Add the bPre11Clients Additional Setting if You Have V10 Clients in Your CommCell Environment
Due to security enhancements, communication from a Commvault Version 11 MediaAgent to Commvault Version 10 clients will not work unless you add the bPre11Clients additional setting to the Version 11 MediaAgent.
-
To the Version 11 MediaAgent, add the bPre11Clients additional setting as shown in the following table.
For information about adding an additional setting from the CommCell Console, see Adding an Additional Setting from the CommCell Console.
Property
Value
Name
Category
CommServe
Type
Integer
Value
1
-
Restart services on the MediaAgent.
Connectivity Issue Due to System Running Out of Dynamic Ports
For information on the symptom, cause, and resolution, see NWK0011: Connectivity Issue Due to System Running Out of Dynamic Ports.
Jobs Don't Run on V10/V11 Client at SP14 or Earlier Service Pack
If you install a new MediaAgent with 11.22 or a later release, and if you have an existing V10/V11 client at SP14 or earlier service pack that connects to that MediaAgent, no jobs will run on that client.
To fix the issue, on the newly installed MediaAgent, set the nCLNT_FORCE_TUNNEL additional setting to 0.
For more information, see Enforcing Automatic Tunneling for Network Traffic.
Network Connection Between Two Client Computers is Lost
For information on the symptom, cause, and resolution, see NWK0002: Error Code [10:2] Unable to communicate with the remote machine to start the Data Pipe.
Palo Alto Networks Firewall Blocks Commvault Network Traffic
If you have a Palo Alto Networks firewall and it is blocking Commvault network traffic, then you must configure the firewall to allow web browsing traffic from Commvault.
Make sure to configure security rules based on Commvault network gateways/CommServe IP address or FQDN group, as well as adding Commvault application. We do not support URL-based security policy fitering, as our HTTPS headers don't have SNI information.
Unable to Verify Network Connectivity Between Clients in the CommCell Environment
If you are unable to verify network connectivity between clients in your CommCell environment, such as the CommServe computer, MediaAgents, and other client computers, you can check network connectivity by using the Network Test Tool.
For more information, see Checking Network Connectivity.
User Unable to Initiate VPN Access to Resources in a Private Network
Symptom
In a VPN client, when a user tries to establish a remote connection to a private resource, the VPN client fails to reach the private resource.
Causes
The following are possible causes:
-
The user might not have permission to access the private resource.
-
The Commvault VPN feature is not enabled on the client that was designated as the VPN router. This might happen if you had to perform a hardware refresh of the client, which involves moving the old client software and configurations to the new hardware.
Resolution
Consider the following possible resolutions for the issue:
-
If a user cannot access a private resource, it means that the user is not part of the Allow list of the VPN router. To add the user, see Configuring the Allow List.
-
If you performed a hardware refresh of the client designated as the VPN router, you must enable the VPN router setting on the new client by doing the following:
-
Log on to the new client and then open the Commvault Process Manager.
-
On the Plugin tab of the Process Manager dialog box, go to the VPN Plugin section, and then select the Enable VPN Router check box.
-
Close the Process Manager dialog box.
-
Whitelisting Remote Clients
To allow communication only from particular remote computer/servers towards a specific destination client, you can add a whitelisting rule to the fwconfiglocal.txt file of that destination computer/server.
Procedure
-
On the destination computer, find the Globally Unique Identifier (GUID) for each remote client that you want to allow communication from. The GUIDs can be found in the [Outgoing] section of the fwconfig.txt on the destination computer.
-
On the destination computer, open the fwconfiglocal.txt file and then add the following code:
Where [GUID1], [GUID2], and [GUID3] are the GUIDs for each remote client.[whitelist] clear acl clnt=[GUID1] dst=@self@ ports=@svcports@ acl clnt=[GUID2] dst=@self@ ports=@svcports@ acl clnt=[GUID3] dst=@self@ ports=@svcports@