none
2012 SP1 Agent install fails on all RODC RRS feed

  • Question

  • I have just upgraded from 2012 to 2012 SP1 and all of Remote Office RODC servers failed to upgrade.  (During the process I reinstalled the OS of the DPM server, went from 2008 R2 to 2012)

    All of my non RODC servers are ok and backing up.

    When I try to install the agent manually I get the following. 

    DPMAgentInstaller failed with errorcode =0x80070643, error says: Fatal error during installation.

    Check log files in [WINDIR]Temp\MSDPM*.LOG

    Relevant info from MSDPMAgentInstall.log

    CustomAction _DoMachineIndependentDPMConfiguration.88BD42D4_8EBE_4E98_B407_81775C1F7E9C returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
    MSI (s) (3C:30) [12:08:09:057]: User policy value 'DisableRollback' is 0
    MSI (s) (3C:30) [12:08:09:057]: Machine policy value 'DisableRollback' is 0
    Action ended 12:08:09: InstallExecute. Return value 3.

    Relevant info from MSDPMAgentBootstrap0Curr.errlog

    176C 15A8 01/21 17:05:48.914 06 bootstrapmsihelper.cpp(1325)   NORM1450 0CCC 01/21 17:05:49.039 10 main.cpp(2418)   NORMAL CreateDPMRAService started
    1450 0CCC 01/21 17:05:49.039 10 main.cpp(2314)   WARNING Failed: Hr: = [0x80070424] : Encountered Failure: : lVal : (HANDLE)(schService = OpenServiceW( schSCManager, strServiceName.PeekStr(), (0x00010000L) | 0x0020 | 0x0004 | 0x0002))
    1450 0CCC 01/21 17:05:49.039 10 main.cpp(2327)   WARNING Failed: Hr: = [0x80070424] DeleteServiceByName for service[DPMRA] failed
    1450 12B8 01/21 17:05:49.242 10 main.cpp(3577)   WARNING Failure in getting members of local group DPMRATrustedMachinesGroup
    1450 12B8 01/21 17:05:49.242 10 main.cpp(3578)   WARNING Failed: Hr: = [0x80070560] : Encountered Failure: : lVal : (UINT)status
    1450 12B8 01/21 17:05:49.242 10 main.cpp(3625)   WARNING Failed: Hr: = [0x80070560] CleanupDcomLaunchPermisions failed
    1450 12B8 01/21 17:05:49.258 03 dcomutils.cpp(946)   WARNING DeleteLocalGroup: NetLocalGroupDel returned errorcode 1376
    1450 12B8 01/21 17:05:49.258 03 dcomutils.cpp(946)   WARNING DeleteLocalGroup: NetLocalGroupDel returned errorcode 1376
    1450 12B8 01/21 17:05:49.258 03 dcomutils.cpp(946)   WARNING DeleteLocalGroup: NetLocalGroupDel returned errorcode 2220
    1450 12B8 01/21 17:05:49.258 03 dcomutils.cpp(996)   WARNING AddLocalGroup: NetLocalGroupAdd for group[DPMRATrustedDPMRAs$xxxDCPRD] returned error 32
    1450 12B8 01/21 17:05:49.258 10 main.cpp(1269)   WARNING AddUserGroup : Unable to add local group[DPMRATrustedDPMRAs$xxxDCPRD] with an errorcode= 32
    1450 12B8 01/21 17:05:49.258 10 main.cpp(4235)   WARNING Failed: Hr: = [0x80070032] : Encountered Failure: : lVal : AddRADlsTrustedMachinesGroup(hInstall)
    1450 12B8 01/21 17:05:49.258 10 main.cpp(4242)   WARNING Failed: Hr: = [0x80070032] DoMachineIndependentDPMConfiguration failed

    I have recreated the DC specific AD Groups and added the DPM Computer account.

          DPMRADCOMTRUSTEDMACHINES$DCNAME

          DPMRADMTRUSTEDMACHINES$DCNAME

    Monday, January 21, 2013 6:34 PM

Answers

  • Ok, so this was the solution to my problem.

    Setdpmserver is not used for RODC.  You need to run the powershell command below on the dpm server.

    .\Attach-ProductionServer.ps1 <dpm fqdn> <protectedserver fqdn> <username> <password> <domain>

    • Marked as answer by Geaux-Tigers Wednesday, January 23, 2013 11:13 PM
    Wednesday, January 23, 2013 11:13 PM

All replies

  • Hi

    When you uninstall the DPM agent on the RODC also remove the folder left by DPM.

    Make sure that the windows installer service is not disabled but set to manual.

    As a test add the DPM server to the administrator group and see if it installs, might be permissions causing an issue (you can remove the DPM server again)

    Wednesday, January 23, 2013 3:35 PM
  • Thanks for the suggestions.

    1. I already tried removing \Program Files\Data Protection Manager

    2. The service is set to manual

    3.  I added the DPM computer account to Domain Admins, verified veplication had taken place but still no install

    Wednesday, January 23, 2013 4:46 PM
  • Hi,

    We had a similar issue here when installing a DPM 2012 SP1 Protection Agent on a RODC.

    After digging through the DPM Failure Logs, we found that SP1 not only creates DPMRADCOMTRUSTEDMACHINES<PSNAME> and DPMRADMTRUSTEDMACHINES<PSNAME> but it also creates a 3rd Active Directory entry by the name of 'DPMRATRUSTEDDPMRAS<PSNAME>'.

    Try adding this 3rd AD entry into the same location as the previous two and you should be able to sucessfully install the Agent on a 2012 Server. However, after we managed to get over the hurdle of installing the Agent and attaching it to our DPM Server, we ran into another brick wall when running the 'SETDPMSERVER' command on the Protected Server.

    After running the command, it gives us an error message: SetDpmServer failed with errorcode =0x80070032, error says: The request is not s
    upported.

    If you manage to install the Agent on the Protected Server, see if you can run the 'setdpmserver' without an issues. Hopefully you won't run into the same problem we're currently facing!

    Wednesday, January 23, 2013 5:59 PM
  • Yep, that got me past the install error.

    Now I get the same error you get trying to setdpmserver.

    The RODC is Server 2008 R2.

    EDIT:  I have a Support Case open with Microsoft on this right now, will update if/when I find a resolution.

    • Edited by Geaux-Tigers Wednesday, January 23, 2013 9:29 PM
    Wednesday, January 23, 2013 7:46 PM
  • Can you please follow the article http://technet.microsoft.com/en-us/library/hh757994.aspx to install DPM agent on RODC. The only change is that you also need to create the group DPMRATRUSTEDDPMRAS$<Machine name> apart from the other 2 groups and then follow the same steps. Please see: Troubleshooting Installation Issues - http://technet.microsoft.com/en-us/library/hh872947.aspx

    Regards, Rajeev Narshana [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights

    Wednesday, January 23, 2013 9:34 PM
    Moderator
  • Ok, so this was the solution to my problem.

    Setdpmserver is not used for RODC.  You need to run the powershell command below on the dpm server.

    .\Attach-ProductionServer.ps1 <dpm fqdn> <protectedserver fqdn> <username> <password> <domain>

    • Marked as answer by Geaux-Tigers Wednesday, January 23, 2013 11:13 PM
    Wednesday, January 23, 2013 11:13 PM
  • These are the steps I had to take for each RODC.  Keep in mind I reinstalled the OS on my DPM Server so the DCOM permissions were for the old SID.

     

    1.  Add  DPMRATRUSTEDDPMRAS<$RODCSERVERNAME>

    2.  Verify AD Replication

    3   Uninstall the old DPM Agent.

    4.  Install agent from "\\DPMSERVER\c$\Program Files\Microsoft System Center 2012\DPM\DPM\ProtectionAgents\RA\4.1.3313.0"

    5.  Add DCOM Launch permissions for the RODC.

    6.  Copy setupdpm.exe from \\DPMSERVER\c$\Program Files\Microsoft System Center 2012\DPM\DPM\Setup to C:\Program Files\Microsoft Data Protection Manager\DPM\bin on the RODC.  The documentation says \dpm\setup but that folder doesn't exist.  It will run from the bin folder.

    7.  Run from Elevated Command Prompt - "C:\Program Files\Microsoft Data Protection Manager\DPM\bin\setagentcfg.exe" a DPMRA domain\dpmservername

    8.  On DPMServer open DPM Management Shell and run:  .\Attach-ProductionServer.ps1 galdpm.gisy.com mandcprd.gisy.com <username> <password> <domain>

    If you have DPM 2012 SP1 Rollup1 installed on the DPM Server do the following.

    9.  Copy \\DPMSERVER\c$\Program Files\Microsoft System Center 2012\DPM\DPM\agents\RA\4.1.3322.0 to RODC.

    10. Run DPMAgentInstaller_KB2791508_AMD64.exe if its a 64bit or DPMAgentInstaller_KB2791508.exe if its a 32bit.

    This is a comment for the DPM Dev team.  REALLY????  I never did understand why DPM on RODC servers was so cumbersome.  Please devote a little time to making this easier on us.  (and not require a call to support)

     


    • Edited by Geaux-Tigers Thursday, January 24, 2013 12:36 AM
    Thursday, January 24, 2013 12:36 AM
  • Spot on Geaux! I just attempted the solution you posted and it worked first time!!

    Must agree though! I'm very disappointed myself with Microsoft's Documentation on installing DPM SP1 on a RODC. Surely to God this must have been tested fully before the RTM version was released..

    Thursday, January 24, 2013 10:38 AM