Return
-
Title
DSA Error 0xe110001a. Cannot initialize Migration Agent on host ... -
Description
DSA log reports:
Common AcAdSwitches Error 0xe110001a. Cannot initialize Migration Agent on host "Servername". Check firewall settings on the domain controller.
Error 0x800706ba. The RPC server is unavailable.
-
Cause
Tthe firewall on DC is preventing the access.
Note: Earlier versions of Mcafee do not seem to cause this issue, newer ones may -
Resolution
Workaround 1
Follow the instructions outlined in the documentation and in the SOL14630 to specify a preferred DC and GC.
Then follow the instructions outlined in the QMM Installation Guide:
Step 4: Open the Required Ports on Servers, Routers, and Firewalls
Since the Migration Manager agents are installed and updated from the console over RPC and the agents transfer data directly between source and target servers over RPC as well, RPC traffic must be allowed over the routers separating the subnets.
Make sure that ports 135, 137, 138, and 139 are open on the following machines:
• Source and target servers
• Routers separating the subnets
• FirewallsStep 5: Configure Windows Server 2008 Firewall
Windows Server 2008 has built-in firewall that is enabled by default. To migrate passwords and SIDHistory, you need to modify the firewall settings on a target domain controller and create a new inbound rule. This is also required for proper operation of the Undo Wizard and for SIDHistory Cleanup using the Active Directory Processing Wizard.
• To create a new rule on an x86 target domain controller, run the following command:
netsh advfirewall firewall add rule name="Quest Migration Manager Agent" dir=in action=allow program="%SystemRoot%\System32\AelAgentMS.exe"
• To create a new rule on an x64 target domain controller, run the following command:
netsh advfirewall firewall add rule name="Quest Migration Manager Agent" dir=in action=allow program="%SystemRoot%\System32\AelAgentMS64.exe"
Alternatively, you can create a new rule using the New Inbound Rule Wizard. To run the wizard:
1. Open the Server Manager console on a target domain controller.
2. Navigate to Configuration | Windows Firewall with Advanced security | Inbound Rules in the console tree.
3. Click New Rule…
In case of two-way directory synchronization, you should perform the same actions on the source domain controller.Workaround 2Disable McAfee on-access protection. -
Additional Information
The error will not appear and you will be able to migrate objects if you decide to migrate them without SID History and passwords, so this can be used as temporary workaround, until the DC is configured properly. How to specify a Domain Controller for Directory Synchronization to use https://support.quest.com/SolutionDetail.aspx?id=SOL14630&pr=