Microsoft KB Archive/929102

= How to configure a firewall rule to let you deploy the System Center Data Protection Manager 2006 agent to a computer that is running ISA Server 2004 =

Article ID: 929102

Article Last Modified on 12/4/2007

-

APPLIES TO

 Microsoft System Center Data Protection Manager 2006, when used with:  Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition

 Microsoft Internet Security and Acceleration Server 2004 Standard Edition 

-



INTRODUCTION
This article describes how to configure a firewall rule to let you deploy the Microsoft System Center Data Protection Manager 2006 agent to a computer that is running Microsoft Internet Security and Acceleration (ISA) Server 2004.



MORE INFORMATION
To configure a firewall rule that lets you deploy the Data Protection Manager 2006 agent to an ISA Server 2004 computer, follow these steps:  Start the ISA Server Management Microsoft Management Console (MMC) snap-in.</li> Expand Arrays if you have an array configured, expand the ISA Server computer, and then click Firewall Policy.</li> On the View menu, click Show System Policy Rules.</li> Disable the Allow remote management from selected computers using MMC system policy rule. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Double-click Allow remote management from selected computers using MMC.</li> In the System Policy Editor dialog box, click to clear the Enable check box, and then click OK.</li> Click Apply to update the firewall configuration, and then click OK.</li></ol> </li> Remove strict remote procedure call (RPC) compliance from System Policy rule 22. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Double-click the Allow RPC from ISA server to trusted servers system policy rule.</li> In the System Policy Editor dialog box, click to clear the Enforce strict RPC compliance check box, and then click OK.</li> Click Apply to update the firewall configuration, and then click OK.</li></ol> </li> On the View menu, click Show System Policy Rules to hide System Policy rules.</li> Click the Tasks tab in the right pane, and then click Create New Access Rule.

Note If you are running ISA Server 2004, Enterprise Edition, click Create Array Access Rule.</li> In the New Access Rule Wizard, type a descriptive name in the Name box. For example, type DPM .</li> Click Next, click Allow, click Next, click All outbound traffic in the This rule applies to list, and then click Next.</li> On the Access Rule Sources page, click Add.</li> In the Add Network Entities dialog box, click Computer on the New menu, type the name of the Data Protection Manager 2006 server in the Name box, type the IP address of the Data Protection Manager 2006 server in the Computer IP Address box, and then click OK.</li> <li>In the Add Network Entities dialog box, expand Computers, click the new computer entry that you created, and then click Add.

Note If you want to manage the ISA Server computer by using Remote Desktop Protocol or by using the ISA Server Management MMC snap-in from another computer, you can add those other computers to this rule. To do this, follow steps 10 through 12 for each computer that you want to add.

Expand Networks, click Local Host, click Add, and then click Close.

At a minimum, the This rule applies to traffic from these sources box should contain the Data Protection Manager 2006 computer entry and the Local Host entry.</li> <li>Click Next, and then click Add.</li> <li>In the Add Network Entities dialog box, expand Computers, click the Data Protection Manager 2006 computer entry, click Add, expand Networks, click Local Host, click Add, and then click Close. The Data Protection Manager 2006 computer entry and the Local Host entry are listed in the This rule applies to traffic sent to these destinations box.</li> <li>Click Next, leave the default All Users entry in the This rule applies to requests from the following user sets box, click Next, and then click Finish.</li> <li>Right-click the new rule, and then click Move Up to move this rule to the top of the rules list in the firewall policy rules. This configuration causes the rule to be matched before other rules are applied to traffic that is sent to or received from the Data Protection Manager 2006 server.</li> <li>Right-click the new rule, and then click Properties.</li> <li>In the  Properties dialog box, click the Protocols tab, click Filtering, and then click Configure RPC Protocol.</li> <li>In the Configure RPC Protocol policy dialog box, click to clear the Enforce strict RPC compliance check box, and then click OK two times.</li> <li>Click Apply to update the firewall policy, and then click OK.</li></ol>

Keywords: kbhowto kbinfo kbdeployment KB929102

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.