One of the most challenges while implementing anything on secure environment where basic PING disable. I will be discussing about one of the reported issue that requester was trying to implement configmgr (SCCM). Requester has already provided all the recommendation port must be open to the network side and as per network team has implemented that change and open all the port. Click HERE for port details
Issue Reported: CAS and PRI-1 is working fine as normal but while implementing PRI 2 its not getting connect and while giving reporting server name.
Here CAS and PRI-1 is in same network but PRI-2 is in different network. Challenge we can't do ping as network team has disable. We can't do telnet as they have disable. To going to the root of the solutions below action taken.
All the environment servers are running with 2012 R2
ConfigMgrSetupWizard Error: 1 : Received COMException while connecting to the SMS provider on ServerName Exception message: [The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
Point 1: In PRI-2 run the network monitoring tool to understand blocking level. Click Here to download tool
After executing running tool found that server is sending sync but not getting reply from CAS server. Normally TCP communication work as like below.
Point 2: Any how we are getting error on logs that The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) But we have RPC Service is running as normal for finding error validate DCOM Permission all has permission. Refer this URL for validation DCOM permission..
Point 3: After verify DCOM permission error is not moving. Then we have tried to validate DCOM Communication PORT between CAS to PRI-2 Found DCOM level ports are blocked. Normally if we talk about server to server communication DCOM port must be open if you don't want to open you can give predefined dedicated port for both the side.
These are the port for servers running on 2008 and above Which they call has HIGH range Port 49152 through 65535. we can open this rang or we can define dedicated. By default these port open, if network side there are not block.
Click here for detailing DCOM Port
After enable dedicated DCOM Port on CAS TO PRI-2 Installation went smooth as normal and primary site build went normal. So in these scenario we have open all require SCCM (configmgr ) Port but there was blocked by DCOM service port communication. Which was server level.
Thanks & Regards,
Follow me: https://www.linkedin.com/in/hiraniconfigmgr