Wednesday, September 28, 2011

LanSafe and Windows Server 2008 Firewall Issues

Recently I upgraded our UPS Software to LanSafe 6.0.6 and I found that all of our Windows Server 2008 R2 machines were not appearing in the Management Settings.

When I opened Management Settings it sat at "Loading management settings data" for a long time and then I received a warning:
One or more member is offline. Saving these settings will overwrite existing management settings.
Are you sure you want to change the Management Settings?


I pressed Yes, and only the Windows Server 2003 machines in our environment were visible, plus the Controller.

I discovered that the LanSafe controller makes an active attempt to connect to each of it's members, instead of each of the members regularly polling the controller. This kind of makes sense, but I had previously thought that there would be a constant TCP connection between each Member and it's Controller.

In fact, it's all UDP traffic on UDP ports 3068, 3069, and 7015 as explained here:
http://www.powerware.com/Software/lansafe_help/LSHelp404.htm
Additionally, I found the controller was listening on UDP Port 4500, but it's unclear why, or whether it's necessary to allow that UDP Port on the controller.
Be sure to allow the PowerMonitor.exe and UDP Ports 3068, 3069, and 7015 to receive incoming traffic on the LanSafe Controller.

In order to fix the 2008 clients not appearing issue, we needed to add a new INCOMING rule in to the "Windows Firewall with Advanced Security" on each of the Members. The rule was for:
C:\Program Files (x86)\Powerware\LanSafe\Bin\PowerMonitor.exe

You must allow the PowerMonitor.exe executable to receive incoming traffic through the firewall.

I feel sorry for anybody who is managing hundreds of 2008 boxes, you might want to consider using Group Policy to push out this firewall rule since manually adding it to each machine seems impractical.

Hope this helps.

2 comments:

  1. Hi

    I would like to thank you! We just upgraded our domain to Windows Server 2008 R2 and had trouble getting LanSafe working. Your instructions worked great! The main problem I had is Powerware's own instructions tell you to open ports 3068, 3069 and 7015 TCP which is incorrect it should be UDP as your info states.

    ReplyDelete
  2. New URL:

    http://powerquality.eaton.com/Products-services/Power-Management/Software-Drivers/lansafe-help/LSHelp404.htm

    ReplyDelete