SMS_HIERARCHY_MANAGER reports (Message ID=3353):
"Hierarchy Monitoring detected that the ConfigMgr SQL Server <fqdn> ports 1433,4022, are not active on Firewall exception."
However, the image below shows (I think) that the ports are definitely open.
Firewall server is running, profile is domain, I only configured inbound rules.
What is wrong ?

Is your SQL Server instance on the same system as your primary site server? If not, on which server did you configure these rules?

On the same system (and actually I am not sure if opening ports is even necessary then)

No, it's not technically necessary if they are collocated and you have no secondary sites, but the hierarchy manager will still complain no mater what (in RTM it will even complain if you have the firewall completely disabled -- don't know if that got fixed in SP1 or not).

Are you continuing to get the above message?

I am running SP1, if necessary I can see what happens if I disable firewall, but a little later today only.

And yes, I get the message every approx. 15 minutes.

SCCM and SQL Server collocated, no secondary site.

Messages summaries are shown in "Site Status" and by the roles "Application Catalog website point" and "Application Catalog web service point"

Tried telnet'ing the ports from a client machine, ports are open.

• Edited by EuroEager Monday, January 28, 2013 7:03 AM

  I only configured inbound rules.

Try adding outbound rules, too.

As mentioned disabling probably won't change anything. Everything appears to be configured correctly so at this point I would actually delete and recreate the rule. I would also use a different name for the rule -- it's possible that the @ is throwing it off.

Seems like it is ok now and the effective change I did was to remove the Default Application Catalog in settings for Custom Client Settings.
(Should I normally use the Default Client Settings ?).
I know nothing about consequences of this but there are no new error messages generated anymore.

I does not seem like the firewall rule name matters (back to leading @ now).

However the Site Status still indicates Critical status for Application Catalog website point and Application Catlog web service point.
(Please bare over with me, I am a completely newbee on DPM and the rest of the SC family).

At the moment I am installing DPM 2012 SP1 Update Rollup 1 which is supposed to solve other problems, particularly for DPM (client machine names may be case sensitive) which I hope will rectify the problem I got with DPM, but that is another forum I guess :)

See awebsctl.log and portlctl.log. Please create a new thread in the future if the question is no longer related to the original one.

I saw this issue on a brand new ConfigMgr 2012 SP1 install.

Local SQL server

I saw the same errors show up in SMS_HIERARCHY_MANAGER

Added a single firewall rule in just like EuroEager did with both ports listed in the single rule

Rebooted the ConfigMgr server, waited a couple hours, still got same errors in SMS_HIERARCHY_MANAGER.  Multiple reboots of ConfigMgr server and clearing status of SMS_HIERARCHY_MANAGER, still getting messages saying SQL ports are not open.

Deleted the rule I created that contained both ports

Created 2 new firewall rules, one for each port

Rebooted the ConfigMgr server, checked on it the next day and the errors had stopped coming into SMS_HIERARCHY_MANAGER as of the previouis day, at around the time I made this change

If anyone else experiences this issue, check to see if you only created one firewall rule with both ports.  It could be that ConfigMgr is looking for both individual rules before it will stop alerting with this error

• Proposed as answer by Ralph Kyttle (New Signature) Tuesday, May 21, 2013 1:49 PM

creating the two separate rules worked instantly