"DCOM was unable to communicate with the computer...using any of the configured protocols," after deploying System Recovery agent to a client machine.

Problem

The console hangs on "Backup Exec System Recovery Service Connection" or " Symantec System Recovery Service Connection window when trying to connect to a deployed agent residing on a proxy server. Connection fails and the errors below are generated.

 

Error Message

In windows event log following errors are found :


1. DCOM was unable to communicate with the computer  (name of client computer ) using any of the configured protocols.

2.The following fatal alert was generated: 10. The internal error state is 1203”.  ( Source - Schannel )

 

Cause

The issue can be caused by incorrectly configured internal firewall rules. Forefront Threat Management Gateway (TMG) system policy rules contain a set of predefined access rules that control access between the local host network (the Forefront TMG server) and other networks. Forefront TMG does not automatically grant access for certain protocols contained in rules using domain name sets. By running the ConfigureLocalhostToIPv6Policy script, you can make changes to policy rules to enable these protocols, or to restrict access from the local host for security reasons.

Solution

By default, Forefront TMG allows access to all corporate-bound IPv6 traffic, with the exception of the following protocols contained in rules using domain name sets:
 

ProtocolPort

HTTP

80

HTTPS

443

Microsoft Operations Manager Agent

1270

System Center Operation Manager 2007 Agent

5723

System Center Operation Manager Agent Installation

5724

MS Firewall Control

3847

MS Firewall Storage

2171, 2174

Forefront Protection Manager WS

1961

Using the ConfigureLocalhostToIPv6Policy script, you can make changes to:

  • Enable all IPv6 traffic from local host to the corporate network.
  • Enable or disable specific protocols and their destinations.

The following procedure describes how use the ConfigureLocalhostToIPv6Policy script to make changes to Forefront TMG policy rules.

  1. On the taskbar, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click Windows PowerShell, and then click Run as administrator.

  2. From the command prompt, run the ConfigureLocalhostToIPv6Policy script with the required usage.

Note:
The script is located in the \Program Files\Microsoft Forefront Unified Access Gateway\utils\TMGIPv6Policy folder.

  1. Type ConfigureLocalhostToIPv6Policy.vbs AllowAllLocalhostToIPv6 to allow all IPv6 traffic from the local host to the corporate network. This script usage:

    1. Enables the DirectAccess mode: Allow IPv6 traffic from Local Host rule by adding the Anywhere IPv6 range to the destination range.
       
    2. Adds the Anywhere IPv6 destination range to the IPv6 Computer Set for rules using domain name sets.

Applies To

Windows Server 2008 R2

Terms of use for this information are found in Legal Notices.

Search

Survey

Did this article answer your question or resolve your issue?

No
Yes

Did this article save you the trouble of contacting technical support?

No
Yes

How can we make this article more helpful?

Email Address (Optional)