none
Backing up untrusted DC with similar domain names RRS feed

  • Question

  • Hi

     

    I have a scenario where I have 3 different domains: MYDOMAIN.local  MYDOMAIN.backup MYDOMAIN.int

    The DPM 2010 server is installed as VM on mydomain.backup

    There is VPN connections between the 3 DC and the mydomain.backup DC have the 2 other domains as forward stub zones and vice versa.

    the servers can all ping eachother both on the fqdn and local IP.

    The DPM server is currently taking backup of other untrusted domain servers, including 3 other DCs in OTHER1.local OTHER2.local OTHER3.local domains

    It is also taking backup of the rest of the servers in MYDOMAIN.int and MYDOMAIN.local

     

    My problem is backing up the 2 DC servers in MYDOMAIN.int and MYDOMAIN.local , I just can't get it working.

    I installed all agents manually with SetDpmServer.exe -dpmServerName backup.MYDOMAIN.backup -isNonDomainServer -userName dpmagentX

    I tried attaching the agents by using the DPM management console, but also with the attach- cmdlet through shell. I can attach the agents, but both agents return with the following error:

    The DPM protection agent on exc-i1exch-012.bzi.exch could not be contacted. Subsequent protection activities for

    this computer may fail if the connection is not established. The attempted contact failed for the following reason:

    (ID 3122)
    The protection agent operation on dc.MYDOMAIN.local failed because the service did not respond. (ID 316

    Details: Internal error code: 0x8099090E)

    In the event viewer I get the following error on both DCs

    A DPM agent failed to communicate with the DPM service on Backup.MYDOMAIN.backup because access is denied. Make sure that Backup.MYDOMAIN.backup has DCOM launch and access permissions for the computer running the DPM agent (Error code: 0x80070005, full name: Backup.MYDOMAIN.backup).

     

    I tried restarting the DPMRA service without luck, any ideas?


    • Edited by Kevsan Tuesday, September 13, 2011 2:24 PM
    Tuesday, September 13, 2011 2:23 PM

Answers

  • Hi Kevsan,

     

    I'm not sure but DPM might face a problem when backup a two servers having the same NETBIOS name. This is Windows acting and not DPM.

    Hope that helps. Let me know if you go any further with your problem.

    // Laith.

     

    __________________________________________________________

    If you found this answer helpful please mark it as an Answer.

    • Proposed as answer by Laith_IT Monday, December 12, 2011 1:30 PM
    • Marked as answer by Kevsan Friday, January 13, 2012 12:46 PM
    Tuesday, November 29, 2011 6:36 AM

All replies

  • What was the attach powershell cmdline you used?
    Regards, Deepan [This posting is provided "AS IS" with no warranties, and confers no rights.] [P.S. If the post answers your question or guides you about what you're looking for, please mark it as answered.]
    Tuesday, September 13, 2011 2:45 PM
  • attach-nondomainserver.ps1 -dpmservername backup.MYDOMAIN.backup -psname dc.MYDOMAIN.local -username dpmagentdc -password Pa$$w0rd
    Wednesday, September 14, 2011 7:15 AM
  • can you check out the %Program Files%\Microsoft Data Protection Manager\DPM\Temp on the DC machines and see if there are any dpmra*.errlog.crash files there?

    In case there isn't any crash file, the .errlog files are simple text files. Does they throw any clue?

    I'll try to check internally if we know of any known issue with protecting DCs using our NTLM auth model.


    Regards, Deepan [This posting is provided "AS IS" with no warranties, and confers no rights.] [P.S. If the post answers your question or guides you about what you're looking for, please mark it as answered.]
    Wednesday, September 14, 2011 4:42 PM
  • I have several dpmra*.errlog files, thousands of lines long, what am I looking for ?
    Friday, September 16, 2011 7:51 AM
  • It seems we do have a communication issue with conflicting domain names if the domain of the DPM server matches the untrusted domain name.

    Considering your scenario where your DC machine is x.mydomain.prod. and DPM is in mydomain.backup. If you have used an account name "dpmAccount" to setup the communication, there are two accounts that get created (One is a domain account "dpmAccount" in the domain mydomain.prod and a local account "dpmAccount" in the DPM Server).

    Looks like somewhere in the scenario we try to resolve the account on the DPM server as a domain account where we fail.

    To workaround see if adding a domain account of the same name "dpmAccount" and same password to the domain mydomain.backup resolves the problem.

     

     


    Regards, Deepan [This posting is provided "AS IS" with no warranties, and confers no rights.] [P.S. If the post answers your question or guides you about what you're looking for, please mark it as answered.]
    Friday, September 16, 2011 3:40 PM
  • Hi Deepanjyoti

    Sorry for the late answer, I've been busy with other stuff :)

     

    I just tried adding the cacount to the backup domain, still getting the same error

    Tuesday, October 4, 2011 12:34 PM
  • Hi Kevsan,

    Was on vacation, hence couldn't reply back earlier.

    I guess it would be better if you get in touch with MS support for resolution of the issue.


    Regards, Deepan [This posting is provided "AS IS" with no warranties, and confers no rights.] [P.S. If the post answers your question or guides you about what you're looking for, please mark it as answered.]
    Monday, October 24, 2011 6:22 AM
  • Hi,

    This might be a communication issue.

    Since you have a VPN connection to the DCs then there is a set of rules and services that are allowed through that VPN connection

    Make sure that these ports are allowed from both sides in VPN

    http://technet.microsoft.com/en-us/library/ff399341.aspx

    Are you able to backup any servers on these domains where the DCs placed?

     

    // Laith.

     

    Tuesday, October 25, 2011 5:33 AM
  • Hi Laith.

    I can back up all other servers but the DCs. I disabled firewalls on both servers to eliminate possible firewall issues, but without any luck.

    I'm almost certain the the issue related to the netbios domain names being equal both named MYDOMAIN , but with different extensions MYDOMAIN.local and MYDOMAIN.backup. I can back up other DCs without issues.

    Wednesday, November 2, 2011 10:08 AM
  • Hi Kevsan,

     

    I'm not sure but DPM might face a problem when backup a two servers having the same NETBIOS name. This is Windows acting and not DPM.

    Hope that helps. Let me know if you go any further with your problem.

    // Laith.

     

    __________________________________________________________

    If you found this answer helpful please mark it as an Answer.

    • Proposed as answer by Laith_IT Monday, December 12, 2011 1:30 PM
    • Marked as answer by Kevsan Friday, January 13, 2012 12:46 PM
    Tuesday, November 29, 2011 6:36 AM
  • So in short, there's no solution to the problem other than not using the same NETBIOS name.
    Friday, January 13, 2012 12:47 PM