Search This Blog

Thursday, June 3, 2010

Port to open when adding host in multisite into VMM Server

Just finished adding Hyper V hosts which located in multisite into VMM Server. I thought it should be easy since MS Technet has wrote about the port & protocol that you need to open. Get the article from:-

Well, not really the case. You will see this error message on the VMM:-
Error (415)

Agent installation failed copying C:\Program Files\Microsoft System Center Virtual Machine Manager 2008 R2\agents\I386\2.0.4273.0\msiInstaller.exe to \\[FQDN of the server]\ADMIN$\msiInstaller.exe. (The network path was not found)

Recommended Action
1. Ensure [FQDN of the server] is online and not blocked by a firewall.
2. Ensure that file and printer sharing is enabled on [FQDN of the server] and it not blocked by a firewall. 3. Ensure that there is sufficient free space on the system volume.
4. Verify that the ADMIN$ share on [FQDN of the server] exists. If the ADMIN$ share does not exist, reboot [FQDN of the server] and then try the operation again.This is the step that i took:-

Step1:- Open SMB protocol and TCP445 as mention about file sharing. It did not work as well.
Step 2:-Moving on, i install the agent locally so it can put as Windows exception for the port 80 and 443 on windows firewall. You can try to disable windows firewall.
Step 3:- Adding the following account into local administrator group:- Domain Admin, VMM Service Account.
Step 4:- Still fail and when you query netstat -an, it is using random port number.
Step 5:- Enable Remote Server Management which located in Server Manager snap in.
Step 6:- So rather than guessing which port number, i just put "Any" from VMM Server into all Hyper V host which located in multisite.
Step 7:- Add the host using VMM. It work fine when open all ports on the firewall. Repeat step 2 until 5 for the remaining Hyper V hosts.
Step 8:- Once you have finish adding all host, close the port and only open this following port number:-
  • TCP/8100
  • TCP/80
  • TCP/443
  • TCP/5900
  • TCP/3389
  • TCP/2179
  • TCP/135
  • TCP/445
Make sure the firewall port is open bi-directional between VMM and Hyper V Host which behind the firewall. The host should join to domain. If your host is reside in DMZ zone, you need to create a security file.
I even test without install agent locally, it work as well. Remember to close the firewall port and open certain port as mentioned above. :)