SCVMM Powershell - BITSTcpPort

B.I.T.S - Background Intelligent Transfer Service - is also utilized by VMM for a.e. file transfer purposes and if you come across to change the port manually, you basically have to touch the registry of each SCVMM managed computer as there is no way to do this in UI. Especially when you have large scale deployments, PowerShell more specific the VMM module become your best friend

The script is really very simple and goes and checks out what key is present and modifies this based on VMM server or agent deployment, that makes it easy and we can run that script over all VMM managed computers doesn't matter if clustered or standalone deployment

first of all we collect computers from VMM and command to use here is Get-SCVMMManagedComputer 

next is the foreach loop to walkthrough of all computers and use a invoke-command with parameter -Scriptblock which has remote capabilities and execute Set-ItemProperty to update BITSTcpPort value. as I mentioned, this is depending of role server / agent therefore I created a check before and based on results I execute the right pattern

Please Note: In my example I had used TCP port 5987 - [int]$BITSTcpPort= "5987" - but you can change it to any non-well known port in your environment. Verify in "HKLM\SOFTWARE\Microsoft\Microsoft System Center Virtual Machine Manager Server\Settings" what ports are already in use by VMM and select a free available port above port 1024

You probably have seen that I do not automatically restart VMM server service so if you want to have that automated too, just remove the # before restart-service command


Once the above change was completed, I did run into following VMM deployment error

Error (2940)
VMM is unable to complete the requested file transfer. The connection to the HTTP server could not be established.
Unknown error (0x80072ee2)

Recommended Action
Ensure that the HTTP service and/or the agent on the machine are installed and running and that a firewall is not blocking HTTP/HTTPS traffic on the configured port.

0x80072ee2 - WININET_E_TIMEOUT - this looks like communication issues so I did some further investigation and finally root cause was the local firewall was blocking the new ports which we configured above. Which makes sense, as this is a non-well-known port and therefore blocked, so all good. if you have Windows firewall configured and actively running, you need to configure exceptions for those new ports we are using for BITS communication in my example TCP 5987. for Windows firewall you can use New-NetFirewallRule or netsh command

New-NetFirewallRule -DisplayName 'VMM Inbound Ports' -Profile @('Domain', 'Private') -Direction Inbound -Action Allow -Protocol TCP -LocalPort @('5985', '5986', '5987' )

here are also few related articles around VMM, BITS and WMI

Scripts for Download @ GitHub:

as usual, any scripts I publish should only be used as examples and usually requires modification before running that against your PROD environment