3 Replies Latest reply on May 8, 2017 6:09 AM by cwinning

    Patch servers that are off the domain

    tompetro Rookie

      Hello all,

       

      Continuing my efforts to patch some servers that are not only off the domain, but have NO internet access.......

       

      Any way or am I out of luck????

       

      Thanks.

        • 1. Re: Patch servers that are off the domain
          cwinning CommunityTeam

          Hello,

           

          If these machines are completely air-gapped from the internet and the Protect server then there isn't much you can do.  Are you able to install Protect on a server that has access to these servers?

           

          Thanks,

          Charles

          • 2. Re: Patch servers that are off the domain
            tompetro Rookie

            Thanks for the reply…let me update and correct my situation. I DO have network connectivity between the console and the client, but it is not a member of the domain that the console is in. I manually installed an agent on the client, and it does register with the console. The last part is when I configure my agent policy and “Save and update clients”…it fails with “Agent did not respond”. I’ve checked the firewalls on both systems and I think the correct ports are open but maybe not…..I did also telnet test the ports which worked. Any thoughts???

            • 3. Re: Patch servers that are off the domain
              cwinning CommunityTeam

              Tom,

               

              This explanation helps, I would never had guessed this was your issue. Port 4155 is used to send commands from the Protect console to the agent machines.  Make sure 4155 is open from the Protect server to the agent machines. Add the netbios name, IP Address and FQDN of the Protect server to Tools > Console Alias Editor.

               

              That being said, the agent tasks run on a schedule, check-in, scan and deployment so the commands from the Protect console to the agent aren't necessarily needed.  You could also run agentless and perform the scan and deployments directly from the Protect console.

               

              Thanks,

              Charles