Veeam Backup: RPC error The RPC server is unavailable. Code 1722


In one of my Veeam Backup jobs I had two Windows 2008 R2 VM’s with the Windows Firewall enabled. The backup job failed with the error: RPC error The RPC server is unavailable. Code 1722.

You can find the error in the job Statistics screen:

image

This error is the result of enabling Application-aware image processing (Microsoft VSS) and the Windows Firewall. RPC by default doesn’t like to work through a firewall. But Microsoft has a fix for this. KB article KB154596 explains how to change the RPC settings within the Windows Registry. You need to add the following settings:

Ports REG_MULTI_SZ

Specifies a set of IP port ranges consisting of either all the ports available from the Internet or all the ports not available from the Internet. Each string represents a single port or an inclusive set of ports. For example, a single port may be represented by 5984, and a set of ports may be represented by 5000-5100. If any entries are outside the range of 0 to 65535, or if any string cannot be interpreted, the RPC runtime treats the entire configuration as invalid.

PortsInternetAvailable REG_SZ Y or N (not case-sensitive)

If Y, the ports listed in the Ports key are all the Internet-available ports on that computer. If N, the ports listed in the Ports key are all those ports that are not Internet-available.

UseInternetPorts REG_SZ ) Y or N (not case-sensitive

Specifies the system default policy.

If Y, the processes using the default will be assigned ports from the set of Internet-available ports, as defined previously.

If N, the processes using the default will be assigned ports from the set of intranet-only ports.

Or you can copy the following *.REG file and execute this on the Windows 2008 R2 VM.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet]
“Ports”=hex(7):35,00,30,00,30,00,30,00,2d,00,35,00,31,00,30,00,30,00,00,00,00,\
  00
“PortsInternetAvailable”=”Y”
“UseInternetPorts”=”Y”

The next step is to add a firewall rule:

image

After changing these settings you need to reboot the VM.

Now you are able to run the Veeam Backup job with the Firewall enabled on a Windows 2008 R2 VM.

 

Source Link
Micrsoft.com KB154596

How To: Enable Remote WMI support in ISA 2004


 image

Ik wilde via een script WMI aanroepen op een van de ISA 2004 Servers maar dat werd uiteraard geblokkeerd. Na wat zoeken op Google, kwam ik de onderstaande oplossing tegen. Deze oplossing werkt perfect.

1.First you need to make explicict range form dcom high ports you can use via in the registry (see http://support.microsoft.com/?kbid=154596)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet 
Edit the Ports multi-string to your liking. I use 5000-5100, this should be fine amount for a non application server.(see kb above)
Ports 5000-5100 (multi-string)

2. create two basic custom protocols for SMB and dcom,
cust_smb
445 tcp outbound
445 udp send
(no related application filters ticked!)

cust_dcom
135 tcp outbound
5000-5100 tcp outbound
(no related application filters ticked!)

3. create the rule, allow, source = trusted admin/monitor box(es), destination localhost, protocols: cust_smb, cust_dcom, all users

4. Edit the System policy
Untick the ‘enable’ for Microsoct Management Console, you don’t need it now because we have created a better rule for our trusted box(es) ( note having this ticked will create a hidden rule that can break wmi scripts and alike).
Untick the ‘force strict rpc compliance’ option for Active Dicrectory
Click ok, apply new configuration, restart the isa server

Je kunt ook de onderstaande reg file gebruiken i.p.v. stap 1 uit te voeren.

RPC_Ports.reg:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet]
"Ports"=hex(7):35,00,30,00,30,00,30,00,2d,00,35,00,31,00,30,00,30,00,00,00,00,\
  00
"PortsInternetAvailable"="Y"
"UseInternetPorts"="Y"

Bron: http://forums.isaserver.org/m_410001100/mpage_1/key_/tm.htm#2002017878