UCMDB and UD Practitioners Forum (Previously CMS)
cancel

uCMDB - DDM Firewall Ports

SOLVED
Go to solution
Highlighted
DaGo_1
Frequent Contributor.

uCMDB - DDM Firewall Ports

Hi all,

Is there any document that explicitly shows the firewall ports which have to be opened in order to discover PCs running Windows using uCMDB - DDM through WMI in a network?

Help will be so appreciated.

 

P.S. This thread has been moved from Application Perf Mgmt (BAC / BSM) Support and News Forum to CMS and Discovery Support and News Forum. -HP Forum Moderator

6 REPLIES
Amit Erental
Acclaimed Contributor.

Re: uCMDB - DDM Firewall Ports

Hi,

Which version is in question here ?

Here is the starting points for all the documents you can get:

http://support.openview.hp.com/selfsolve/manuals

For 8.0 , I guess you will find the answer here:
http://support.openview.hp.com/selfsolve/document/KM541056/binary/UCMDB8_DiscoveryDependencyMap.pdf?searchIdentifier=8c6c5d2%3a12b3b9f1433%3a-5ac4&resultType=document
Marcus Grosz
Trusted Contributor.
Solution

Re: uCMDB - DDM Firewall Ports

you have to open 135/tcp to do the remote admin connection and then anything >=1024/tcp for the ephemeral port that WMI uses. that is the default anyway even though a static port can be configured, that may be too much to ask of the windows admins depending on your environment.
DaGo_1
Frequent Contributor.

Re: uCMDB - DDM Firewall Ports

Hello, and thanks for your answers.

Version is 9.01, and the 135/TCP is already open. Just like Marcus said, that's too much to ask here, so what I'm looking is for a document that explicitly says the firewall ports they should open; document is enough support for them.

Unfortunately, I've searched into the manuals without success. If anyone knows about any document, even if not from HP, please tell me where to find it, thanks.
Marcus Grosz
Trusted Contributor.

Re: uCMDB - DDM Firewall Ports

would have pasted one, but the one I generally reference seems to have been removed from Microsoft's MSDN site. However, WMI uses 135/tcp to do the initial connection. However, WMI relies on DCOM services as well thus why you have to also open 1024-65535/tcp as well.

Its like passive FTP in that way. Just opening port 21 is not good enough because that's the just control port. after the 21/tcp connection is established, another port is chosen somewhere between 1024 and 65535 (or whatever range the server is configured with) to use as the data port.

WMI needs that DCOM port to do the data communication or it will fail to function properly.
DaGo_1
Frequent Contributor.

Re: uCMDB - DDM Firewall Ports

Open from 1024 to 65535? Well, that will be a challenge...thanks for your help!
DaGo_1
Frequent Contributor.

Re: uCMDB - DDM Firewall Ports

Solution: To force Network Admininistrators to open from 1024 to 65535 Firewall ports.