none
"Agent is unreachable" from time to time, after succesful backups, on firewalled environments RRS feed

  • Question

  • Hi,

    On a DPM 2012 firewalled environment, we have successfully set up the server and the protected server so we have been able to perform backup and synchronization, with the usual open ports, setdpmserver on the ps side, attach-productionserver.ps1 on the dpm server. we have some 10 servers already protected, working perfectly, but we're having trouble with a newly added server.

    backups and syncs run ok, agent status is "OK" when refreshing the status.

    however, after some time of inactivity (we backup some sql server databases on the PS once, daily, no sync interleaved), we get a warning alert with "agent is unreachable", and refreshing the status gets a "Error" status. subsequent recovery points fall in error.

    RPC is ok, required ports are open, WBEMTEST runs ok, SC \\psserver query runs ok on the dpm server, the tcp chimney offload is disabled on the dpm server,... the only way to recover is to re-run setdpmserver.exe on the Protected Server. Windows firewall is not activated on this server because we have external network equipment to do that. however I can see the rules addede by setdpmserver (once per time I run the command).

    So basically we do not know why both servers loose connectivity, and what does setdpmserver.exe do in addition to add firewall rules, to "refresh" the connection.

    As a hint, a network trace when refreshing agent status on the console when the PS is in Error, shows a DCOM:RemoteCreateInstance request from the DPM server to the PS, answered with a MSRPC:c/o Fault: Call=0x9 Context=0x1 Status=0x5 Cancels=0x0 which I guess is the explanation of the problem (and somehow shows that firewall config is not a problem)

    , and that is as far as I can go. Any hint about what does this kind of fault mean?

    Thanks in advance

    Thursday, January 24, 2013 1:21 PM

Answers

  • Just for information: The source of the problem was a GPO on the target server that removed the permission to log on remotely using the DPMSERVER$ credentials. Removing this contraint solved the problem.

    Regards

    Roberto

    • Marked as answer by Roberto MD Thursday, January 31, 2013 7:58 AM
    Thursday, January 31, 2013 7:58 AM

All replies

  • Just to add more information, this is the behavior we are getting:

    • Installed agent + setdpmserver.exe on client side + attachproductionserver.ps1 on server side. agent is seen OK.
    • Configured protection group for target server's SQL Server instance. ok
    • Run a first replica job. ok.
    • next day, got some alerts saying that agent is unreachable, and that replica is inconsistent. agent status is in Error.
    • The agent status is in error (and the replica is inconsistent) until manually running again SetDpmServer.exe on the client side. after that, refreshing the status of the agent on the DPM console yields OK.
    • However, windows firewall is deactivated as we use independent firewall equipment. It seems that setdpmserver does more than just adding exceptions to the firewall on the client.

    so, my only suspect is that setdpmserver does something on the protected server that is being undone (maybe by a GPO), but no idea on where to look. Any ideas?

    Friday, January 25, 2013 12:13 PM
  • Just for information: The source of the problem was a GPO on the target server that removed the permission to log on remotely using the DPMSERVER$ credentials. Removing this contraint solved the problem.

    Regards

    Roberto

    • Marked as answer by Roberto MD Thursday, January 31, 2013 7:58 AM
    Thursday, January 31, 2013 7:58 AM