For Performance Analysis to properly monitor a target on the network, the following ports on the monitored target must be accessible to the SentryOne Server machine(s):
SQL Server Access
tcp 1433 (or whatever port is used by SQL Server)
Azure SQL Database and SQL Data Warehouse
Windows Performance Counter Access
tcp 445 (SMB, RPC/NP)
For WMI access:
tcp 135 (RPC)
one of these ranges:
tcp 49152-65535 (RPC dynamic ports -- Windows Vista, Windows Server 2008, or later versions)
tcp 1024-65535 (RPC dynamic ports -- for older OS versions such as Windows NT 4.0, Windows Server 2000, or Windows Server 2003)
a custom RPC dynamic port range (following)
The one that's difficult for firewalls are the RPC dynamic ports. WMI (or any other process that uses DCOM) connects to it initially using port 135, and the target responds with a dynamic port number for WMI to use for the rest of the session. This port can be in one of the ranges before that are quite large by default.
To address this problem, specify a custom range for RPC dynamic ports. You may have already done this in your environment to enable networked DCOM access for other applications. Start no lower than port 50000, and allocate no fewer than 255 dynamic ports.
For example, on Server 2008 use the following command:
netsh int ipv4 set dynamicport tcp start=50000 num=255
You may need to reboot for the change to take effect.
Additional Information: For more information, see The default dynamic port range for TCP/IP has changed since Windows Vista and in Windows Server 2008 article.
On other Windows versions, use DCOM config in Component Services or the registry. You need to reboot for the change to take effect.
Additional Information: For more information, see the Configure RPC Dynamic Port Allocation article.
You also need to have your network administrator open to the same port range on the firewall between the SentryOne Server machine and any servers monitored with PA.
Additional Information: For more information, see the following articles: