none
Untrusted domain computers fail with "not found in AD" error RRS feed

  • Question

  • I have a fresh DPM 2010 fully patched system online now that is successfully backing up client systems that are within the same domain as the DPM server.  However I am now running into issues adding machines from another untrusted domain.

    I used the manual installation process as defined in this document.

    http://technet.microsoft.com/en-us/library/ff634199.aspx

    I ran the following command from the user's machine as an admin.

    SetDPMServer.exe -DPMServerName DPM2010.domain.com -IsNonDomainServer -UserName DPMagent

    I then went to the DPM GUI and added the user's machine via the installation of untrusted systems option putting in the machines FQDN (CLIENT.otherdomain.com) username/password that was used and successfully added the machine.  I can go to the Management -> Agents section and refresh Agent Status and DPM shows OK after communicating with the system.

     

    The issue I'm having is trying to create a new Protection Group with this user or add this user to an existing Protection Group.  The system sees the system and sees the domain it belongs to however when I select it and click Add it brings back an error.

     

    Some of the selected computers could not be added.  To view the list of computers that could not be added, click the "Failed to add machines" link below the list of selectable computers. (ID: 7013)

    Which gives;

    Following machines are not found in AD:

    CLIENT.otherdomain.com

     

    I've done a bunch of searching but I am unable to find a solution to this issue...   

    FYI the need for unique usernames for every off domain machine is rather annoying too...


    Senior Systems Engineer - University of Central Florida
    Monday, May 23, 2011 7:17 PM

Answers

All replies

  • I setup a Workstation PC and I'm getting the same error message trying to add it to a Protection Group even though the Domain portion of it is clearly empty.  I don't understand why it thinks these machines have to be in the AD server in order to add them when they're clearly showing as Untrusted or Workgroup as their type.
    Senior Systems Engineer - University of Central Florida
    Monday, May 23, 2011 9:21 PM
  • If I go through making a Protection Group as Server instead of Client set it lets me browse them in the tool and select resources on the machines and build a functioning Protection Group for them.  This is getting a bit frustrating since I want to do them as Client groups since everything we're backing up is Client machines.
    Senior Systems Engineer - University of Central Florida
    Monday, May 23, 2011 9:27 PM
  • Client protection is not supported for computers in untrusted domain.

    http://technet.microsoft.com/en-us/library/ff634170.aspx

     


    This posting is provided "AS IS" with no warranties, and confers no rights
    Tuesday, May 24, 2011 9:03 AM
    Moderator
  • wow... just wow...

    Which item(s) on that list are the ones that should have keyed me into not being able to do this?  "Files – Basic - All server and client SKUs" being Supported makes me believe I should be able to and these and none of these devices are "Portable computers" either.

     

    This documentation needs to be a lot clearer.  I've made it this far with no inkling that I would be unable to do this.  It's just like the unique usernames for every off domain machine requirement.  The answer is buried deep in a KB article as someone's comment to the KB and not actually in the article itself.


    Senior Systems Engineer - University of Central Florida
    Tuesday, May 24, 2011 1:03 PM
  • Hi,

    While I agree with you that this requirement needs to be made more visable it is also documented on the Client Computer Operating System Requirements page located here:

    http://technet.microsoft.com/en-us/library/ff399758.aspx

     

    Protection across domains

    The client computers that you want to protect must have a two-way trust relationship with the domain in which the DPM server is located.

     

    Thanks,

    Marc

    Tuesday, May 24, 2011 1:54 PM
    Moderator
  • Ahhh yes, I had not seen that page.  Thanks for all the help!
    Senior Systems Engineer - University of Central Florida
    Tuesday, May 24, 2011 1:56 PM