[isalist] Re: Can't get my DPM servers to communicate over TMG-based VPN

• From: Jerry Young <jerrygyoungii@xxxxxxxxx>
• To: isalist@xxxxxxxxxxxxx
• Date: Mon, 19 Mar 2012 16:40:19 -0400

Rob,

Also keep in mind you can manually test TCP connectivity between the two
hosts to at least see if traffic is passing TMG.

Check and see which TCP ports the secondary DPM server uses to communicate
with the primary DPM server and then break out good old telnet (from a
command prompt).

Example to check to see if TCP port 443 is open between two hosts:
telnet somehost.onthe.net 443

If traffic is being blocked (and assuming the port is definitely open on
the remote host), you should see something like the following in response.

Connecting To somehost.onthe.net...Could not open connection to the host,
on port 443: Connect failed

Of course, if this is one of those 99 times out of 10 Jim mentioned, and it
is a routing problem, you'd see the same failure. Given, however, you can
RDP to the remote DPM server (TCP 3389) and ping both ways (assuming
between the DPM servers themselves), I'm thinking the issue lies elsewhere.

Also, check your rule that allows traffic between the two hosts.  The
following thread may help.

http://social.technet.microsoft.com/Forums/en-US/dataprotectionmanager/thread/687c2293-a24f-4d17-ac70-3e92159250d4/


On Mon, Mar 19, 2012 at 4:18 PM, Jim Harrison <Jim@xxxxxxxxxxxx> wrote:

>  Rob,****
>
> ** **
>
> Glad you find the book useful…****
>
> Have you tried using a netcap tool to see if the traffic from DPM1 is
> reaching DPN2 and vice versa?****
>
> 99 times out of 10, if nothing is obviously being blocked by TMG, it’s a
> routing issue.****
>
> ** **
>
> Jim****
>
> ** **
>
> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> *On Behalf Of *Rob Moore
> *Sent:* Monday, March 19, 2012 11:25 AM
> *To:* isalist@xxxxxxxxxxxxx
> *Subject:* [isalist] Can't get my DPM servers to communicate over
> TMG-based VPN****
>
> ** **
>
> Any idea why my two DPM servers (the primary here in the home site and the
> secondary at a remote site) won’t communicate over my TMG VPN? I can RDP to
> the remote DPM server, I can ping both ways on the VPN, but when I try to
> get the remote DPM server to talk with the primary DPM server, the
> secondary DPM says the primary agent is “Unavailable.” I can’t see any
> errors on TMG, but I may not be monitoring the right thing. ****
>
> ** **
>
> I set the VPN up according to Jim’s book, *Microsoft Forefront Threat
> Management Gateway (TMG) Administrator’s Companion*. The VPN seems to be
> working.****
>
> ** **
>
> Thanks,****
>
> Rob****
>
> ** **
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=****
>
> Rob Moore****
>
> Network Manager****
>
> 215-241-7870****
>
> Helpdesk: 800-500-AFSC****
>
> ** **
>



-- 
Cordially yours,
Jerry G. Young II, CISSP
Microsoft Certified Systems Engineer
Young Consulting & Staffing Services Company - Owner
www.youngcss.com

• References:
  • [isalist] Can't get my DPM servers to communicate over TMG-based VPN
    • From: Rob Moore
  • [isalist] Re: Can't get my DPM servers to communicate over TMG-based VPN
    • From: Jim Harrison

Other related posts:

• » [isalist] Can't get my DPM servers to communicate over TMG-based VPN- Rob Moore
• » [isalist] Re: Can't get my DPM servers to communicate over TMG-based VPN- Jim Harrison
• » [isalist] Re: Can't get my DPM servers to communicate over TMG-based VPN - Jerry Young
• » [isalist] Re: Can't get my DPM servers to communicate over TMG-based VPN- Rob Moore

1. Home
2. isalist
3. Archive
4. 03-2012

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---