Tuesday, May 8, 2012

Firewalls Suck Time

Some days you just can't argue with simplicity. Duplicity is another story.

Junior admins remember, all is not as it appears.

While knocking off a number of issues at a client site upgrade it was reported a server was not accessible from the Domino Administration client. Funny thing is, the servers were replicating with it, no problem at all. But no clients could connect to it.

I asked the usual questions, have you verified DNS names, server document references, TCPIP references, etc.

All looked good they say. At a certain point it impedes my efforts so off I go to troubleshoot this one. Here is what I find:

1)  Server document security page has no one allowed to access the server. Similarly the admin group and server group were not listed. Security settings were all default too. I know we set them, some box has an old copy that replicated, fine, changed, still nothing.

2) Can access the server via RDP and map a drive to it, which led me to  #3

3) Windows 2008 Firewall. Damn, that was it. Although we set all the new servers to the exact same settings, this box did not have the clients cleared to be able to access the server.

REALLY!  Having been on site at some government facilities that lock down every port, protocol and driver I should have checked it first, but you know you start with the larger focus and spiral down to smaller and smaller till you nail it.

Nailed it, now on to other things.