none
Data Protection Manager and Remote Servers RRS feed

  • Question

  • Hi Guys, 

    Very new to DPM and am trialing it at the moment. I've set up a DPM2010 Server and then installed the agent on a remote server (across the internet at a different site to where the DPM Server is installed). The two locations are NOT connected by VPN and there is no trust between the two machines. Both machines have valid DNS names on the internet and I have opened ports 135, 5718, 5719 on the firewalls. Yet I can never seem to get the DPM Server to talk to the machine that I am trying to backup. Always getting the error "Unable to contact the protection agent on server x.y.com (ID 32684)

    My question is, does DPM2010 support the configuration that I am trying to achieve i.e. protection over unsecured network, and if so what other ports need to be opened on each firewall on each side. I do not want to open up to many DCOM ports etc, leaving any one of the networks unprotected. 

    Thank you!

    Saturday, October 8, 2011 8:08 AM

Answers

  • Hi ALL,

     

    Correct me if im wrong.

    DPM does not support protection throught the internet. As well as DPM does not encrypt data trafic through the internet so even if you will make it work then your data trafic will not be secure and easy to listen.

    So use VPN tunnel and the data will be IPSec encrypted.

     

    // Laith.

     

    • Marked as answer by oizik Tuesday, October 18, 2011 1:47 AM
    Wednesday, October 12, 2011 5:49 AM

All replies

  • Hi,

    If all the proper ports are open, then you should be able to get communications to work.

    See the following technet article and a similar post:

    Configuring Firewalls
    http://technet.microsoft.com/en-us/library/ff399341.aspx

    http://social.technet.microsoft.com/Forums/en-US/dpmsetup/thread/99c4a4cf-42d7-46ea-8950-afe800654e64

    Also, be sure you install the agent for workgroup / untrusted domain:

    Installing Protection Agents on Computers in a Workgroup or Untrusted Domain
    http://technet.microsoft.com/en-us/library/ff399479.aspx


    Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.
    Saturday, October 8, 2011 2:56 PM
    Moderator
  • Hi, 

    I have been banging my head against the wall and still can not get it to work! 

    My protected server I've put into the DMZ to alleviate any firewall issues. On the other side where DPM2010 resides I've tripple checked the firewall configuration and it seems to be ok.

    Yet the same error message:

    1) Ensure that the above server name is accessible from the DPM server.

    2) Ensure that the protection agent has been installed on the remote server. Also ensure that you have run SetDpmServer.Exe with the -isNonDomainServer option on the protected computer.

    I am really starting to think that unless there is a secure VPN between the 2 sites that this is just not going to work for me?! 

    Is there any error logs or any further information about this error message as to why it is failing I am really struggling here?! 

    Thank you

    Gary

     

     

     

    Tuesday, October 11, 2011 10:56 AM
  • Hello,

    When dealing with traffic through firewalls you will have to make sure that specific UUID's are allowed for DPM traffic.
    ******
    MSDPM AC: {C4EBD674-1457-4B79-BE30-B04735AED9D1} {A3B9D3F4-2477-4F95-B2D1-F75B0FDF2A2F}
    DPM RA: {DA6AA17A-D61C-4E9C-8CEA-DB25DEA52A95} {2DF31D97-33CC-4966-8FF9-F47C90F7D0F3}
    MSDPM: {27F60283-447F-4D5F-AA84-F45D09BD06EF} {8D8C691A-AFE6-4EA3-A6B2-F3E5EF1BD0CA}
    DPM LA: {1B308A4A-FFEC-4C85-957C-53AA1DCC696F} {9E6C5356-B180-4295-888C-5A99E505420F}
    *******

    Here is a quick video on setting up TMG to allow DPM traffic.
    http://blogs.technet.com/b/dpm/archive/2010/12/06/new-video-tmg-setup-for-dpm-communication.aspx

    Thanks
    Shane

     

     

     

    Tuesday, October 11, 2011 12:45 PM
  • Hi ALL,

     

    Correct me if im wrong.

    DPM does not support protection throught the internet. As well as DPM does not encrypt data trafic through the internet so even if you will make it work then your data trafic will not be secure and easy to listen.

    So use VPN tunnel and the data will be IPSec encrypted.

     

    // Laith.

     

    • Marked as answer by oizik Tuesday, October 18, 2011 1:47 AM
    Wednesday, October 12, 2011 5:49 AM
  • Laith, I am thinking the same thing as well at the moment...
    Wednesday, October 12, 2011 8:10 AM
  • Oizik,

     

    I've actually tested to take backup through the internet but when the other network does not know your internal IP address and since you cannot use the public IP address then i was forced to use VPN.

     

    my advice is to use VPN tunnels. its the only way.

    // Laith

    • Proposed as answer by Laith_IT Saturday, October 15, 2011 8:10 AM
    Wednesday, October 12, 2011 11:26 AM
  • Hello,

    The bottom line is that most if not all routers on the internet will not open up the ports (UDP, RPC ephemeral portsetc.....) in use by DPM.
    This is for security reasons of course. Utilizing a DOD or VPN is the only way around this.



    Thanks
    Shane
    Friday, October 14, 2011 6:41 PM