When initially pairing or starting a backup of a protected machine running Windows Server 2012, you the errors unable to start backup because agent service is stopped, or the host is unreachable, despite correct settings in Windows Firewall and in anti-virus exceptions.
- Datto SIRIS
- Datto ALTO
- Datto Windows Agent
- Storagecraft ShadowSnap Agent
DirectAccess settings in the Group Policy are preventing communication between the backup agent and the Datto appliance. This will result in both agent pairing and backup failures.
1. Open the Configure DirectAccess in Windows Server Essentials article from Microsoft's knowledge base.
2. Follow the instructions in Step 7. When referencing ports, use port 25566 to allow the ShadowSnap agent, and 25568 for the Datto Windows Agent. Step 9 can be used to allow a port range if applicable.