coordinator Status from the Coordinator System Tray icon)
- LDAP 389 (to all available DC\GC in the domain CA is installed and the root domain)
- Global Catalog (GC) 3268 (to all available GCs in the domain CA is installed and the root domain)
Agent (originating port: RPC (dynamic)) => Coordinator (destination port from RPC range selected automatically during Coordinator installation (dynamic))
Agent (originating port: RPC (dynamic)) => SQL (destination port for SQL 1433 (Default))
Agent (originating port: RPC (dynamic)) => LDAP (destination port for LDAP (389) on available DC)
Agent (originating port: RPC (dynamic)) => GC (destination port for GC (3268) on available GC)
How to find the Coordinator Agent and Client port:
Coordinator Status method (version 6.9.5 and later):
- Open the System Tray on the Coordinator server
- Right click The Coordinator icon and select Coordinator Status
- The Agent and Client Port are listed at the bottom of the page
- Open ADSI Edit and connect to the Default naming context
- Browse to the computer object for the ChangeAuditor Coordinator
- Expand the computer object, right-click on the ChangeAuditor.Coordinator SCP object and select "Properties"
- Double click serviceBindingInformation
- Scroll to the right
- The Client port is show as Port="xxxxx"
- The Agent port is listed as "<property key="APort" value='xxxxx' />
Agent Status method (version 6.x and later:
- Log onto a machine with a Change Auditor Agent that is currently connected
- Run the following application: C:\Program Files\QuestChangeAuditor\Agent\ServiceStatusTray.exe
- Right click on the new Change Auditor Agent icon in the system tray, and select Agent Status
- Towards the bottom of the window it will list the connected Coordinators, as well as the port.