Solved

Laptop unable to connect to Edge Drive from an external network

  • 8 October 2021
  • 9 replies
  • 484 views

Userlevel 4

Hello Commvault Community, 

 

Maybe you have an idea why there is a problem connecting to the Edge Drive via a laptop from a network other than the internal one.

 

Unable to connect an off-site laptop to Edge Drive. Laptop is not added to Active Directory, it works in a workgroup. Authorizing access through the Edge Drive configuration to a domain account.
 

An error with authorization to the given user account appears in the logs (the account and password are entered correctly, the ability to log in to the webconsole). Access infrastructure via DMZ and installed server with firewall issued port 8403.
 

Network topology - network gateway (laptop) configuration between defined Laptop Clients groups and Commvault infrastructure servers.
 

If the laptop mentioned above is on the internal LAN then everything works fine.
 

There seems to be a problem handing over communication from the Webconsole server in the DMZ to the Commvault on the internal network.

 

In the attachment I am sending screenshots from the configuration. If you need additional information, please let me know what to send in order to analyze the problem.

 

Please help identify the problem, whether it is a configuration problem or a communication problem.

 

Thanks & Regards
Kamil

icon

Best answer by Gokul Pattabiraman 18 October 2021, 17:29

View original

9 replies

Userlevel 7
Badge +23

You always have interesting questions!

I’m going to check with some of our internal folks to ensure this is a supported config, then work on ensuring you have everything set up properly.

Userlevel 7
Badge +23

In reading the docs, it seems like being on AD is a requirement, though I’m not 100% sure:

https://documentation.commvault.com/commvault/v11_sp20/article?p=41515.htm

I’m going to check with our docs team to see if they can clarify.

Userlevel 7
Badge +23

@Kamil , can you share the error screenshot?  I spoke to one of our devs who mentioned that the laptop doesn't have to be on AD for Edge drive

To configure, we just need the webconsole URL to be accessible and proper network topology defined with CS/MA.. that is assumed as laptop backups are working..

He wants to see the error message you are getting.

Thanks!!

Userlevel 4

Hello @Mike Struening  and the rest of the Commvault Community :) 

 

I am sending 3 screenshots showing error during login. 

---

A little description:

 

We have Webconsole in the DMZ zone, and Comserve and Media Agents in LAN.

 

When I try to access Edge drive on a client that is outside the company, I have a login error.

 

According to the assumption of the implementation of Edge Drive, all operations and interactions with the client's Commvault environment should take place via Webconsole in the DMZ zone for the client outside the company, of course.

 

And now, when we deceive the client outside the company in such a way that I will write in the hosts file that the public Webconsole address from the DMZ zone is the Commserwe managing server, the Drive activation process goes without a problem and it should be done via the Webconsole server in the DMZ.
 

Like the DNS name doesn't match ???

 

Regards,

Kamil

Userlevel 2
Badge +3

Hello @Kamil ,

From your description and error screenshots it does appear that the laptop client outside the company network is unable to access the web console in the DMZ. The web console URL will be retrieved from one of the below registry key values on the laptop client and ideally they should be reachable as you mentioned they are in the DMZ. Could you please verify if the value in either of the below registry location is set as expected and also if while the laptop client is outside the company network the URL in these registry keys are reachable via browser or not?

 

Registry Key Locations:

“HKEY_LOCAL_MACHINE\SOFTWARE\CommVault Systems\Galaxy\Instance001\Jobinfo\sCustomWebConsoleUrl”
“HKEY_LOCAL_MACHINE\SOFTWARE\CommVault Systems\Galaxy\Instance001\Jobinfo\sWebConsoleUrl”

Userlevel 4

Hi Guys,

 

I am still waiting for information and verification of the recommended actions. When I get an answer, I'll be back with the information.

 

Regards,
Kamil

Userlevel 4

Message from Client:

 

There is only the "sWebConsoleUrl" key in the registry.

 

Value: http://xyz.com:80/webconsole/clientDetails/fsDetails.do?clientName=CLIENTNAME

 

cv-commserve.ap.arr.gov.pl is the Commserve managing server, which is located in the LAN

 

I understand that you should define a server from the DMZ zone, i.e. "files.kowr.gov.pl"

 

Is the second "sCustomWebConsoleUrl" key required, and what value should it be?

 

 

Regards,

Kamil

Userlevel 2
Badge +3

@Kamil ,

This looks to be the problem. We can use the second “sCustomWebConsoleUrl” to customize the URL with a DMZ facing web console, as an additional setting configuration preferably on the laptop client computer group.

Please refer documentation below for detailed guidance. This should resolve the issue.

 

FR20: Modifying the Web Console URL for Edge Monitor for Laptop Backup (commvault.com)

FR24:Modifying the Web Console URL for Edge Monitor for Laptop Backup (commvault.com)

 

Regards,

Gokul

Userlevel 4

Hi @Gokul Pattabiraman 

It looks like the problem has been resolved. Thank you for your help. I mean "Best Answer" :)

 

Thanks & Regards,
Kamil

Reply