This section contains technical details of what technologies, firewall rules or other prerequisites are required to enable a Macrium Agent to communicate with the Site Manager server. This includes both normal communication and requirements for remote installation of the Agent.
Legacy Agents
This section is intended for Agents running the latest Site Manager version. For Agents running version 7.2.4091 or earlier, see Troubleshooting Legacy MSMQ Agents
Agent Configuration Tool
The Agent Configuration Tool is installed with the Macrium Site Manager server and remote agent.
Enable Remote Install
If Enable Remote Install is clicked, the tool will open firewall settings for File & Printer Sharing and WMI as well as enable local account token filter policy, which are described in the section below: Enabling Remote Installation.
It is possible to enable the remote install via command line:
"C:\Program Files\Macrium\Agent\AgentConfigTool.exe" -SILENT_SETTING=YES -ENABLE_REMOTE_INSTALL=YES
Connections
Site Manager and the agent use a TCP/IP connection in order to communicate.
TCP Port
This is the port used by Site Manager in order to accept an incoming TCP connection. This can be check in the Site Manager settings page under Agent/Server Connection Details. Site Manager uses 51515 as default port.
Connection Methods
The agent needs the IP (v4 or v6) of the machine that is running Site Manager. Alternatively, the agent will try to resolve to IP DNS names or the NetBIOS of the machine.
Click the Add button in order to add entries in the table.
Test the Connection
By clicking the Test button the tool will attempt to connect to Site Manager with all the specified connection methods. The results of the test will be reported in the table.
If at least one test in the table is reported as Successful the agent will be able to connect to Site Manager.
If all the tests in the table are reported as Failed check the section below.
Agent Configuration Tool is not able to Connect
If the connection tests in the table are reported as Failed, this may be due to a number of reasons:
Incorrect Port
By default, Site Manager uses TCP port 51515 for communications. This can be changed in the Settings of Site Manager. Confirm that the TCP Port in both the test tool and the Site Manager server match.
Failed Lookups
To connect DNS or NetBIOS names, the Configuration Tool/Agent performs name lookups to resolve the name to an IP address. This uses both DNS and Broadcast (LLMNR) lookups. To confirm that the lookups are working correctly, check the logs in C:\ProgramData\Macrium\SiteManager\AgentConfigTool.log or attempt to ping the names directly on a Windows command line.
The firewall is blocking the connection
Site Manager
The firewall of the machine hosting Site Manager must allow incoming TCP connections on the port specified in Site Manager setting under Agent/Server Connection Details. Site Manager uses 51515 as default port.
Site Manager Agent
The firewall must allow outbound TCP traffic.
Enabling Remote Installation of the Agent on client computers
Computers connected to a domain
To enable remote installation of the Macrium Agent using domain user account credentials, the firewall on the client computer must be configured to allow appropriate inbound traffic. Since standard technologies are used for this communication, the built-in Windows Firewall has predefined rules for all necessary traffic.
Firewall Configuration
Any installed firewall (including the built-in Windows Firewall) needs to be configured to allow remote WMI (Windows Management Instrumentation). This is achieved by enabling the predefined inbound rules “Windows Management Instrumentation (WMI-In)”, “Windows Management Instrumentation (DCOM-In)” and “Windows Management Instrumentation (Async-In)” for the active profile as shown below:
The above can also be achieved by running the command below from an elevated command prompt
netsh firewall set service RemoteAdmin enable
netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes
Note that the predefined rules in the Windows Firewall apply only to 'Private' and 'Domain' network connections, not 'Public' ones.
Computers not connected to a domain
Non-domain networks require additional steps to enable the appropriate services and functions required to remote install the Macrium Agent. Each client computer must be configured with the steps below to allow remote installation.
These additional steps are only required for remote agent installation. If the agent is installed manually, these steps are not required.
Note that these steps are not required to manually install the Macrium Agent.
Firewall Configuration
The firewall must be configured to allow Windows Management Instrumentation (WMI) traffic. See the domain computer configuration section above for details.
Enable File Sharing
In order to perform the install, file and printer sharing must be turned on. This is found in the Network and Sharing Center -> Advanced sharing settings as shown below.
Enabling Remote Management Users
Outside a domain, users connecting to a computer remotely have reduced privileges. This is part of built-in Windows security measures. The reduced privileges mean that Local Administrator accounts do not have sufficient privileges to install the Macrium Agent when connecting remotely.
To allow remote users to connect with their full Administrator privileges, the following registry entry must be set on the client computer:
| Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System |
| Name | LocalAccountTokenFilterPolicy |
| Type | DWORD |
| Value | 1 |
See https://support.microsoft.com/en-us/kb/951016 for more information on this registry setting.