Tuesday, 31 January 2012

System Center 2012 Orchestrator - Firewall Rules and Ports

I tried deploying an Integration Pack (IP) to my Windows 7 workstation running the designer today from the deployment console on the server but kept getting the message that the RPC Server was unavailable.

It turns out that I had the firewall enabled (like a good boy) but hadn't set the exceptions for Orchestrator (SCO).

For reference I thought I'd post some of the common firewall changes and ports:

Remote Computer with Runbook Designer
  • Open a port to SQL (Default TCP:1433)
  • Allow ManagementService.exe through the firewall
    64-bit: %Program Files (x86)%\Microsoft System Center 2012\Orchestrator\Management Server\ManagementService.exe
    32-bit: %Program Files%\Microsoft System Center 2012\Orchestrator\Management Server\ManagementService.exe
  • Allow OrchestratorRemotingService.exe through the firewall for Deployment Manager to access it
    64-bit: %SystemRoot%\SysWOW64\OrchestratorRemotingService.exe
    32-bit: %SystemRoot%\System32\OrchestratorRemotingService.exe
  • Any activities that use WMI, enable the following rules:
    Windows Management Instrumentation (Async-In)
    Windows Management Instrumentation (DCOM-In)
    Windows Management Instrumentation (WMI-In)
There are also some standard ports to open where SCO components are talking across servers:

Source Target Default Port
Runbook Designer Management server 125, 1024-65535
Management server

runbook server

Web service
Orchestration Database 1433
Client browser Orchestrator REST-based web service 81
  Orchestration console 82


For more detailed information, refer to the TechNet documentation:
Orchestrator Security Planning
http://technet.microsoft.com/en-us/library/hh420367.aspx

TCP Port Requirements
http://technet.microsoft.com/en-us/library/hh420382.aspx

No comments:

Post a Comment