none
Deploy DPM 2016 Agent RRS feed

  • Question

  • hello everyone

    We have an Active directory forest with two domains Domain A and B, Domain A is the root domain of the forest all DC are 2k12r2 forest and domain functional level is w2k12r2 as well not trust is created with domain A and B

    i have DPM 2016 installed on w2k12r2 on domain A

    i have installed DPM agent on all domain A servers without any issue after installing agents on domain B servers (Including DC) and attaching it to DPM console seems the agent and DPM server are not communicating ! i have tried several times same issueis there any guide line or procedure to to this ?

    PS: i have followed this guide with my deployment

    https://docs.microsoft.com/en-us/system-center/dpm/deploy-dpm-protection-agent#BKMK_Manual

    many thanks

    Shad

    Tuesday, October 3, 2017 9:36 AM

Answers

  • Hi

    Just to clarify. Did you configure the agent with the SetDpmServer command?

    SetDpmServer.exe -dpmServerName <serverName> -isNonDomainServer -userName <userName> [-productionServerDnsSuffix <DnsSuffix>]
    

    -IsNonDomainServer-Use to indicate that the server is in a workgroup or untrusted domain in relation to the computer you want to protect. Firewall exceptions are created for required ports.

    -UserName-Specify the name of the account you want to use for NTLM authentication. To use this option you should have the -isNonDomainServer flag specified. A local user account will be created and the DPM protection agent will be configured to use this account for authentication.

    Attach agent (Computer in a workgroup or untrusted domain)


    MCSE, MCSA, MS, MCP, MCTS, System Engineer

    • Marked as answer by Tahseen Taha Tuesday, October 10, 2017 4:27 PM
    Friday, October 6, 2017 8:02 AM

All replies

  • Hello

    If I understand correctly there is no trust between domain A and B? If that is true please check this article on how to configure protected computers in untrusted domains.


    MCSE, MCSA, MS, MCP, MCTS, System Engineer

    Wednesday, October 4, 2017 9:19 AM
  • Many thanks for your replay

    i have deployed the DPM agent on Domain B server and attached it to DPM server but right now they are not communicating ,in the event viewer on protected server in domain B this is the error:

    A DPM agent failed to communicate with the DPM service on ServerOnDoaminA.local because access is denied. Make sure thatServerOnDoaminA.local has DCOM launch and access permissions for the computer running the DPM agent (Error code: 0xf148f9b0, full name: ServerOnDoaminA.local).

    i have validated DCOM configuration and permission on both servers but still the agent and the DPM server can not communicate

    any idea ?

    Wednesday, October 4, 2017 9:56 AM
  • Hi

    Just to clarify. Did you configure the agent with the SetDpmServer command?

    SetDpmServer.exe -dpmServerName <serverName> -isNonDomainServer -userName <userName> [-productionServerDnsSuffix <DnsSuffix>]
    

    -IsNonDomainServer-Use to indicate that the server is in a workgroup or untrusted domain in relation to the computer you want to protect. Firewall exceptions are created for required ports.

    -UserName-Specify the name of the account you want to use for NTLM authentication. To use this option you should have the -isNonDomainServer flag specified. A local user account will be created and the DPM protection agent will be configured to use this account for authentication.

    Attach agent (Computer in a workgroup or untrusted domain)


    MCSE, MCSA, MS, MCP, MCTS, System Engineer

    • Marked as answer by Tahseen Taha Tuesday, October 10, 2017 4:27 PM
    Friday, October 6, 2017 8:02 AM
  • I have the exact same problem.

    Domain A (DMZ) trusts Domain A (Internal)

    Domain B (Internal) does not trust Domain A (DMZ)

    Now, servers in the DMZ domain are all properly protected and communicating with DPM on Internal Domain. Except for the DC in the DMZ which I can succesully connect but then, this error comes up on the Agent on that DC.

    Has anyone found a solution?

    Log Name:      Application
    Source:        DPMRA
    Date:          06/08/2020 08:46:58
    Event ID:      84
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          SYSTEM
    Computer:      dc.dmz.com
    Description:
    A DPM agent failed to communicate with the DPM service on dpm-server.internal.com because access is denied. Make sure that dpm-server.internal.com has DCOM launch and access permissions for the computer running the DPM agent (Error code: 0x2b10380, full name: dpm-server.internal.com).
    

    Thursday, August 6, 2020 7:03 AM