DPM 2010 error 3106 ID 42 Kerberos RRS feed

  • Question

  • Hi,

    I have a problem with DPM 2010, a week ago the NTFRS service has stopped working, I ntfrs repair service with a value D2 on the domain controller that it synchronized over as explained in the Microsoft KB. I then migrate to DFS-R replication of SYSVOL and now everything works fine except DPM.
    Since this intervention, DPM 2010 and generates this error and no longer has to create recovery points:

    Nom du journal :DPM Alerts
    Source :       DPM-EM
    Date :         09.02.2012 14:38:40
    ID de l’événement :3106
    Catégorie de la tâche :Aucun
    Niveau :       Erreur
    Mots clés :    Classique
    Utilisateur :  N/A
    Ordinateur :   DPMSERVER

    The replica of C:\ on <server> is inconsistent with the protected data source. All protection activities for data source will fail until the replica is synchronized with consistency check. (ID: 3106)
    DPM failed to communicate with the protection agent on <server> because access is denied. (ID: 42)

    On the domain controller and on the source server of the backup job i have this error:

    Nom du journal :System

    Source :      

    Date :        
    08.02.2012 22:22:00

    ID de l’événement :4

    Catégorie de la tâche :Aucun

    Niveau :  Erreur
    clés :    Classique

    Utilisateur : 
    Ordinateur : Domain Controller server

    Description :

    TheKerberos clientreceived an errorKRB_AP_ERR_MODIFIEDServerAdministrator.
    The target name usedwasThis indicates thatthe target serverfailedtodecrypt the ticketprovided
    by the client.This mayoccur when theserver principal name
    (SPN)is registered to atargetaccountdifferent from that usedby the service
    target.Please ensurethat the SPNis registered,and only onthe
    account usedby the server.This error canalsooccur when the
    target serviceusesa passwordfor theservicetarget
    differsfromthat possessed bythekeydistribution center
    Kerberoson behalfof the target service.Please ensurethat the service
    on the serverand centralKerberos Key Distributionare bothset
    updated to usethecurrent password.Ifthe server nameis not
    fully qualified,and thatthe fieldofciblediffère
    client domain, check forserver accounts
    ofthe same namein both areas,or use thefully qualified domain name
    identify the server.

    I have reseted the DPM computer account and I handed the DPM server in active directory, same error, I then delete the computer account in Active Directory and I handed DPM server in active directory to generate a new SID, recreate the Service connection Point and then reassociate agents to the server. still the same error. I then try to create a new protection group, the creation and installation of the agent is going very well, but when the backup the same error back.

    Thanks for help


    • Edited by DS World Thursday, February 9, 2012 2:17 PM
    • Changed type DS World Friday, February 10, 2012 11:08 AM No message
    Thursday, February 9, 2012 2:16 PM

All replies

  • Hello,

    I am not a big fan of resetting the DPM server computer account or removing it via AD and re-adding it as various issues like this and more can arise.  All servers that are being protected by DPM computer have an agent registry DCOM security setting that contains the SID. If the DPM server has a new SID then such complications can arise. 

    Can you push out an agent to a new server that has not already been protected by DPM?

    Suggestion: On server only....
    Locally uninstall the protection agent from the protected computer.
    On the DPM server, in DPM Administrator Console, in the Management task area, on the Agents tab, select the protected computer. In the Actions pane, click Refresh information. The agent status changes to Error. In the Details section, click Remove the record of the server from this DPM computer. Re-install the DPM agent via push or manual install. Does this work?


    • Proposed as answer by ShaneB. _ Thursday, February 16, 2012 12:51 AM
    Monday, February 13, 2012 8:40 PM
  • Hello,

    Do you still have this issue?

    Regards, Shane Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. This posting is provided "AS IS" with no warranties, and confers no rights.

    Thursday, March 1, 2012 12:46 PM