spl database backup through firewall

hello!
cannot backup sql database through my firewall, cause i get the error:

[Critical] From: OB2BAR@triton.wh.com "(DEFAULT)" Time: 02.07.2004 12:10:27
Cannot initialize OB2BAR Services ([12:1602] Cannot access the Cell Manager system. (inet is not responding) The Cell Manager host is not reachable or is not up and running or has no Data Protector software installed and configured on it.
System error: [10060] Connection timed out
)

normal filesystem-backup works fine with the same hosts and settings. just opened the ports 5555 outgoing into dmz, and a small range of 10 ports incoming to media-agent server. does sql need more or special ports to open in any direction? (no other backups are running at the same time)

thx for help anyway!!

martin
  • Ten ports is a mighty small range!

    Realize that when a process is "done" with a port, the OS doesn't necesarily clean up the mess for a while.

    Ten ports is about enough for 1 tape drive, concurrency 5, with a little bit of time in between backup jobs - say 30 minutes!

    Port cleanup may only take 7 or 15 minutes, but since backups are scheduled at 15 minute intervals that may be cutting things close.

    You can lower your concurrency, use only 1 tape drive, and leave lag time in between jobs so the OS can clean up ports.

    Or you can make the hole bigger.

    My guess is that you will want about 10 ports per tape drive, (if the data-tape drive stream is through the firewall) as a simple rule of thumb.

    If the data stream is local, then you want something like 5 ports per simultaneous backup specification. Add another 10 to account for a slow OS recycling of ports.

    Either way, you want at least a few "extra" ports.

    The manual has some quite detailed discussions about how many ports you need, if you want a more precise answer.

    Then add some extra, to account for randomness in the environment, and slowness in the OS.

    Good Luck.
  • hello and thx 4 reply,

    the opening of a bigger range of ports shouldn't be the problem, but by reading the manuals i found out, that each connected drive (media-agent) needs one port, and because i have only two drives at all, ten ports should be more than enough. But for testing i open a range of 100 ports, and then i will see, if this solves the problem with the sql-online backup.

    filesystem-backup from the same server works fine at every time (also immediatly after a failed sql-online backup-test)

    thx

    martin
  • Well, the error says the client cannot connect to the cell manager. Seems OB2BAR is trying to connect to the inet port. You said 5555 inbound from the client to the cell manager is open?

    Thanks,
    Scott
    HP Support
  • I have the same issue as well.
    By monitoring the logs on the firewall, I observed that the mssql agent tries to connect back to the cell manager on port 1028 tcp.
    Although I included in the cell manager's omnirc OB2PORTRANGESPEC=xMA-NET:18000-18009, the cell manager does not seem to use these ports for MS SQL backup.
    In addition, a netstat on the cell manager host shows that it is effectively listening on this port.
    My conclusion is that ms sql certainly requires a configuration property different than OB2PORTRANGESPEC to be set somewhere.
  • I think I got the answer.
    I edited the file Program Files\OmniBack\Config\Server\Options\global.

    I included this property setting:
    CrsPort=18009

    Now it seems that the backup moves to a further stage.
  • We found the solution.
    It is in the port range as specified in the omnirc on the cell manager.

    typically, we were using:
    OB2PORTRANGE=xMA-NET:18000-18099

    However, this setting applies only to agents.
    In order to let it apply on any server port, it should be:
    OB2PORTRANGESPEC=18000-18099

    If anybody succeeds with this, pls let me know.

  • Sorry for the mistake, it should be:
    OB2PORTRANGE=18000-18099
    and not
    OB2PORTRANGESPEC
  • hello,
    quite old this topic, but interesting what you found out. i am not sure if i came to the same result, but i also got it running after some time of frustration :)

    have a nice day!

    martin
  • Hello All, 
    I am also facing this same issue, same setup sql client is in DMZ, MA has both DMZ IP and also cell manager ip range. 

    SQL backups are going very slow, after completing one db backup its waiting for 5mins to start the next backup. 

    below are the port settings, please somebody correct this is ok or not. 

    Cell Manager:
    OB2PORTRANGE=24600-24799
    OB2PORTRANGESPEC=CRS:24500-24510;xSM:24511-24599

    Media Agent:
    OB2PORTRANGESPEC=xMA-NET:24600-24799

    In firewall setting,

    - ports opened from DMZ to Cell Manager. 

    - Only 5555 is opened from Cell Manager to DMZ

    Is this ok, i need to open the ports from CM to DMZ also .

     

    Thanking You

    S Arul Murugan.