Friday, July 10, 2009

Windows 2003 Firewall Program Exceptions for DPM 2007 and Exchange 2007

When utilizing the Windows 2003 firewall to protect both Data Protection Manager 2007 and Exchange 2007, I found that you have to make a few Inbound Program Exceptions on the firewall.

Here are the group policy firewall entries I had to make under "Inbound Program Exceptions"

DPM Server's Policy:

C:\Program Files (x86)\Microsoft DPM SRT\FileStore.exe: FileStore.exe
C:\Program Files (x86)\Microsoft DPM SRT\rmtask.exe: rmtask.exe
C:\Program Files\Microsoft DPM\DPM\bin\DPMRA.exe: DPMRA.exe
C:\Program Files\Microsoft DPM\DPM\bin\msdpm.exe: msdpm.exe

Exchange Server's Policy:
C:\Program Files\Microsoft Data Protection Manager\DPM\bin\DPMRA.exe: Agent Exe
C:\Program Files\Microsoft\Exchange Server\bin\mad.exe: mad.exe
C:\Program Files\Microsoft\Exchange Server\bin\store.exe: store.exe

For the Exchange or any client server your trying to protect with DPM you will have to make the exception for the DPM Agent. You will also need to enable the "Allow inbound file and printer sharing exception" since these services utilize these ports as well.

Due to the way Group Policy processes, you might have to reboot your Exchange server twice for the program exceptions to process correctly.

No comments: