Firewall and DNS configurations (Domino Server) within ESXi VM

Posted on July 21, 2019 by Paul

FQDN of IP address – DA-OJAI-VM (Windows Server 2016 Test – Domino 10)
-A Record and PTR Record must point to the correct IP address for the server
-nslookup is useful to confirm that the A and PTR records are configured correctly in your DNS
-mxtoolbox.com is an old friend for various interrogations of IP addresses, etc
-Now that’s fixed, and the inbound rule for ICMP was set to Profile Public, I can now ping to the FQDN and it resolves correctly to the server’s IP address

Network settings within Server 2016
-Originally configured to Private, and changed to Public
-I think that was the primary reason I was unable to get the Domino Server online

IBM Domino Port 2050 for Console
This document explains how Domino Server Controller can fail to startup without Pot 2050 configured correctly.

-Originally, problem was that Domino Console would give an error about port 2050, which would affect both accessing console and also getting Domino running
-Now that Network security is Public (vs Private), added a rule to allow inbound TCP for port 2050
-Now, when I do netstat -a from Server terminal, I get: TCP 0.0.0.0 listening for Port 1352 and my server’s external IP address listening for port 2050
-During troubleshooting, I had opened up the Public Profile firewall too much, so turning off Inbound connections “allow” – so I’m required to have specific rules. Before changing firewall, shutdown Domino. Changed public firewall to block (default) incoming. Confirmed rule for 1352 (added the internal address) and rule for 2050. Started IBM Domino Service; went into Domino Console and added server.id password; netstat -a looks good for 1352 and 2050.

IBM Domino Port 1352

IBM Domino Console and embedded password – somewhat related to security…
-Would be nice to not have to manually enter this each time.

Allowing Ping from outside to the server
-To enable inbound rule of allowing ICMP packets, select ‘Inbound Rules’. Find out and right click on ‘File and Printer Sharing (Echo Request –ICMPv4-In’), select Enable Rule. That will allow incoming ping requests in Windows 2012 R2/2016 server and respond to them without completely disabling firewall service.
-I think what I was overlooking was that under “Advanced” the Profile was set to Private, and I needed to add Public
-That freakin’ immediately resolved doing a ping from the outside to the server
-I can also ping externally to the FQDN, which resolves correctly to server IP Address

About Paul

CERT Coordinator, Ham Radio Operator, GTD Fan; Photographer; Domino/Notes Administrator
This entry was posted in Domino, IBM, Network, Server, VMware and tagged . Bookmark the permalink.