Windows Firewall and port requirements for Track-It! 11.x Technician Client, Track-It! Web, and Remote Audits

Version 2
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    Track-It!


    APPLIES TO:

    BMC Track-It!



    PROBLEM:

    How should Windows Firewall be configured to run Track-It! 11.x Technician Client? What ports must be allowed/opened to run Track-It! 11.x Technician Client and/or Track-It! Web? What ports are required in order to remotely audit machines? How do I change the port that the Track-It! Service Management uses?


    SOLUTION:

    Windows Firewall

    NOTE: Windows Firewall on the Technician Client machines themselves does not typically need any additional configuration. However, if Windows 7/8 machines in particular are not able to connect to the Track-It! database when Technician Client is run, please take the following steps on those affected machines:

       
    1. Click the Windows start button, enter firewall.cpl into the open line, and then press Enter. If the firewall is already disabled, you may disregard these steps.
    2.  
    3. If Windows Firewall is enabled, on the left side of the window click the Advanced settings link.
    4.  
    5. When Windows Firewall with Advanced Security appears, click on Inbound Rules.
    6.  
    7. On the right side, click New Rule.
    8.  
    9. Select "Port" and then click Next.
    10.  
    11. Select "UDP", and select "All local ports", and then click Next.
    12.  
    13. Leave "Allow the connection" enabled and then click Next.
    14.  
    15. Leave all 3 options enabled (Domain, Private, and Public) and then click Next. Please note that it may be sufficient to only leave "Domain" enabled depending on your environment.
    16.  
    17. Give the rule a name such as "Inbound UDP" and then click Finish.
    18.  
    19. Double click to open the new rule and open the Protocols and Ports tab.
    20.  
    21. Change the "Remote port" drop down to "Specific Ports", enter 1434 for the port number, and then click OK.
    If Windows Firewall is enabled on the Track-It! server, add the following executable to the exceptions list on the server to allow Technician Client to connect. If you need information on how to add exceptions to Windows Firewall, please see the   Adding Exceptions in Windows Firewall section below: 

    TIServiceManagement.exe - TCP port 9010

    This file is found in the following directory (depending on whether Track-It! 11 was installed new or upgraded from 10.x): 
       
      Upgraded from Track-It! 10.x    C:\Program Files\Numara Software\Numara Track-It!\Track-It! Services 
      New installation of Track-It! 11.x    C:\Program Files\BMC Software\Track-It!\Track-It! Services
      
    Also, make sure   File and Printer sharing is allowed through Windows Firewall. 

    Windows Firewall on the Microsoft SQL Database Server  
      On the server that runs the database services, make sure   SQLServr.exe is added to the firewall exceptions list. 

      If you are using SQL 2005, 2008, or 2012 this file is normally found under   ..\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn

      In addition, if using SQL 2005 or 2008 Express make sure to add   sqlbrowser.exe, normally found under   ..\Program Files\Microsoft SQL Server\90\Shared.   Adding Exceptions in Windows Firewall  
           Windows Server 2003  
           
        1. On the Track-It! server, click Start -> Run, enter Firewall.cpl and click Ok or press Enter.
        2.  
        3. When the Windows Firewall window appears, make sure the "Don't allow exceptions" box is not checked.
        4.  
        5. Click the Exceptions tab and then click the Add Program button.
        6.  
        7. Click the Browse button and locate the executable that you would like to add.
        8.  
        9. After locating the .exe, select it and then click Open.
        10.  
        11. Click Ok on the Add a Program window to add it to the exceptions list.
        12.  
        13. After adding it, confirm that the .exe is enabled in the "Programs and Services" window of the Exceptions tab.
        14.  
        15. If more executables must be added, click the Add Program button again and repeat the process.
           Windows Server 2008 and 2012  
           
        1. On the Track-It! server, click the Windows button (the Start button).
        2.  
        3. In the empty space above the button (the "run" line), enter Firewall.cpl and then press Enter (To see the run line, it may be necessary to click Start -> Run depending on the server's configuration).
        4.  
        5. When the Windows Firewall window appears, click the Allow a program through Windows Firewall link. This will open the Exceptions tab in Windows Firewall Settings.
        6.  
        7. Click the Add program button.
        8.  
        9. Click the Browse button and locate the executable that you would like to add.
        10.  
        11. After locating the .exe, select it and then click Open.
        12.  
        13. Click Ok on the Add a Program window to add it to the exceptions list.
        14.  
        15. After adding it, confirm that the .exe is enabled in the list.
        16.  
        17. If more executables must be added, click the Add program button again and repeat the process.
           Ports Used by Track-It!  
          If you must configure a router or other firewall solution to allow specific ports, please review the following. If there is a router or proxy server between the client machines and the Track-It! server(s), the ports listed below will always need to be opened on the device. 
             
            80 - Track-It! Web  
            9070 - Crystal Reports    9011 - Track-It! Account Management service (or Track-It! Password Reset service)  
            1433 - SQL Server (this may be changed by the SQL Server administrator. See the    NOTE: below.)  
            1434 (UDP) - SQL Server (if a named instance is being used)  
            389 - LDAP (for User Synch(Directory Importer))  
            9010 - Track-It! Service Management service Also, you will need to make sure    File and Printer sharing is allowed. These ports are TCP 138 & 139 and UDP ports 137 & 138. 
            
          NOTE: If the SQL Server port is changed to something other than the default of port 1433, the following steps must be taken:  
             
          1. Open the following directory on the Track-It! server (depending on whether Track-It! 11 was installed new or upgraded from 10.x):
            
            Upgraded from Track-It! 10.x    C:\Program Files\Numara Software\Numara Track-It!\Track-It! Server 
            New installation of Track-It! 11.x    C:\Program Files\BMC Software\Track-It!\Track-It! Server
            
             
          1. Open the Trackit.cfg file with Notepad.
          2.  
          3. Find and change the SERVER= line so that it lists the name of the SQL server, followed by a comma and the port number in use. For example, if the server's port has been changed to 1500, the line should look like this: SERVER=SQLServerName,1500
          4.  
          5. Save the changes to the file.
          6.  
          7. Next, open the following directory (again, the path will vary depending on the installation):
            
            Upgraded from Track-It! 10.x    C:\Program Files\Numara Software\Numara Track-It!\Track-It! Services\ConfigurationData 
            New installation of Track-It! 11.x    C:\Program Files\BMC Software\Track-It!\Track-It! Services\ConfigurationData
            
             
          1. Open the TrackIt.Core.DataAccess.xml with Notepad. The file will contain 6 lines that have the SQL server name listed (search for the SQL server name to find them):    
                 
            1. Reports server="SQLServerName" database=...
            2.    
            3. Default server="SQLServerName" database=...
            4.    
            5. System server="SQLServerName" database=...
            6.    
            7. Search server="SQLServerName" database=...
            8.    
            9. Configuration server="SQLServerName" database=...
            10.    
            11. Barcode server="SQLServerName" database=...
            12.   
          2.  
          3. Again, change each ... server= line so that it lists the name of the SQL server, followed by a comma and the port number in use. For example:
            
            Reports server="SQLServerName,1500" database=...
            
             
          1. After entering the port for each of those lines, save the changes to the file and then restart the b>Track-It! Service Management service.
             Adding Exceptions for the Ports in Windows Firewall  
             
          1. On the Track-It! server, click Start -> Run, enter Firewall.cpl and click Ok.
          2.  
          3. Make sure the "Don't allow exceptions" box is not checked.
          4.  
          5. Click the Exceptions tab and then click the Add Port button.
          6.  
          7. In the "Name" field, enter the port name from the list above and enter its associated port number (TCP) into the "Port number" field.
          8.  
          9. Click Ok after adding each one and confirm that the port is checked in the "Programs and Services" window of Windows Firewall.
          10.  
          11. To add sqlservr.exe (if the database resides on the same server), click the Add Program button and browse for the file, normally found under ..\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn.
             Ports Needed to Remote Control and Remotely Audit Machines  
            In order to have Scheduled Audits and "Audit Now" successfully audit the remote machines, each remote workstation to be audited or controlled, which has firewall software installed, will need to have an exception added for the   TIRemoteService.exe

            In addition,   File and Printer Sharing must be allowed through the firewall software. 

            Adding an Exception for TIRemoteService.exe in Windows Firewall  
               
            1. On the remote machine to be audited, click Start -> Run, enter Firewall.cpl and click Ok.
            2.  
            3. Make sure the "Don't allow exceptions" box is not checked (this is labeled "Block all incoming connections" in Windows Vista).
            4.  
            5. Click the Exceptions tab and make sure File and Printer Sharing is already listed and enabled in the exceptions list.
            6.  
            7. Click the Add program button.
            8.  
            9. Click the Browse button on the "Add a Program" window, and open the following directory (this directory will be present if Agent is installed on the machine): C:\Windows\TIREMOTE
            10.  
            11. Select TIRemoteService.exe and click Open.
            12.  
            13. Click Ok when the "Add a Program" window re-appears.
            14.  
            15. Click Ok to close the Windows Firewall.
               Proxy Servers, Routers and their Effect on Remote Control and Remote Audits  
              If a proxy server or router exists between the Track-It! server and the remote workstations, the following   TCP/UDP ports must be opened on the router or proxy server: 
                 
                6502 - Remote Control  
                6711 - Scheduled Audits and "Audit Now"  
                1765 - Scheduled Audits and "Audit Now"  
                1766 - Scheduled Audits and "Audit Now"  
                10597 - Scheduled Audits and "Audit Now" 
                
              Changing the Default Ports of the Track-It! Services

              If it is necessary to change the default ports of the Track-It! specific services because of a port conflict with another service or application, please use the information below.  
                 
              1. Have everyone exit out of Track-It!
              2.  
              3. On the Track-It! server, stop the Track-It! Service Management service.
              4.  
              5. Open the following directory on the Track-It! server (depending on whether Track-It! 11 was installed new or upgraded from 10.x):
                
                Upgraded from Track-It! 10.x    C:\Program Files\Numara Software\Numara Track-It!\Track-It! Services 
                New installation of Track-It! 11.x    C:\Program Files\BMC Software\Track-It!\Track-It! Services
                
                 
              1. Open the TIServiceManagement.exe.config file with Notepad.
              2.  
              3. Click Edit -> Find, enter "RemotingPort" and then click Find Next.
              4.  
              5. By default, the port listed will be 9010. Change this number to 9100 (or another number that you know is available).
              6.  
              7. Save the changes to the file.
              8.  
              9. Make the same port change to the following files in the same directory so that the port specified matches the one set in the TIServiceManagement.exe.config:    
                     
                1. TableEditor.exe.config
                2.    
                3. ServiceManagementTool.exe.config
                4.    
                5. LanguageLoader.exe.config
                6.   
              10.  
              11. Next, open this directory: (depending on whether Track-It! 11.x was installed new or upgraded from 10.x):
                
                Upgraded from Track-It! 10.x    C:\Program Files\Numara Software\Numara Track-It!\Track-It! Services\ConfigurationData 
                New installation of Track-It! 11.x    C:\Program Files\BMC Software\Track-It!\Track-It! Services\ConfigurationData
                
                 
              1. Open the TrackIt.Core.ServiceManagement.SERVICE.xml file with Notepad.
              2.  
              3. Click Edit -> Find, enter "RemotingPort" and then click Find Next.
              4.  
              5. By default, the port listed will be 9010. Change this number to 9100 (or another number that you know is available).
              6.  
              7. Save the changes to the file.
              8.  
              9. Make the same change to the following files:    
                     
                1. TrackIt.Core.ServiceManagement.xml
                2.    
                3. TrackIt.Core.FileStorage.SERVICE.xml
                4.    
                5. TrackIt.Core.FileStorage.xml
                6.    
                7. TrackIt.Core.Search.SERVICE.xml
                8.    
                9. TrackIt.Core.Search.xml
                10.   
              10.  
              11. Next, open the following directory:
                
                Upgraded from Track-It! 10.x    C:\Program Files\Numara Software\Numara Track-It!\Track-It! Server 
                New installation of Track-It! 11.x    C:\Program Files\BMC Software\Track-It!\Track-It! Server
                
                 
              1. Open the SharedApp.config file with Notepad and make the same port change.
              2.  
              3. Next, open the following file with Notepad and change the port number there as well (the build number "11_0_0_320" will depend on the exact build version of Track-It!. You will want to use the latest build number:
                
                ..\Installers\TechnicianClient\en\TechnicianClient_11_0_0_320\   TechnicianClient.exe.config 
                
                 Necessary changes needed for the Technician Client to connect properly after changing ports:

              Each Track-It! Technician Client machine communicates with the server specified in the   TechnicianClient.exe.config file. This file is normally found within several subdirectories of the following folder, and is easiest to find by searching for it specifically: 
                 
                Windows XP/2003    C:\Documents and Settings\%WindowsLogin%\Local Settings\Apps\2.0 
                Windows 7/2008    C:\Users\%WindowsLogin%\AppData\Local\Apps\2.0
                
              After opening the above location, search for the   TechnicianClient.exe.config file.  
                 
              1. Once the file is located, open it with Notepad. If several exist, open each one to check the server name in order to find the active one.
              2.  
              3. Click Edit -> Find, enter "RemotingPort" and then click Find Next.
              4.  
              5. By default, the port listed will be 9010. Change this number to 9100 (or another number that you know is available).
              6.  
              7. Save the changes to the file.
                

                

               


              Article Number:

              000009794


              Article Type:

              Solutions to a Product Problem



                Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles