In order for Performance Advisor to properly monitor a server on the network, the following ports on the monitored server must be accessible to the SQL Sentry Server machine(s):
For SQL Server access: tcp 1433 (or whatever port is used by SQL Server)
For Windows Performance Counter access: tcp 445 (SMB, RPC/NP)
For WMI access: tcp 135 (RPC) -and- one of these ranges: tcp 49152-65535 (RPC dynamic ports -- Win2008 and Vista) -or- tcp 1024-65535 (RPC dynamic ports -- NT4, Win2000, Win2003) -or- a custom RPC dynamic port range (see below)
The only one that may be tricky for firewalls are the RPC dynamic ports. WMI (or any other process that uses DCOM) connects to a target server initially using port 135, and the target responds with a dynamic port number for WMI to use for the rest of the session. This port can be in one of the ranges above, which are quite large by default.
To address this, you can easily specify a custom range for RPC dynamic ports. You may have already done this in your environment in order to enable networked DCOM access for other applications. It is recommended that you start no lower than port 50000, and allocate no fewer than 255 dynamic ports.
For example, to do this on Server 2008, you can use this command: netsh int ipv4 set dynamicport tcp start=50000 num=255
You may need to reboot. More info: http://support.microsoft.com/default.aspx/kb/929851
You will also need to have your network administrator open up the same port range on the firewall between the SQL Sentry Server machine and any servers monitored with PA.
See Also: How to configure RPC dynamic port allocation to work with firewallshttp://support.microsoft.com/kb/154596
How To Restrict TCP/IP Ports on Windows 2000 and Windows XP: http://support.microsoft.com/kb/300083
Using Distributed COM with Firewalls: http://msdn.microsoft.com/en-us/library/ms809327.aspx
How to troubleshoot WMI-related issues in Windows XP SP2: http://support.microsoft.com/kb/875605
DCOM port range configuration problems: http://support.microsoft.com/default.aspx/kb/217351
The default dynamic port range for TCP/IP has changed in Windows Vista and in Windows Server 2008:http://support.microsoft.com/default.aspx/kb/929851
Troubleshooting RPC across Firewalls (or, what the developers forgot to explain):http://www.bandwidthco.com/whitepapers/netforensics/rpc/Troubleshooting%20RPC%20Across%20Firewalls.pdf
Service overview and network port requirements for the Windows Server system:http://support.microsoft.com/kb/300083