Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

MOM-MOM Connector ports

0 views
Skip to first unread message

FCB DSS

unread,
Apr 11, 2007, 2:56:04 PM4/11/07
to
I would like to verify that port TCP 1271 is the only port needed when
installing a Management server behind a FW to forward all alerts/events/data
to a MS on the other side of the FW? Thanks.

Anders Bengtsson

unread,
Apr 11, 2007, 4:31:55 PM4/11/07
to
Hi

Yes, MOM to MOM product connector/management group to management group use
TCP port 1271.

--

Regards
Anders Bengtsson [MCSE:Security, MCSA:Messaging] | http://www.contoso.se


"FCB DSS" <FCB...@discussions.microsoft.com> wrote in message
news:C3C891B2-4FF1-46CC...@microsoft.com...

Thomas CR

unread,
Apr 12, 2007, 6:16:01 AM4/12/07
to
is depends, if you are running with certificates you need SSL=443
--
BR
Thomas CR

Santhosh Sivarajan

unread,
Apr 18, 2007, 5:11:27 PM4/18/07
to
Take a look at this article:

http://www.microsoft.com/technet/prodtechnol/mom/mom2005/Library/6510be7e-483f-4ca2-af13-300b4e9d9356.mspx?mfr=true

--
Santhosh Sivarajan | MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA
Houston, TX
http://www.blogcastrepository.com/blogs/santhosh/
http://www.sivarajan.com/publications.html

"FCB DSS" <FCB...@discussions.microsoft.com> wrote in message
news:C3C891B2-4FF1-46CC...@microsoft.com...

FCB DSS

unread,
May 2, 2007, 10:21:01 AM5/2/07
to
When I'm installing the other MOM server in the Secure Zone (behind the FW)
do I need to specify a different Management Group name or should I use the
existing name? Didn't know what issues I might run into without the ports
opened for database connectivity but it sounded like I don't need that.

Anders Bengtsson

unread,
May 2, 2007, 11:41:49 AM5/2/07
to
Hi FCB,

You should use the same management group name. Take a look at this post to
make sure you have al the right ports open
http://marcusoh.blogspot.com/2005/11/mom-2005-agent-port-requirements.html

---
Regards
Anders Bengtsson, MCSE:Security
http://www.contoso.se

FD> When I'm installing the other MOM server in the Secure Zone (behind
FD> the FW) do I need to specify a different Management Group name or
FD> should I use the existing name? Didn't know what issues I might run
FD> into without the ports opened for database connectivity but it
FD> sounded like I don't need that.
FD>
FD> "Santhosh Sivarajan" wrote:
FD>

FCB DSS

unread,
May 2, 2007, 11:57:00 AM5/2/07
to
What I plan on doing is installing the second MOM server in the SZ (behind
the FW) and I have the ports TCP 1271 opened to the Root Management server in
our Core network. The MOM server in the SZ will have the same Management
Group name as the Core and all FW ports/protocols will be opened to allow
agent communication to the SZ MOM server which will in turn forward over 1271
to the MOM server in the Core. Sound right?

Anders Bengtsson

unread,
May 2, 2007, 3:24:55 PM5/2/07
to
Hi FCB,

You wrote root management server, that is a component or Ops Mgr 2007. Are
you running MOM 2005 och Ops Mgr 2007?
If you are running Ops Mgr 2007 and your machines in the DMZ are in a workgroup
or a non-trusted domain you could deploy a gateway server on the DMZ. If
you are running 2005 you should let your agent direct to your management
server, or install a total new management group on the DMZ and then forward
alerts with a MOM-to-MOM connector to your first management group.

---
Regards
Anders Bengtsson, MCSE:Security
http://www.contoso.se

FD> What I plan on doing is installing the second MOM server in the SZ
FD> (behind the FW) and I have the ports TCP 1271 opened to the Root
FD> Management server in our Core network. The MOM server in the SZ
FD> will have the same Management Group name as the Core and all FW
FD> ports/protocols will be opened to allow agent communication to the
FD> SZ MOM server which will in turn forward over 1271 to the MOM server
FD> in the Core. Sound right?
FD>
FD> "Anders Bengtsson" wrote:
FD>

>> Hi FCB,
>>
>> You should use the same management group name. Take a look at this
>> post to make sure you have al the right ports open
>> http://marcusoh.blogspot.com/2005/11/mom-2005-agent-port-requirements
>> .html
>>
>> ---
>> Regards
>> Anders Bengtsson, MCSE:Security
>> http://www.contoso.se
>> FD> When I'm installing the other MOM server in the Secure Zone
>> (behind
>> FD> the FW) do I need to specify a different Management Group name or
>> FD> should I use the existing name? Didn't know what issues I might
>> run
>> FD> into without the ports opened for database connectivity but it
>> FD> sounded like I don't need that.
>> FD>
>> FD> "Santhosh Sivarajan" wrote:
>> FD>
>>>> Take a look at this article:
>>>>
>>>> http://www.microsoft.com/technet/prodtechnol/mom/mom2005/Library/65

>>>> 10 be7e-483f-4ca2-af13-300b4e9d9356.mspx?mfr=true

FCB DSS

unread,
May 2, 2007, 5:11:02 PM5/2/07
to
Sorry, it's MOM 2005. Been doing lots of reading about 2007. That's kind of
what I thought. The Management server I'm installing in our Secure Zone
(still part of a domain only behind a FW) will be a seperate Management group
name and it will forward all alerts/data to the main Management server over
TCP1271 that's in our Core network. Correct?

Anders Bengtsson

unread,
May 3, 2007, 12:20:33 AM5/3/07
to
Hi FCB,

That is one solution yes. Then you will have two management groups, two seperate
MOM environments.
All machine in your DMZ then report to the DMZ management group. MOM-to-MOM
and management group to management groupe will use TCP port 1271.

---
Regards
Anders Bengtsson, MCSE:Security
http://www.contoso.se

FD> Sorry, it's MOM 2005. Been doing lots of reading about 2007.
FD> That's kind of what I thought. The Management server I'm installing
FD> in our Secure Zone (still part of a domain only behind a FW) will be
FD> a seperate Management group name and it will forward all alerts/data
FD> to the main Management server over TCP1271 that's in our Core
FD> network. Correct?

>>>> ts .html


>>>>
>>>> ---
>>>> Regards
>>>> Anders Bengtsson, MCSE:Security
>>>> http://www.contoso.se
>>>> FD> When I'm installing the other MOM server in the Secure Zone
>>>> (behind
>>>> FD> the FW) do I need to specify a different Management Group name
>>>> or
>>>> FD> should I use the existing name? Didn't know what issues I
>>>> might
>>>> run
>>>> FD> into without the ports opened for database connectivity but it
>>>> FD> sounded like I don't need that.
>>>> FD>
>>>> FD> "Santhosh Sivarajan" wrote:
>>>> FD>
>>>>>> Take a look at this article:
>>>>>>
>>>>>> http://www.microsoft.com/technet/prodtechnol/mom/mom2005/Library/

>>>>>> 65 10 be7e-483f-4ca2-af13-300b4e9d9356.mspx?mfr=true

0 new messages