Ports Needed for KACE Client on Remote Systems?
Hello, we recently moved a handful of offsite/remote domain-connected servers from one hosting provider to another, and ever since the move, those agents won't check in. I've manually removed and reinstalled the agent of them, but no joy. Their firewall admin is asking for any usual ports needed for the client and the only one I have documented is 65334. Someone in another thread mentions "52230/tcp of the K1000 is reachable as well". Am I missing something? Thanks
Answers (2)
What version of the SMA?
What version of the Agent?
The more current agent versions use port 443 to set up an SSL tunnel to the SMA.
Did you review the C:\ProgramData\Quest\KACE\konea.log and the C:\ProgramData\Quest\KACE\user\KAgent.log files for errors?
Did you check the SMA agent quarantine?
It is most likely not a port issue, it could also be an SSL trust issue.Knowledge base article: https://support.quest.com/kb/4214233/sma-external-listening-port-and-zones-explained
Comments:
-
Thanks for the info!
SMA 13.2.182, agent 13.2.27
Nothing in quarantine.
Reviewing logs later today.
The weird thing is that half (6) of the servers on that same remote subnet connect just fine, these other five don't. Looking in detail at these five to see if there's anything I'm missing.
SSL trust is something I'll look at.
Thanks again - OMIC_LS 6 months ago
Hi, I always use this KB for this kind of situation.
https://support.quest.com/kace-systems-management-appliance/kb/4211365
Now, for quite some time the SMA Agent only communicates via port 443. So that port should always be open and be sure not to have any SSL inspectors or anything that could be sniffing their connection or the SMA will drop it thinking that it is a man-in-the-middle attack.
Also, check the konea log on some of those devices and get help from support.