none
Server 2003 machine not able to run setdpmserver using IPv6 RRS feed

  • Question

  • I have a Server 2003 machine I'm attempting to protect using DPM 2012.  I have the DPM 2012 agent installed.  I have also set up and configured IPv6 since the DPM server is only available via IPv6.  The DPM server has both IPv4 and IPv6 installed so it has both an IPv4 and IPv6 address in DNS.The problem is that the setdpmserver.exe command fails every time.  I'm pretty sure this is because it is attempting to connect to the DPM server via IPv4.

    Is there a way to force the setdpmserver command to use IPv6.  The same configuration is working fine for 2008 R2 machines but not 2003 servers.

    Thanks in advance for any tips.


    Rob

    Friday, March 9, 2012 12:12 AM

Answers

  • I did not find a way to have setdpmserver use IPv6.  Instead I had to make sure connectivity would work via IPv4.  I haven't found a way to make setdpmserver work in a mixed ipv4/ipv6 environment for Windows 2003.

    Rob

    • Marked as answer by ip-rob Sunday, March 18, 2012 1:38 PM
    Sunday, March 18, 2012 1:38 PM

All replies

  • HI,

    DPM will work in a pure IPv6 environment; however, if DPM has both ipv4 and ipv6 we expect the Protected Server (ps) to have IPV4 enabled, as our preferred channel is ipv4.  If some of the agents have only ipv6 enabled then we must have only ipv6 on DPM, and on all PS's. 


    There is a workaround, but it was not thoroughly tested.  If you set the following registry key, we should work in a mixed environment.

      Please note that this was not thoroughly tested in house and is not formally supported, but see if it helps.


    On BOTH the DPM Server and the Protected Server, set the following registry key.


    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\2.0]
    "PingBeforeConnect"=dword:00000001


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, March 9, 2012 1:08 AM
    Moderator
  • Thanks for the suggestion.  I was aware of the pingbeforeconnect key and am using that on the 2008 R2 machines.  It works great and allows the machines to work in the mixed environment.  It doesn't appear to be having the same effect on the 2003 machine.  I think this problem is more related to DNS.  I suspect the setdpmserver is using the IPv4 DNS results rather than the AAAA record.

    Does PingBeforeConnect key even affect the setdpmserver command?  The DPM server is not reachable via IPv4.


    Rob

    Friday, March 9, 2012 1:34 AM
  • Hi,

    I don't know the inner workings of the key since it isn't really a supported solution, but I'm guessing the agent just issues a ping on both IPv4 and IPv6 and tries to communicate with whatever returned a good response, probably favoring IPv4.   You may want to take a network trace to see what's happening.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.


    Friday, March 9, 2012 1:43 AM
    Moderator
  • The really odd thing is that wbemtest works fine connecting to the DPM server.  The only thing is that the setdpmserver is failing.  Maybe I'm guessing wrong about what the issue really is.  here is the output:

    Configuring dpm server settings and firewall settings for dpm server =[dpmsvr.dpm.local]
    DPM server name provided is invalid. Make sure that machine provided is fully qualified name and joined in domain.
    SetDpmServer failed with errorcode =0x800706ba, error says: The RPC server is unavailable.

    To further troubleshoot failures with SetDpmServer, go to  http://go.microsoft.com/fwlink/?LinkId=169142

    To be clear, this isn't the first server I've set up this way.  I have about 30 servers already configured and the DPM server does have a trust relationship with this domain.  All servers are working except for the Windows Server 2003 ones.  I suspect it is something simple I'm missing with the IPv6 configuration.

    Also, the wbemtest I did was using the FQDN I used in the setdpmserver command...exact match.  I've also added a hosts file entry to try to assist resolving the problem.  No luck with that either.


    Rob

    Friday, March 9, 2012 4:01 AM
  • I have seen similar errors caused by this problem, see if you have any events messages like the following:

    Log Name:      System
    Source:        LsaSrv
    Date:          25/10/2010 14:34:18
    Event ID:      40960
    Task Category: None
    Level:         Warning
    Keywords:     
    User:          SYSTEM
    Computer:      <server FQDN>
    Description:
    The Security System detected an authentication error for the server cifs/<server>.
    The failure code from authentication protocol Kerberos was "{Buffer Too Small}
    The buffer is too small to contain the entry. No information has been written to the buffer.

    Add the following registry key to resolve that issue.

    Key: <samp>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters</samp>
    Entry: MaxTokenSize
    Data type: REG_DWORD
    Value: 65535

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, March 9, 2012 3:16 PM
    Moderator
  • The issue appears to be specifically with the setdpmserver program.  wbemtest works and a Network Monitor trace shows that setdpmserver is ONLY trying to connect over IPv4.  The binding order has IPv6 ahead of IPv4 but setdpmserver appears to ignore this.

    Is there a way to manually complete what setdpmserver does?  I've noticed that when I try to attach the server without running setdpmserver, which I know will fail, the traffic is all IPv6 according to network monitor.  So it appears that once I get past the setdpmserver setup that things would work.

    Any suggestions by the DPM server team?


    Rob

    Wednesday, March 14, 2012 2:46 PM
  • I did not find a way to have setdpmserver use IPv6.  Instead I had to make sure connectivity would work via IPv4.  I haven't found a way to make setdpmserver work in a mixed ipv4/ipv6 environment for Windows 2003.

    Rob

    • Marked as answer by ip-rob Sunday, March 18, 2012 1:38 PM
    Sunday, March 18, 2012 1:38 PM