Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Backup Exec 2012 job fails to Linux server with firewall enabled

Created: 15 Nov 2012 | 3 comments

Hello,

We have been in the process of migrating from Backup Exec 2010 R3 to Backup Exec 2012. We have several Redhat Enterprise Linux 5 servers that we have been successfully backing up for the last few years. The firewall has been enabled on these servers and we have opened the necessary ports in the firewall to allow the backup jobs to complete successfully. Port 10000 and 6101 have been opened, along with a range of 1025-1050. The Backup Exec Media Server is set to use the port range 1025-65535.

Since migrating to Backup Exec 2012, the jobs to the Linux servers fail. If we turn the firewall off on the server, the backup job completes successfully. We've tried enabling the firewall and opening other ranges of ports and still it fails. We have read numerous KB articles that lists the ports required for Backup Exec and we can't figure out what we are missing. Everything worked perfect with Backup Exec 2010 R3 with the exact same firewall settings.

The error message we see on the Media Server is:

0xe000ff11 - A communications failure has occurred with a Linux or Unix resource.

Ralus version:

ralus=1798.189571
mdm=MDM_v0.0.6149.HF4a
vxms=VxMS_4.4_038a
 

Backup Exec 2012 SP1a + HF189571 

Comments 3 CommentsJump to latest comment

Backup_Exec's picture

Hi

Please click on link below & ensure you have open 25 ports bidrectionally and you have specified same in backup exec too by going to backup exec setting -network security and 25 ports which you have opened are specified there

http://www.symantec.com/docs/TECH167456

Hope that helps

Thanks

Sameer

Don't forget to give a "Thumbs Up" or Mark as "Solution" if someones advice has helped you.

rockshox's picture

Hello,

Thank you for the link, however we have already confirmed that there are 25 open ports as mentioned in my original post. We have opened 1025-1050 and confirmed that they are definitely open. Port 10000 is also confirmed to be open. If we install the older version of Ralus, and use BackupExec 2010 R3, the backups work perfectly. If we update to the version of Ralus provided with BackupExec 2012 (+ any updates that came in over LiveUpdate), the backups fail with the exact same firewall setup. The port range in Backup Exec 2012 is the  default 1025-65535. From what the manual says, BackupExec should find that we have opened 1025-1050 with out the need to directly specify 1025-1050 at the Media Server. 

According to the BE 2012 Admin manual:

"You enter the port range. If the first port that Backup Exec attempts to use is not available, Backup Exec attempts to use one of the other ports in the range. If none of the ports in the range is available, Backup Exec uses any available dynamic port. Default port ranges are 1025 to 65535. Symantec recommends using a range of 25 allocated ports for the remote system if you use Backup Exec with a firewall." 

As a workaround, I've added a rule in iptables that allows all traffic from our Media Server. With this rule we got a successful backup last night. This doesn't however solve the original problem of what changed in 2012 that is causing backups to fail when the correct ports are open. 

Colin Weaver's picture

If your firewall is in place then you can't leave BE on 1025 - 65535 BE MUST match that range that you have enabled on the firewall if not BE could try and use a port that is denied on the firewall.

Also I have a feeling available port means not in use at the time and no check is done on your firewall to see if that port is allowed.

Also port 6101 is an inbound port on the media server, rather than inbound port on the Linux system