EV & Discovery Firewall rules (Windows 2008 R2)
I have two new EV servers that I will migrating to "64bit", EV01 that has all all the standard tasks of an EV server for Microsoft Exchange needs and another EV02 that only has the Journaling task with eDiscovery.
My issue is... there is no single document on what is required as to what needs to be done so it all works together within a Windows 2008 R2 environment with the Firewall ON. I'm told every environement is potentially different. Well I'm sure it is but there must be some basic steps to get Enterprise Vault to work base on a standard Windows 2008 R2 with the Firewall turn ON I dont think its that magical but what Enterprise Vault & eDiscovery need seem to be. I keep on discovering what is needed as I come accross each of the issue. To date here is a high level of what I have done.
CONFIGURE INBOUND FIREWALL RULES (BOTH SERVERS)
1-Enable from the Component Services the "COM+ network access (DCOM-In)" and then addport range
Right-click My Computer and select Properties.
Click the Default Protocols tab.
Select Connection-oriented TCP/IP, and click Properties.
Use the Add button to add the required port range, for example, "49153-49453"
2-Run the following command from CMD windows with Administrator previlages (BOTH SERVERS)
netsh advfirewall firewall add rule name = RPC-eVault dir = in protocol = tcp action = allow localport = 135 remoteip = localsubnet profile = DOMAIN
netsh advfirewall firewall add rule name = RPC-eVault dir = in protocol = udp action = allow localport = 135 remoteip = localsubnet profile = DOMAIN
For both rule set the specific port range as in step #1 (49153-49453) as per the one done in step # 1
3-Allowing Enterprise Vault to communicate with Discovery Accelerator through the firewall in Windows Server 2008 R2 (EV02 ONLY)
1. Click the Windows Start menu, and then click Control Panel.
2. Click System and Security, and then click Windows Firewall.
3. Click Allow a program or feature through Windows Firewall.
4. Click Change settings, and then click Allow another program.
5. Click Browse, and then browse to the Discovery Accelerator program folder (typically, C:\Program Files (x86)\Enterprise Vault Business Accelerator).
6. Click AcceleratorService.exe, and then click Open.
7. Click Add, and then click OK.
4- Additionalallowed program
Follow steps describe in # 3
from the EV01 server (That has all the archiving tasks)
C:\Program Files (x86)\Enterprise Vault\DirectoryService.exe
from the EV02 server (Where the journaling task is and eDiscovery)
C:\Program Files (x86)\Enterprise Vault Business Accelerator\AnalyticsServerApp.exe
C:\Program Files (x86)\Enterprise Vault Business Accelerator\AcceleratorManager.exe
* the programs were added following reviewing windows logs for the Firewall under
Application and Services Logs -> Microsoft -> Windows -> Windows Firewall with Advanced Security -> Firewall
I will keep on testing my configuration but if someone has any experience with this it would be very much appriciate if you could help me