none
DPM 2012 SP1 Agent not reachable error RRS feed

  • Question

  • I've recently upgraded my DPM environment from 2012 RTM (then UR3) to 2012 SP1. I have two primary servers and one secondary server in my DR site. The issue is with my secondary server. I am getting an Agent not reachable error on my secondary server for SOME of the protected servers. On the secondary server, in Management, the Agent Status for the two primary servers is OK, however when looking at the Protection Status within the protection groups themselves there are many agent not reachable messages from the actual source servers backed up by the primary server. This is only happening on one of the primary servers, and all the affected servers exhibiting this behavior are SQL servers. The strange thing is that although this agent not reachable status is being displayed, the recovery points are actually being created as they should. So, it's an annoyance more than anything. I should point out that the protection status of the source presenting the problem on the secondary server is OK on the primary server.
    Thursday, October 3, 2013 5:14 PM

Answers

  • Hi Mark,

    I know it has been a month, but wondering how things are going for you?

    I'm going to assume that you checked these things anyway. DNS, DCOM, remote connectivity testing - ping, sc \\servername query, wbemtest, wmic - etc.

    However, something that is rarely mentioned is if the secondary server has permissions to the component service to activate and launch the DPM RA service itself.

    For the protected server you have issues with -- check out the component services remote activate permissions. If your secondary dpm server doesn't have permissions, that would explain why the agent is not responding, but protection jobs still work. 

    Component services --> Computers --> My Computer --> DCOM Config --> DPM RA Service --> right click --> Properties --> Security Tab --> 'Launch and Activation Permissions' should be set to the customize radial -- if you click edit you will see a few things.

    You stated you are running 2012 SP1, but depending on if you upgraded from 2010, did a clean install, etc - you will either need to add the computer account for your secondary DPM server with full permissions, or see if there is a local group DPMRADCOMTrustedMachines. In which case, just add the secondary dpm servers computer account to that local security group.


    Friday, November 22, 2013 3:37 PM

All replies

  • Hi Mark,

    Were you ever able to solve this? Our client recently upgraded their System Center 2012 to SP1 which (I am just now finding out) also included an upgrade to RU3. There SQL backups were fine and then this weekend they didn't run because of the "Agent not reachable error". I have reinstalled the agent manually and it completes without any problems - so does the command to specificy the DPM server. But when I go back to the DPM console it is still showing the agent as unreachable. Unfortunately no jobs for the SQL server have run since saturday. Any insight would be nice.

    Tuesday, October 8, 2013 11:27 PM
  • Unfortunately, no. Still troubleshooting.
    Monday, October 28, 2013 5:44 PM
  • Hi Mark,

    I know it has been a month, but wondering how things are going for you?

    I'm going to assume that you checked these things anyway. DNS, DCOM, remote connectivity testing - ping, sc \\servername query, wbemtest, wmic - etc.

    However, something that is rarely mentioned is if the secondary server has permissions to the component service to activate and launch the DPM RA service itself.

    For the protected server you have issues with -- check out the component services remote activate permissions. If your secondary dpm server doesn't have permissions, that would explain why the agent is not responding, but protection jobs still work. 

    Component services --> Computers --> My Computer --> DCOM Config --> DPM RA Service --> right click --> Properties --> Security Tab --> 'Launch and Activation Permissions' should be set to the customize radial -- if you click edit you will see a few things.

    You stated you are running 2012 SP1, but depending on if you upgraded from 2010, did a clean install, etc - you will either need to add the computer account for your secondary DPM server with full permissions, or see if there is a local group DPMRADCOMTrustedMachines. In which case, just add the secondary dpm servers computer account to that local security group.


    Friday, November 22, 2013 3:37 PM
  • Kyle: Thanks! The answer was adding the secondary server to the DPMRADCOMTrustedmachines group on the affected servers. For some reason the secondary server was already added on SOME of targets, but not others.

    Mark

    Wednesday, December 11, 2013 5:21 PM