When backing up a Windows 2008 R2 server with the firewall enabled the backup job fails (sometime intermittently). You may see errors such as the below in the logs.
error: Freezing guest operating system Unfreeze error (over VIX): [Backup job failed.]
VSSControl: IsSnaphotInProgress failed. Transaction logs will not be truncated.
RPC function call failed. Function name [IsSnapshotInProgress]. Target Machine: yourserver
RPC error: The RPC server is unavailable. Code: 1722
This is due to RPC using dynamic port allocation and the Windows firewall not being able to allow this. The fix can be found in this article and is summarised below
To verify this is the case you can try running a backup with the windows firewall switch off and UAC disabled.
Fix Step 1 – Create the below registry key to restrict the ports used by RPC.
There are two ways of doing this
Option 1: Manually create registry keys:-
1. Create the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet
2. Create a new REG_MULTI_SZ value HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet\Ports
Enter the range of ports to use (you can use multiple lines for multiple ranges),
3. Create a new REG_SZ value HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet\PortsInternetAvailable = “Y”
4. Create a new REG_SZ value HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet\UseInternetPorts = “Y”
Option 2: Import .reg file:-
Alternatively create a text file with a .reg extension (e.g. RPC_internet_ports.reg) and paste the below into it:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet] "Ports"=hex(7):35,00,30,00,30,00,30,00,2d,00,35,00,31,00,30,00,30,00,00,00,00,\ 00 "PortsInternetAvailable"="Y" "UseInternetPorts"="Y"
You can then double click this file to import the info into the registry.
Please manually check that the registry keys have been created.
Fix Step 2 – Allow ports through the firewall
Go to the control panel – windows firewall – advanced settings. Create a new inbound rule and specify the port range set in step 1.
Set it to “allow secure connections” and
Allow the VEEAM service account (i.e. the user account that the veeam backup server uses)
Specify the VEEAM backup server
Apply to all networks (home, work, public).
Click finish. You will now need to reboot the server before the next backup.