6423241 Respected Contributor.
Respected Contributor.
170 views

Cannot access server via iManager

I have deployed a new IDM environment running eDirectory 9.0.4.  Our new organizational policy is to block all ports on servers except the ports that are specifically needed.  I requested the following ports be opened on these servers:

22

389

524

636

8028

8030

8080

8443

I can connect to the hosts via SSH and to eDirectory via LDAPS, but iManager times out. Are there any other ports that need to be opened on these systems?

 

Thanks

 

Labels (1)
Tags (2)
0 Likes
5 Replies
Knowledge Partner
Knowledge Partner

Re: Cannot access server via iManager

I believe iManager mostly uses 524 (NCP). I'd make sure that that one is actually open before going any further.

Also make sure that TCP and UDP are open for that one, could be using either one.

 

6423241 Respected Contributor.
Respected Contributor.

Re: Cannot access server via iManager

The two systems can talk to each other (i.e., the replicas are in sync), so that would indicate that 524 is open, right? I do need to verify that they're accepting traffic over that port from the iManager servers.I will also ask that 524/UDP be open, as you suggest.

 

Thanks

 

 

0 Likes
Knowledge Partner
Knowledge Partner

Re: Cannot access server via iManager

Yeah, you'd think so, but I don't trust firewall guys to get the request right.

You may need to have them open the firewall, then run tcpdump and see what ports the traffic is using. It should be NCP/524, but I can't say that I've had to look that deep at iManager in quite a while.

 

0 Likes
Mark G Contributor.
Contributor.

Re: Cannot access server via iManager

iManager requires port 524 TCP/UDP to be open between the iManager server and the eDirectory server(s).  Not just between your workstation and the servers. 

0 Likes
6423241 Respected Contributor.
Respected Contributor.

Re: Cannot access server via iManager

I knew 524 had to be open between the iManager server and the eDirectory server (but I thought it was just TCP). I didn't know 524 had to be open from the workstation to the eDirectory server.

 

I have submitted an amended request that specifies 524/TCP and 524/UDP from both workstation and iManager server to the target eDirectory server. We'll see what happens.

 

Thanks

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.