How to install on Windows Server 2008 and later versions of Windows Server

  • Article ID: 109664
  • Rating:
  • 2 customers rated this article 3.5 out of 6
  • Updated: 26 Jan 2015

Windows Server 2008 and later versions of Windows Server have a built-in software firewall enabled by default. If this (or any other firewall) is used to restrict traffic on a network which has PureMessage installed, then it may be necessary to make some configuration changes to the firewall in order for PureMessage to work properly. Ensure that any changes made to your firewall configuration comply with your company's security policies.

What to do

1. The SQL Server

Every instance of the PureMessage server requires access to a SQL Server. If a PureMessage Server is installed on a computer remote to the SQL Server you must ensure that any firewall is configured to allow the communication.

Before you begin the installation of PureMessage, ensure the following:

  1. The SQL Server uses fixed ports rather than dynamic ports. See Microsoft's documentation at:
    - http://support.microsoft.com/kb/823938
  2. The firewall is configured to allow access to the fixed port from all instances of PureMessage Server. See Microsoft's documentation at:
    - http://technet.microsoft.com/en-us/library/ms175043.aspx (for all currently supported versions of SQL)
  3. If necessary (for example if not using the default SQL instance on TCP port 1433) ensure that the firewall is configured to allow access to the SQL Server Browser service on UDP port 1434 from all instances of PureMessage Server. See Microsoft's documentation at:
    - http://technet.microsoft.com/en-us/library/ms175043.aspx (for all currently supported versions of SQL)

2. The PureMessage Console and Server

PureMessage Administration Consoles and PureMessage Servers located on different physical machines require DCOM connections over the network in order to communicate. This is necessary for:

  • Remote administration of a PureMessage Server from a Console located on a different computer.
  • Multiple PureMessage Servers in a group.
  • A PureMessage Server located on an Exchange 2007 or Exchange 2010 Mailbox-only server, using another PureMessage Server located on a mail transport server for mail delivery.

For the Windows Server firewall this can be achieved by performing the following steps, which should be taken on all computers that have PureMessage installed:

  1. Open up the 'Windows Firewall Settings'
  2. Switch to the 'Exceptions' tab
  3. Select the 'Add program...' button
  4. Browse to the 'beacon.exe' program, which is located within the 'bin' sub-folder of the PureMessage installation folder (e.g. C:\Program Files\Sophos\PureMessage\Bin\beacon.exe)
  5. Select the 'Change Scope...' button and select a scope that is appropriate to your network requirements
  6. Accept the change
  7. If the Server component of PureMessage is installed, then repeat for the 'SavexSrvc.exe' program. This is located in the same folder as 'beacon.exe'.
  8. Select the 'Add port...' button
  9. On servers running the anti-virus and anti-spam version of PureMessage, enter the port number used by the 'Quarantine Digest' website, by default this will be 8081 TCP but may be different on each server
  10. Accept the change

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments