Performance Analysis Required Ports

For Performance Analysis to properly monitor a target on the network, the following ports on the monitored target must be accessible to the SentryOne Server machine(s):

SQL Server Access

tcp 1433 (or whatever port is used by SQL Server)

Azure SQL Database and SQL Data Warehouse

tcp 1433

Windows Performance Counter Access

tcp 445 (SMB, RPC/NP)

For WMI access:

tcp 135 (RPC)

-and-

one of these ranges:

tcp 49152-65535 (RPC dynamic ports -- Vista and Win2008)

-or-

tcp 1024-65535 (RPC dynamic ports -- NT4, Win2000, Win2003)

-or-

a custom RPC dynamic port range (following)

The one that's difficult for firewalls are the RPC dynamic ports. WMI (or any other process that uses DCOM) connects to it initially using port 135, and the target responds with a dynamic port number for WMI to use for the rest of the session. This port can be in one of the ranges before that are quite large by default. 

Custom Range

To address this problem, specify a custom range for RPC dynamic ports. You may have already done this in your environment to enable networked DCOM access for other applications. Start no lower than port 50000, and allocate no fewer than 255 dynamic ports.

For example, on Server 2008 use the following command:

netsh int ipv4 set dynamicport tcp start=50000 num=255

You may need to reboot for the change to take effect. For more information, see the The default dynamic port range for TCP/IP has changed since Windows Vista and in Windows Server 2008 article.

Additional Information

On other Windows versions, use DCOM config in Component Services or the registry. You need to reboot for the change to take effect. For more information, see the Configure RPC Dynamic Port Allocation article.

You also need to have your network administrator open to the same port range on the firewall between the SentryOne Server machine and any servers monitored with PA.

For more information, see the following articles: