none
Protection agent issue with Hyper-V cluster on secondary DPM server RRS feed

  • Question

  • We have the following setup:

    • A primary and a secondary branche location
    • On the primary location 1 primary DPM server and 1 Hyper-V failover cluster
    • On the secondary location 1 secondary DPM server and 1 Hyper-V failover cluster

    The primary DPM server backups all virtual machines on both Hyper-V clusters, all Hyper-V hosts have the DPM agent installed connected to the primary DPM server. Several protection groups are made to backup virtual machines.

    The secondary DPM server backups all protection group data from the primary DPM server.

    Now a few Hyper-V hosts are added to the Hyper-V cluster on the secondary branche location. From that moment on, the secondary DPM server is showing warning alerts:

    A protection agent is not installed on hyper-v_server.domain.local in hyper-v_cluser.doman.local server cluster. Protection may fail if a failover occurs to hyper-v_server.domain.local. (ID 369)

    We've installed the agent on the new Hyper-V host nodes from the primary DPM server, but this doesn't solve the problem. Since then we are also not able to expand the secondary Hyper-V cluster on the secondary DPM server (from the backed up data from the primary DPM server), after clicking the + to expand after a while it leaves us with an empty cluster. While data can be backed up from the secondary Hyper-V cluster on the primary DPM server just fine.

    I think these 2 issues are related. What I have done so far:

    • Reboot both DPM servers
    • Inactivate the warnings (they keep popping up again after a while)
    • On the new Hyper-V host nodes we've run the 'setdpmserver.exe' commando
    • Checked the firewall settings on the Hyper-V host nodes
    • Modified and updated all protection groups (next, next, update group)
    Thursday, February 4, 2016 3:32 PM

Answers

  • Looks like I've solved the problem. When you add nodes to a cluster where there's already an existing protection group to backup the resources, you can simply install the DPM agent from the primary DPM server. The new protected server is not aware of the primary DPM server being chained and also backed up by a secondary DPM server. You can solve this by recreating the protection groups on the the secondary DPM server, OR do the following:

    - Add the secondary DPM server to the following groups on the newly added cluster members:

    • DPMRADCOMTRUSTEDMACHINES$PSNAME
    • DPMRADMTRUSTEDMACHINES$PSNAME
    • DPMRATRUSTEDDPMRAS$PSNAME
    • Builtin\Distributed Com Users

    - Create the appropriate firewall rules.

    More info in https://technet.microsoft.com/en-us/library/hh758186.aspx

    Wednesday, March 2, 2016 10:10 AM

All replies

  • Hi,

    I think it related to firewall or kind of routing.

    2nd SCDPM Server should be able to contact the HyperV Hosts protected by SCDPM 1

    Please check this.


    Michael Seidl (MVP)

    SYSCTR Senior Consultant, Blogger, CEO

    Blog | Twitter | Facebook | LinkedIn | Xing | Youtube

    Note: Posts are provided "AS IS" without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, February 5, 2016 5:40 AM
  • Thanks for your reply Michael.

    The secondary DPM server is in the same subnet/VLAN as the secondary Hyper-V failover cluster nodes. To be sure I even disabled the Windows Firewall on the nodes, but no luck.

    Friday, February 5, 2016 2:43 PM
  • Hi

    have you tried to contact the Hyper V Host from SCDPM 2 ?


    Michael Seidl (MVP)

    SYSCTR Senior Consultant, Blogger, CEO

    Blog | Twitter | Facebook | LinkedIn | Xing | Youtube

    Note: Posts are provided "AS IS" without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Wednesday, February 10, 2016 6:00 AM
  • Yes, I am able to resolve, ping, open UNC path, RDP, etc.
    Thursday, February 11, 2016 8:19 AM
  • Looks like I've solved the problem. When you add nodes to a cluster where there's already an existing protection group to backup the resources, you can simply install the DPM agent from the primary DPM server. The new protected server is not aware of the primary DPM server being chained and also backed up by a secondary DPM server. You can solve this by recreating the protection groups on the the secondary DPM server, OR do the following:

    - Add the secondary DPM server to the following groups on the newly added cluster members:

    • DPMRADCOMTRUSTEDMACHINES$PSNAME
    • DPMRADMTRUSTEDMACHINES$PSNAME
    • DPMRATRUSTEDDPMRAS$PSNAME
    • Builtin\Distributed Com Users

    - Create the appropriate firewall rules.

    More info in https://technet.microsoft.com/en-us/library/hh758186.aspx

    Wednesday, March 2, 2016 10:10 AM