none
Procedure for CBA with secondary protection RRS feed

  • Question

  • I need some answers here.

    I protect a bunch of workgroup-servers with dpm using CBA.

    I protect them primary and secondary, and it works.

    But the secondary dpmserver keeps telling me the Agent on PS1 isnt accessible, still I can do recoverypoints?

    I haven't done any CBA-configuration between my PS and Secondary DPM, is that the problem?

    what are the steps in that case?

    1 (On Protected Server): Run SetDpmServer.exe -Add -dpmCredential <CertificateConfigration_secondarydpmsrever.bin>

    and

    2 (On secondary dpmserver): Since the above command didnt resulted in any new .bin-file, just copy the CertificateConfiguration_<protectedserver>.bin from the primary dpmserver to the secondary dpmserver and run:

    Attach-ProductionServerWithCertificate.ps1 <dpmserver> -PSCredential <CertificateConfiguratoion_<protectedmember>.bin?

    Is this right?


    Ivarson

    Monday, September 1, 2014 11:24 AM

Answers

  • No answer...

    Well I did just that on all my CBA-machines and the warnings regarding agent connectivity has dissapeared.

    I suspect that some disaster functionality like switch protection and disaster restores of SQL databases might not had been working previously.

    I was also hoping that enumerating workloads secondarly would be quicked after doing this, but there still errors while doing that (no permissions to the bmr-share yadayadayada on primary server).


    Ivarson

    • Marked as answer by Ivarson Wednesday, September 10, 2014 10:11 PM
    Wednesday, September 10, 2014 1:59 PM

All replies

  • No answer...

    Well I did just that on all my CBA-machines and the warnings regarding agent connectivity has dissapeared.

    I suspect that some disaster functionality like switch protection and disaster restores of SQL databases might not had been working previously.

    I was also hoping that enumerating workloads secondarly would be quicked after doing this, but there still errors while doing that (no permissions to the bmr-share yadayadayada on primary server).


    Ivarson

    • Marked as answer by Ivarson Wednesday, September 10, 2014 10:11 PM
    Wednesday, September 10, 2014 1:59 PM
  • Ivarson,

    Sorry, I had looked at this and began building a repro environment for you.  It sounds like you were able to answer your question though already.  Thanks for your patience and especially for posting your results.  Let us know if you need anything else.

    Chris


    Thanks, Chris - [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights

    Wednesday, September 10, 2014 9:11 PM
  • I wouldn't say that I've answered my own question, Im still not sure this was the proper way of handling it.

    Doing Setdpmserver.exe -Add -dpmcredential <bin-file-from-secondarydpmserver> on all CBA-protected members sortof "feelt" reasonable to do, since it, by the looks of it, appends the secondary dpm-cert as an accepted peer.

    But doing "attach-productionserverswithcertificates -pscredential <bin-file copied from primary dpm" on the other end (on the secondary dpmserver which I had to do in my tests) feels confusing; I want the secondary dpm to have the neccesarry credentials to establish connections directly to the protected member with CBA, but the script for adding cba-machines might do a bit more than that. 

    for instance; while modifying a PG on a secondary dpm, I can now see the primarly protected members as ROOT-objects in the "select members"-wizard, before they were only accessible after expanding their resp. primary/owning DPM.

    But no, you don't have to setup a lab for this, it works. Its just... weird.

    thanks!

    edit: 

    Actually, why not considering this as an answer. Since googling this question throws me right at my own thread here, and official docs seems to handle it, Ill mark it as an answer for others (if any).

    And I encourage you to unmark this as an answer if its wrong or unneccesarry.


    Ivarson


    • Edited by Ivarson Wednesday, September 10, 2014 10:11 PM
    • Proposed as answer by Chris - [MSFT] Saturday, September 20, 2014 12:06 PM
    Wednesday, September 10, 2014 10:06 PM