StorageCraft agent unreachable after installing RemoteAccess roles on 2012 R2

Storage Craft agent unreachable with the target server (in my case Datto appliance) after installing RemoteAccess roles on 2012 R2. Firewall is disabled. No obvious error in the event logs. The issues goes away when I remove the RemoteAccess configuration, but the Role is still enabled. So it must be some of policies that block it

Any idea what's going on?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Please don't disable the firewall. That places it in a kind of limp mode that locks things down. It does not turn it "off".

Enable the firewall, then enable logging and pop-up prompt for ALL profiles.

Once that is done examine the log to see if the firewall is indeed blocking things.

What port is SP agent listening on?

I suggest re-installing the SP agent.
piotrmikula108Author Commented:

I enabled the firewall but still problem exist, here is the log of the job

Oct 14th 11:22:12pm - Updating recovery point list
Oct 14th 11:22:12pm - Fixing done for data set for
Oct 14th 11:22:12pm - SnapRollback Finished..
Oct 14th 11:22:11pm - SnapRollback Started.. mode
Oct 14th 11:22:11pm - Fixing data set for
Oct 14th 11:22:11pm - Unable to connect to the host.
Oct 14th 11:22:11pm - Cannot connect to the host - aborting snapshot
Oct 14th 11:22:10pm - takeSnap started; running preflight
Oct 14th 11:22:10pm - Snapshot requested
Oct 14th 11:22:10pm - Unable to reach agent
Oct 14th 11:22:00pm - Running Volume Size Check and auto-resize for
Oct 14th 11:21:12pm - Skipping auto-repair, delay not reached or maximum daily attempts reached
Oct 14th 11:21:12pm - Unable to start backup because agent is unreachable. Attempting to re-pair with agent

event log is clean

any other ideas?
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Remote Access roles = DirectAccess configuration?

From an elevated PowerShell:

Get-RemoteAccessIPFilter | FL

Make sure the Datto box's IP is listed as Inbound ALLOW.

If not, Set-RemoteAccessIPFilter
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

piotrmikula108Author Commented:
yes Direct Access

I get this error

cmdlet Get-RemoteAccessIpFilter at command pipeline position 1
Supply values for the following parameters:
InterfaceAlias: Ethernet
Direction: inbound
Get-RemoteAccessIpFilter : The cmdlet is not applicable because site-to-site VPN is not installed.
At line:1 char:1
+ Get-RemoteAccessIpFilter | FL
+ ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (PS_IPFilter:root/Microsoft/...ess/PS_IPFilter) [Get-RemoteAccessIpFilte
   r], CimException
    + FullyQualifiedErrorId : HRESULT 80070490,Get-RemoteAccessIpFilter

and get this error when runnig the other command

PS C:\Windows\system32> Set-RemoteAccessIpFilter -InterfaceAlias Ethernet -Direction Inbound -IpVersion IPv4 -Action Allow
Set-RemoteAccessIpFilter : A parameter cannot be found that matches parameter name 'IpVersion'.
At line:1 char:69
+ Set-RemoteAccessIpFilter -InterfaceAlias Ethenet -Direction Inbound -IpVersion I ...
+                                                                     ~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Set-RemoteAccessIpFilter], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Set-RemoteAccessIpFilter

what am I missing Philip?
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
The Set-RemoteAccessIPFilter step is complaining about the switch not being found.

The site is wonky, meaning the example doesn't even follow the previous text.

Try using PowerShell ISE to set up the command. It should give you the values needed.
piotrmikula108Author Commented:
we found a workaround by adding a new NIC, disabling IpV6, files and printer sharing, and just adding IP/SM but no GW info


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Seems to be a bit of a bear to get around the filters. :(
piotrmikula108Author Commented:
found solution myself

Thank you Phillip for trying to help!!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.