Performance Analysis Required Ports

For Performance Analysis to properly monitor a target on the network, the following ports on the monitored target must be accessible to the SentryOne Server machine(s):

SQL Server Access

tcp 1433 (or whatever port is used by SQL Server)

Azure SQL Database and SQL Data Warehouse

tcp 1433

Windows Performance Counter Access

tcp 445 (SMB, RPC/NP)

For WMI access:

tcp 135 (RPC)

-and-

one of these ranges:

tcp 49152-65535 (RPC dynamic ports -- Windows Vista, Windows Server 2008, or later versions)

-or-

tcp 1024-65535 (RPC dynamic ports -- for older OS versions such as Windows NT 4.0, Windows Server 2000, or Windows Server 2003)

-or-

a custom RPC dynamic port range (following)

The one that's difficult for firewalls are the RPC dynamic ports. WMI (or any other process that uses DCOM) connects to it initially using port 135, and the target responds with a dynamic port number for WMI to use for the rest of the session. This port can be in one of the ranges before that are quite large by default. 

Custom Range

To address this problem, specify a custom range for RPC dynamic ports. You may have already done this in your environment to enable networked DCOM access for other applications. Start no lower than port 50000, and allocate no fewer than 255 dynamic ports.

For example, on Server 2008 use the following command:

netsh int ipv4 set dynamicport tcp start=50000 num=255

You may need to reboot for the change to take effect. 

Additional Information

On other Windows versions, use DCOM config in Component Services or the registry. You need to reboot for the change to take effect. 

Additional Information: For more information, see the Configure RPC Dynamic Port Allocation article.

You also need to have your network administrator open to the same port range on the firewall between the SentryOne Server machine and any servers monitored with PA.