Asked by:
DPM 2010 error 3106 ID 42 Kerberos

Question
-
Hi,
I have a problem with DPM 2010, a week ago the NTFRS service has stopped working, I ntfrs repair service with a value D2 on the domain controller that it synchronized over as explained in the Microsoft KB. I then migrate to DFS-R replication of SYSVOL and now everything works fine except DPM.
Since this intervention, DPM 2010 and generates this error and no longer has to create recovery points:Nom du journal :DPM Alerts
Source : DPM-EM
Date : 09.02.2012 14:38:40
ID de l’événement :3106
Catégorie de la tâche :Aucun
Niveau : Erreur
Mots clés : Classique
Utilisateur : N/A
Ordinateur : DPMSERVERThe replica of C:\ on <server> is inconsistent with the protected data source. All protection activities for data source will fail until the replica is synchronized with consistency check. (ID: 3106)
DPM failed to communicate with the protection agent on <server> because access is denied. (ID: 42)
On the domain controller and on the source server of the backup job i have this error:
Nom du journal :System
Source :
Microsoft-Windows-Security-KerberosDate :
08.02.2012 22:22:00ID de l’événement :4
Catégorie de la tâche :Aucun
Niveau : Erreur
clés : ClassiqueUtilisateur :
Ordinateur : Domain Controller serverDescription :
TheKerberos clientreceived an errorKRB_AP_ERR_MODIFIEDServerAdministrator.
The target name usedwasThis indicates thatthe target serverfailedtodecrypt the ticketprovided
by the client.This mayoccur when theserver principal name
(SPN)is registered to atargetaccountdifferent from that usedby the service
target.Please ensurethat the SPNis registered,and only onthe
account usedby the server.This error canalsooccur when the
target serviceusesa passwordfor theservicetarget
differsfromthat possessed bythekeydistribution center
Kerberoson behalfof the target service.Please ensurethat the service
on the serverand centralKerberos Key Distributionare bothset
updated to usethecurrent password.Ifthe server nameis not
fully qualified,and thatthe fieldofciblediffère
client domain, check forserver accounts
ofthe same namein both areas,or use thefully qualified domain name
identify the server.I have reseted the DPM computer account and I handed the DPM server in active directory, same error, I then delete the computer account in Active Directory and I handed DPM server in active directory to generate a new SID, recreate the Service connection Point and then reassociate agents to the server. still the same error. I then try to create a new protection group, the creation and installation of the agent is going very well, but when the backup the same error back.
Thanks for help
Fred
All replies
-
Hello,
I am not a big fan of resetting the DPM server computer account or removing it via AD and re-adding it as various issues like this and more can arise. All servers that are being protected by DPM computer have an agent registry DCOM security setting that contains the SID. If the DPM server has a new SID then such complications can arise.
Question:
Can you push out an agent to a new server that has not already been protected by DPM?
Suggestion: On server only....
Locally uninstall the protection agent from the protected computer.
On the DPM server, in DPM Administrator Console, in the Management task area, on the Agents tab, select the protected computer. In the Actions pane, click Refresh information. The agent status changes to Error. In the Details section, click Remove the record of the server from this DPM computer. Re-install the DPM agent via push or manual install. Does this work?
Thanks,
Shane- Proposed as answer by ShaneB. _ Thursday, February 16, 2012 12:51 AM
-
Hello,
Do you still have this issue?Regards, Shane Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. This posting is provided "AS IS" with no warranties, and confers no rights.