Prerequisites for Bare Metal Recovery Using 1-Touch for Windows

Step 1:Ports Required for 1-Touch Recovery

Use ports 9400 and 9401 to perform 1-touch Recovery because of the following reasons:

  • To avoid conflict with existing client computers that use the same IP or DNS name in the CommCell environment
  • When you have a firewall configured between the client computers.

Make sure that the ports are available before you start performing 1-Touch recovery.

Step 2: Perform a System State Backup

Perform a system state backup of your 1-Touch client computer. For more information, see Configuring System State Backups for the Windows File System Agent.


  • When you perform a backup of a Windows 7, Windows 8, Windows 8.1, or Windows 10 client, ensure that you enable the Administrator's account.

    You cannot perform the 1-Touch recovery of a client computer if the administrator's account is not enabled while performing the backup.

  • Do not filter system state components, files or directories that are required to turn on the computer.
  • Do not attach more than 100 disks to the client computer. If the client computer has more than 100 disks attached, the 1-Touch system state backup fails with the following error:

    VDS Wrapper list maximum count reached. No more space in the list.

Step 3: Review User Permissions

The user must have appropriate permissions to perform 1-Touch recovery. For more information on the required permissions, see User Security Permissions and Permitted Actions by Feature.

Optional: Configure Firewall

Firewalls provide security by blocking unauthorized access to networked computing and communications resources. Internet Protocol (IP) ports are configured in firewalls, permitting specific kinds of information to flow to and from opened IP address:port combinations, in specific directions (in, out or both). Firewall functionality is most often provided by either a stand-alone network appliance, or firewall software running on a general-purpose computer.

Commvault provides additional firewall protection for the Commvault application software, which you configure from the CommCell Console.

  1. Choose one of the following methods to configure firewall on the CommServe depending on your requirement:
  2. Create a Client Computer Group and add the source 1-Touch client computers to the <Client Computer Group>.
  3. On the CommCell Browser, right-click the CommServe and click Properties. The CommCell Properties dialog box appears.
  4. In the CommCell Properties dialog box:
    1. Click the Firewall Configuration tab and click the Configure Firewall Settings check box.
    2. Click Add. The Connections to CommServe dialog box opens.
    3. In the Connections to CommServe dialog box:
      • In the From box, select the newly-created client group.
      • In the To box, select Restricted.
      • Click OK.
    4. Click OK.
  5. Right-click the Client Computer Group and click Properties. The Client Group dialog box opens.
  6. In the Client Group dialog box:
    1. Click the Firewall Configuration tab, click the Configure Firewall Settings check box, and click Advanced. A Warning dialog box is displayed.
    2. Click OK on the Warning dialog box and click Add. The Connections to Client_Group_Name dialog box appears.
    3. In the Client_Group_Name dialog box:
      • In the From box, type or select a client or client group that has firewall restrictions to communicate with the CommCell entity.
      • In the To box, select Restricted.
    4. Click OK.


  • During Firewall - Perimeter Network Using Proxy configuration, the proxy computer can alone initiate a connection.
  • In the Certificate Administration dialog box, Force per-client certificate authenticationon CommServe option must be set to No. If the option is set to Yes, the firewall configuration will not work.
  • If you have data interface pairs (DIPs) configured on your CommCell, make sure that you remove them. For instructions, see Deleting Data Interface Pairs.

Last modified: 9/11/2019 1:48:21 PM