Link to home
Start Free TrialLog in
Avatar of piotrmikula108
piotrmikula108Flag for United States of America

asked on

StorageCraft agent unreachable after installing RemoteAccess roles on 2012 R2

Storage Craft agent unreachable with the target server (in my case Datto appliance) after installing RemoteAccess roles on 2012 R2. Firewall is disabled. No obvious error in the event logs. The issues goes away when I remove the RemoteAccess configuration, but the Role is still enabled. So it must be some of policies that block it

Any idea what's going on?
Avatar of Philip Elder
Philip Elder
Flag of Canada image

Please don't disable the firewall. That places it in a kind of limp mode that locks things down. It does not turn it "off".

Enable the firewall, then enable logging and pop-up prompt for ALL profiles.

Once that is done examine the log to see if the firewall is indeed blocking things.

What port is SP agent listening on?

I suggest re-installing the SP agent.
Avatar of piotrmikula108

ASKER

Philip

I enabled the firewall but still problem exist, here is the log of the job

Oct 14th 11:22:12pm - Updating recovery point list
Oct 14th 11:22:12pm - Fixing done for data set for 10.104.14.9
Oct 14th 11:22:12pm - SnapRollback Finished..
Oct 14th 11:22:11pm - SnapRollback Started.. mode
Oct 14th 11:22:11pm - Fixing data set for 10.104.14.9
Oct 14th 11:22:11pm - Unable to connect to the host.
Oct 14th 11:22:11pm - Cannot connect to the host - aborting snapshot
Oct 14th 11:22:10pm - takeSnap started; running preflight
Oct 14th 11:22:10pm - Snapshot requested
Oct 14th 11:22:10pm - Unable to reach agent
Oct 14th 11:22:00pm - Running Volume Size Check and auto-resize for 10.104.14.9
Oct 14th 11:21:12pm - Skipping auto-repair, delay not reached or maximum daily attempts reached
Oct 14th 11:21:12pm - Unable to start backup because agent is unreachable. Attempting to re-pair with agent

event log is clean

any other ideas?
Remote Access roles = DirectAccess configuration?

From an elevated PowerShell:

Get-RemoteAccessIPFilter | FL

Make sure the Datto box's IP is listed as Inbound ALLOW.

If not, Set-RemoteAccessIPFilter
yes Direct Access

I get this error

cmdlet Get-RemoteAccessIpFilter at command pipeline position 1
Supply values for the following parameters:
InterfaceAlias: Ethernet
Direction: inbound
Get-RemoteAccessIpFilter : The cmdlet is not applicable because site-to-site VPN is not installed.
At line:1 char:1
+ Get-RemoteAccessIpFilter | FL
+ ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (PS_IPFilter:root/Microsoft/...ess/PS_IPFilter) [Get-RemoteAccessIpFilte
   r], CimException
    + FullyQualifiedErrorId : HRESULT 80070490,Get-RemoteAccessIpFilter

and get this error when runnig the other command

PS C:\Windows\system32> Set-RemoteAccessIpFilter -InterfaceAlias Ethernet -Direction Inbound -IpVersion IPv4 -Action Allow
Set-RemoteAccessIpFilter : A parameter cannot be found that matches parameter name 'IpVersion'.
At line:1 char:69
+ Set-RemoteAccessIpFilter -InterfaceAlias Ethenet -Direction Inbound -IpVersion I ...
+                                                                     ~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Set-RemoteAccessIpFilter], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Set-RemoteAccessIpFilter


what am I missing Philip?
The Set-RemoteAccessIPFilter step is complaining about the switch not being found.

The site is wonky, meaning the example doesn't even follow the previous text.

Try using PowerShell ISE to set up the command. It should give you the values needed.
ASKER CERTIFIED SOLUTION
Avatar of piotrmikula108
piotrmikula108
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Seems to be a bit of a bear to get around the filters. :(
found solution myself

Thank you Phillip for trying to help!!!