Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

SSR 2013 Monitor and Windows 7 clients

Created: 23 Jan 2013 • Updated: 29 Jan 2013 | 7 comments
This issue has been solved. See solution.

Hi All,

 

In SSR 2013 Monitor, I am unable to connect to Windows 7 clients running SSR 2013 (or SSR 2011). XP is fine and both have the same firewall policy in SEP 12.1.2.

When trying to connect to a Win7 Console I am given the following possibilities for not connecting (I suspect the last option): Any advice?

I will disable UAC on one system to test connection - but this wouldn't be desireable!

Possible Causes:

1)Computer is not connected to the network.

2)Firewall of the target computer is ON.

3)Supported Backup Exec System Recovery or Symantec System Recovery client is not installed on the target computer.

4)User credentials are incorrect.

5)UAC (User Access Control) security policy is enabled on the computer.

 

 

 

Comments 7 CommentsJump to latest comment

Markus Koestler's picture

2 Suggestions out of the SSR 2013 readme:
1)
You cannot deploy the Symantec System Recovery 2013 Agent to remote machines if Use simple file sharing and File and Printer Sharing are disabled on them. Refer to the Symantec System Recovery 2013 User's Guide for information on how to enable Use simple file sharing and File and Printer Sharing.

2)

You might receive a reconnect error when trying to manage a second computer. This error message appears in the status bar of the product user interface:

Connecting to agent on . You do not have sufficient privileges to perform this operation.

This error might occur because Distributed COM (DCOM) is disabled on the computer.

To enable DCOM:
From the Windows Start menu, click Run.

For Windows Vista, if the Run option is not visible, do the following:

Right-click the Start icon, and click Properties.

On the Start Menu tab, click Customize.

Scroll down and check Run command.

Click OK.
Enter dcomcnfg.exe, and then press Enter.
In the tree on the left, double-click Component Services, and then double-click Computers.
Right-click My Computer, and then select Properties.
Click the Default Properties tab, and then select the Enable Distributed COM on this Computer check box.
Click OK to save the settings.

*** Please mark thread as solved if you consider this to have answered your question(s) ***

rakesh_singh's picture

Hi,

In addition to suggestions made by Markus, please also try connecting using a domain user account or default local admin account with UAC enabled.

Please let me know if it works by either disabling UAC or using a domain/default local admin account. Please also refer to http://www.symantec.com/docs/TECH188450 or readme on how to add exceptions for port 135 and vprosvc.

I have added the content from the read me below for quick reference. Please let us know if even after following Markus and my suggestions you stillf ace issues:

To configure Windows firewall port exceptions

1.Click Start > Run and type firewall.cpl.
2.From the left-pane, click Advanced Settings.
3.Select the Inbound Rules option.
4.On the left-pane, click New rule.
5.Under the Rule Type, select the Port option.
6.Click Next.
7.Select the TCP option.
8.Select the Specific local ports option.
9.In the Specific local ports field, enter 135 as the default port number.
10.Click Next.
11.Select the Allow the connection option.
12.Click Next. Do not modify the default settings.
13.Click Next.
14.In the Rule field, specify a name for this rule.
15.Click Finish.

To configure Windows firewall program exceptions

1.Click Start > Run and type firewall.cpl.
2.From the left-pane, click Advanced Settings.
3.Select the Inbound Rules option.
4.On the left-pane, click New rule.
5.Under the Rule Type, select the Program option.
6.Click Next.
7.Select the This Program Path option.
8.Browse for the following default Vproservice location for Symantec System Recovery:
C:\Program Files (x86)\Symantec\Symantec System Recovery\Agent\Vprosvc.exe

Note:
If your computer is installed with Symantec Backup Exec System Recovery, browse for the following default Vproservice location:

C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Agent\Vprosvc.exe

9.Select the Allow the connection option.
10.Click Next. Do not modify the default settings.
11.Click Next.
12.In the Rule field, specify a name for this rule.
13.Click Finish.

Thanks,
Rakesh

SOLUTION
Rastasandwich's picture

Well I did the test on one Windows 7 client to disable UAC and that allowed communication from the 2013 Monitor (Restoring the defaul UAC setting disabled communication again).

I have the Symantec Protection Suite Small Business Ed. v4.0 bundled product so I also use SEP 12.1.2 for managing the client firewalls (on both XP and 7 - which is the same policy).

XP clients communicate fine, Win 7 clients with UAC enabled don't.

Do you think there's a way to trust the remote monitor process and work "with" UAC enabled?

Rastasandwich's picture

OK, I spoke too soon...

Disabling UAC allowed me to use SSR 2013 Monitor to communicate with my own workstation (SSR 2013 and SSR Monitor installed on the same Windows 7 System). With UAC set to default, I couldn't even communicate with myself through the SSR 2013 Monitor.

I still cannot communicate with networked SSR 2013 Win7 clients in SSR Monitor 2013 even if all firewalls are disabled and UAC is also disabled.

Now I need to confirm that the agent is properly installed.

So in summary:

With my workstation firewalled and UAC enabled, I can communicate with XP32/64 clients with SSR 2011 or SSR 2013 installed. These clients are configured with the "default" Symantec Firewall policy through SEPM.

From my Win7 workstation, I cannot use SSR 2013 Monitor to communicate with Win 7 clients (2011 or 2013) regardless whether firewall and or UAC is on or off.

 

TRaj's picture

You can try enabling using the WMI to connect to a remote computer.

http://technet.microsoft.com/en-us/magazine/gg2412...

You can also test the connectivity using Performance Monitor keeping UAC enabled.

We are requesting you to mark the forums as Solution , so that is makes easier for the viewer to search and refer the posts with "Solutions"

Rastasandwich's picture

Thanks to everyone's help I've been able to pinpoint my problem.

It was indeed Firewall related and requires enabling a firewall allow rule for "Vprosvc.exe".

 

Since I use Symantec Endpoint Protection Small Business for firewall configuration, I was unable to configure a new "program" allow rule in order to allow unblocked communication to "Vprosvc.exe" remotely.

I temporarily disabled SEP, then looked at the Windows Firewall and temporarily turned it off too to test.

I was then able to communicate with the client in the 2013 Monitor program!

I added the "Vprosvc.exe" allow rule in Windows Firewall then turned it on again. 

Monitor communication was still good!

After re-enabling SEP too, I was pleased to see that I can still communicate to the client using the Monitor program.

My next task is to see how to modify the SEP Firewall Policy to enable this communication without having to take it down and add the exception to Windows Firewall.

Can you add "Program" rules to the SEP firewall policy? I'm not able to find it, just "port" defined rules.

Thanks for all input!

 

Markus Koestler's picture

Lucky you - please mark this post as solved !

*** Please mark thread as solved if you consider this to have answered your question(s) ***