none
Agent not reachable no matter how I install the agent RRS feed

  • Question

  • I am running DPM 2010, in a two domain forest. The DPM 2010 server is in domain "A" and the SQL server to be protected in in domain "B", but there is a two way trust between the two domains. All servers in domain "B" are able to connect and be backed up. The SQL server connected fine and backed up for a while, then quit working.

    The only change to it was that the last day of backups, the antivirus was changed from Symantec Endpoint protection to Sophos Endpoint. Other servers in domain B have Sophos and are continuing to backup normally. In testing, I have removed Sophos, but the problems continue. Here is all that I have done to try and fix the problems:

    • I removed and manually installed the DPM agent on the SQL server. I also ran setdpmserver.exe and specifed the DMP 2010 server to connect to.
    • When I attempt to install the agent from the server, I get error 405 that says "DPM could not identify if computer SQL.domainB is clustered (ID: 405)", then it continues to try to install and fails with error 346 (which I have looked up and got nowhere, BTW) "DPM is unable to retrieve the configuration information from SQL.domainB."
    • I disabled the Windows firewall on the SQL server with no improvement in the situation, even though WMI and DCOM were both listed as exceptions on the firewall. I also removed the antivirus agent, but the problems continue.

    I saw one post that said that they removed protection and deleted the cache on the DPM server, but didn't say how they determined where the cache on the DPM server was. Then they reinstalled the client and enabled protection to fix their issues. I would be willing to try that, if I knew how to figure out where the cache files were.

    I "inherited" the DPM duties when the DPM administrator left to take another position and my knowledge has holes, so be kind, please! :-)

    Does anyone have some suggestions that I haven't tried?

       


    SnoBoy

    Wednesday, January 22, 2014 5:30 PM

All replies

  • Hi,

    On the SQL Server make sure there is a "Distributed COM Users" local group and add the DPM machine account as a member.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Wednesday, January 22, 2014 9:33 PM
    Moderator
  • The DPM server is already a member of the "Distributed COM Users" local group. Any other ideas?

    SnoBoy

    Wednesday, January 22, 2014 9:49 PM
  • Hi,

    This is the comprehensive DPM agent troubleshooter - see if that helps.

    http://blogs.technet.com/b/dpm/archive/2012/02/06/data-protection-manager-agent-network-troubleshooting.aspx

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Wednesday, January 22, 2014 9:54 PM
    Moderator
  • I get a different result from SC for the server that I can't reach from one that I can backuup, both in domain B and both in the same subnet (both are VMs on the same host, as a matter of fact).

    sc \\sql.domainB query

    returns: Access is denied, whereas

    a working server in the same subnet in domain B gives a huge long list of information.

    So does that mean it is an RPC error or a permissions issue? The RPC service on both servers being backed up are running under the Network Service account.


    SnoBoy


    • Edited by SnoBoy Wednesday, January 22, 2014 11:05 PM
    Wednesday, January 22, 2014 11:03 PM
  • Hi,

    The SC Query command returning Access Denied definitely needs to be corrected.

    See if this TechNet article helps resolve it.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Thursday, January 23, 2014 4:00 PM
    Moderator
  • None of the registry keys mentioned in the article that could disable RPC communications were set on the client server that is having the connectivity issues. This is proving to be quite hard to figure out exactly what is stomping on RPC communications. I am currently looking at this article:

    http://technet.microsoft.com/en-us/magazine/2007.07.howitworks.aspx

    but as far as I can tell, I will need to add some other feature, because none of the tools mentioned are already installed on the server (Repadmin, for example). It is not obvious what feature it is the includes it - I have it on my Windows 7 workstation, but not on the server and it isn't part of the Remote Server Administration Tools feature. Just another mystery to figure out.


    SnoBoy

    Thursday, January 23, 2014 4:43 PM
  • One question: do I need to do something on the client server to make sure that it uses IPv4 instead of  IPv6 for DPM? I noticed that if I do a ping without specifying -4 to one of the working servers in the second domain, it pings IPv4, but when I ping the server that is not communicating, it defaults to pinging with IPv6.

    SnoBoy

    Thursday, January 23, 2014 5:41 PM
  • Hi,

    Nothing special needs to be done in a mixed IPV4 and IPV6 environment.  I have seen the same behavior from time to time, but it never seemed to cause any problems for DPM.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Thursday, January 23, 2014 10:10 PM
    Moderator
  • I do need to understand something. I opened dcomcnfg.exe, at looked at the security of the DPM RA Service under the Launch and Activation permission. The icon for the DPM server that can't connect to this SQL server looks like a user, not a computer. I have a second DPM server that replicates all the content of the primary DPM server to an offsite location. Its icon looks like a computer when added to the DPM RA Service Launch and Activation permission. I don't know why the icons look different, and wondered if that is symptomatic of the reason for the RPC security errors?

    SnoBoy

    Friday, January 24, 2014 4:25 PM