• State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 62 subscribers
  • Views 5073 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

QC ARS Synch PROD to LAB behind FW

justin.sleith
over 7 years ago

Hi,

 

I need to synch AD information (Users) between PROD domain and LAB domain using QC and ARS as I have Extended Attributes to synch. I have specified a static port for the "Aelita Enterprise Administration Service" and have added TCP port 135 and the new static port to the FW. I am able to create a QC Connection if I specify the connection to "Administration Service on specified computer" but if I use "Any Administration Service of the same configuration" it fails.

 

Using the first option doesn't show me any of the OUs in the scope settings.

 

I found an older post asking the same question but the wiki page the answer points to is no longer available.

 

ARS version is 6.9 and QC is 5.4

 

Are there any additional ports I need to get opened?

 

Thanks,

Justin

  • 0 over 7 years ago

    To your point:
    "I am able to create a QC Connection if I specify the connection to "Administration Service on specified computer" but if I use "Any Administration Service of the same configuration" it fails."

    The "Any..." option relies on service connection points (SCP) published by the ARS services at startup. These are normally published in the System container of the domain where the ARS services reside.

    If QC does not reside in the same domain then it will not be able to see the ARS SCPs. If you really want to use this option, you could try to publish "replicas" of the SCPs in the System container of the domain where QC resides however ARS will not be able to update their state (for example, if a service gets shut down) so your "fault tolerance" won't really be valid.

  • +1 over 7 years ago
    Hello Justin,

    Communication ports are documented here:

    Title: Communication Ports for Active Roles Service and Clients
    Solution Number: 30256
    URL: support.software.dell.com/.../30256

    ActiveRoles Server 6.9 client communication leverages DCOM.

    From that article:
    <quote>
    ActiveRoles Administration Service from versions prior to Active Roles 7.0 uses Distributed COM (DCOM) over two separate TCP ports to accept client connections and requests. Port 135 is used by Administration Service clients to locate the Administration Service. The second TCP connection has its port number automatically assigned by the RPC endpoint mapper. By default, any available port in the 1024-65535 range will be used. All requests from Administration Service clients, such as the MMC Console or ADSI Provider, are sent over this port. Note that the port range can be restricted or set to a static port through the Component Services snap-in (part of the Windows administration tools).
    </quote>
  • 0 over 7 years ago
    Hi Terrance,

    Thanks for the link.

    The issue I was having was I was using the incorrect username to do the ARS connection. Rookie mistake :)

    I've got a successful connection now.

    Justin