none
DPM 2012 R2 End-user recovery not working: DPM found no recovery points which you are authorized to restore on the specified DPM Server RRS feed

  • Question

  • Backups are succeeding on the clients but end-user recovery is not available with the familiar error:

    DPM found no recovery points which you are authorized to restore on the specified DPM Server. You can restore only those recovery points for which you were an administrator at the time the backup was taken. To restore other recovery points, contact your DPM administrator, or attempt to restore from another DPM.

    Even using a domain admin account which is also explicitly a member of the local Administrators group. It definitely does have permission to the DPM server.

    Monday, March 17, 2014 12:22 AM

All replies

  • Hi,

    DPM Client UI tool leverages WCF (Windows Communication Foundation) which uses TCP port 6075 on the DPM server for communication when doing recoveries.
     
    It may be necessary to create a rule on the firewall to allow this traffic.

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Monday, March 17, 2014 12:46 AM
    Moderator
  • Definitely not possible. Both the DPM server and the laptop where I am trying to get the recovery tab to work on have the Windows firewall turned off on domain networks.
    Monday, March 17, 2014 12:56 AM
  • Hi, this is not a solution. I have windows firewall turned off on all profiles and EUR is still not working.

    Jan Marek MCT | MCITP | MCTS

    Tuesday, April 1, 2014 5:52 PM
  • Please remove as answer. I have port 6075 open and firewall off for testing and still get this error.

    BD

    Tuesday, April 8, 2014 3:18 PM
  • Hi,

    Make sure that the DPMAMService is started and is listening on port 6075.

    C:\Windows\system32>netstat -ano |find /i "6075"
      TCP    0.0.0.0:6075           0.0.0.0:0              LISTENING       6160
      TCP    [::]:6075              [::]:0                 LISTENING       6160
      TCP    [fe80::fd4a:fd9e:e9a2:4b37%15]:6075  [fe80::fd4a:fd9e:e9a2:4b37%15]:59791  ESTABLISHED     6160
      TCP    [fe80::fd4a:fd9e:e9a2:4b37%15]:59791  [fe80::fd4a:fd9e:e9a2:4b37%15]:6075  ESTABLISHED     6160

    In the above output in task manager process ID 6160 is the DPMAMService.exe process.

    You can run Azman.msc on the DPM Server then open the Azman.xml in the installation folder where DPM is installed.  IE: C:\Program Files\Microsoft DPM\DPM\AzManStore\AzMan.xml

    Each protected client machine should have an entry under the DPMClientSvc.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.


    Tuesday, April 8, 2014 5:43 PM
    Moderator
  • This is the output from the Netstat command

    netstat -ano | find /i "6075"
      TCP    0.0.0.0:6075           0.0.0.0:0              LISTENING       4756
      TCP    [::]:6075              [::]:0                 LISTENING       4756

    So the service does not appear to be listening properly, although the DPM AccessManager Service is running in services.msc.

    I did also check in Windows Firewall (which was turned off anyway) and DPM had automatically created rules to allow port 6075 so that step was definitely not necessary.

    Tuesday, April 8, 2014 10:35 PM
  • Hi,

    If ProcessID 4756 is the DPMAccessManager service, then it is listening.  When a client tries to do a recovery, you should see an "established" connection.

    Example
    =====

    No clients connected to DPM Server for recovery operation.

    C:\Windows\system32>netstat -ano |find /i "6075"
      TCP    0.0.0.0:6075           0.0.0.0:0              LISTENING       6160
      TCP    [::]:6075                 [::]:0                   LISTENING       6160


    After a client connects for a recover operation.  Where XX=DPM IP address and YY=Client IP address.

    C:\Windows\system32>netstat -ano |find /i "6075"
      TCP    0.0.0.0:6075                0.0.0.0:0                     LISTENING       6160
      TCP    xxx.xx.xx.xx:6075      yy.yy.yy.yy:55053      ESTABLISHED     6160
      TCP    [::]:6075                     [::]:0                          LISTENING       6160


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.


    Tuesday, April 8, 2014 11:23 PM
    Moderator
  • Yes, when I try to open the end-user recovery tab I see another entry in the netstat output. So that would suggest that the DPM AccessManager service is not the problem here.
    Tuesday, April 8, 2014 11:26 PM
  • Hi,

    Correct port blockage can be ruled out and DPMaccessmanager seems to be responding.

    Can you run Azman.msc on the DPM Server then open the Azman.xml in the installation folder where DPM is installed.  IE: C:\Program Files\Microsoft DPM\DPM\AzManStore\AzMan.xml

    Each protected client machine should have an entry under the DPMClientSvc. Are they there ?


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Tuesday, April 8, 2014 11:37 PM
    Moderator
  • Azman.msc is not showing the correct permissions for the problem computers. After backing up the XML file I tried removing the duplicated entries for one of them, and then manually re-creating. Even after the computer did another recovery point it still did not appear to create the entries. The ones I attempted to manually re-create have not solved the problem. It is still not possible to access the end-user recovery tab on the client computer and errors are still being logged on the server about End-user recovery permissions update failed.

    Is there a specific process to re-creating the correct entries in that file?

    Thursday, April 10, 2014 1:07 AM