none
DPM 2010 untrusted domain RRS feed

  • Question

  • hi all,

    i have a strange issue, i am working on a big environment, i have two different forest there are a firewall between the 2 forest, i want to use DPM server 2010 to backup the VM in the other forest, i open all the required firewall port between DPM server and the second forest, there no two way trust between the forest coz the customer he dont want to do any trust relation between the 2 forest.

    i follow the following link for firewall required:

    http://technet.microsoft.com/en-us/library/cc161275.aspx

    i add the dpm server name and ip on the host file of the 3 node in the second forest and same for the 3 node i added them in the host file of the DPM server.

    i am able to ping and resolve the FQDN of the dpm server and the 3 node from both side. i install the agent on the first node and i run the command setdpmserver.exe with the ISNONDOMAINSERVER option. i try to attach the host on the DPM server using the same client created by the powershell command setdpmserver but the result is failed i try everything and nothing is working.

    i get the log file and i found 2 specific strange error:

    WARNING Failed: Hr: = [0x80070002] : Error trying to open key [HKLM\Software\Microsoft\Microsoft Data Protection Manager\Agent\2.0\NtlmAuthData\"servername"   (this is from the dpm server)

    WARNING Failed: Hr: = [0x800706ba] : error in CoCreateInstanceEx for server [01-arvhost-01.jscsite]
    0F00 0D3C 05/06 10:15:09.479 22 agentserviceproxy.cpp(155) [000000001EF48170] WARNING Failed: Hr: = [0x800706ba] : F: lVal : InitInterfaceRemote()
    0F00 0D3C 05/06 10:15:09.480 07 AgentCommunication.cs(518) WARNING comException = System.Runtime.InteropServices.COMException (0x800706BA): The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
    0F00 0D3C 05/06 10:15:09.480 07 AgentCommunication.cs(518) WARNING   at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
    0F00 0D3C 05/06 10:15:09.480 07 AgentCommunication.cs(518) WARNING   at Microsoft.Internal.EnterpriseStorage.Dls.DPMRA.DPMRAServicesProxy.Initialize()
    0F00 0D3C 05/06 10:15:09.480 07 AgentCommunication.cs(518) WARNING   at Microsoft.Internal.EnterpriseStorage.Dls.AgentManager.AgentCommunication.GetNonDomainServerProperties(NetworkCredential userCredentials, String serverName, DpsTimeZone& timeZone, Version& osVersion, SystemOSType& osType, Boolean& isDpm, Boolean& isDc, FqMachineName& psMachine, Int64& serverAttributes)
    0F00 0D3C 05/06 10:15:09.480 07 AgentCommunication.cs(574) NORMAL CleanupOnAttachFailure: Delete user jscdpm
    0F00 0D3C 05/06 10:15:09.485 09 serviceutils.cpp(476) WARNING Caught Dls exception: Microsoft.Internal.EnterpriseStorage.Dls.Utils.DlsException: exception ---> System.Runtime.InteropServices.COMException (0x800706BA): The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
    0F00 0D3C 05/06 10:15:09.485 09 serviceutils.cpp(476) WARNING   at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)

    Sunday, May 6, 2012 5:56 PM

All replies

  • Hi Tarek,

    I noticed: "The RPC server is unavailable" is in your log a couple of times.

    Can you telnet to the DPM server from a client on port 135 to ensure it is open?

    Run "telnet <DPMSERVERNAME> 135" in a command window.

    Also here is a link on troubleshooting "The RPC server is unavailable".

    http://social.technet.microsoft.com/wiki/contents/articles/4494.troubleshooting-the-rpc-server-is-unavailable.aspx#RPC_Quick_Fixes


    My Blog | www.buchatech.com | www.dpm2010.com

    If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer". This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!


    Tuesday, May 22, 2012 4:48 AM
    Moderator
  • Were you able to resolve this problem? I am having the same issue when trying to connect a server in a non-trusted domain. I have successfully connected others from the same non-trusted domain but this one server keeps throwing the above error. No firewalls between the DPM and agent system. 
    Thursday, May 31, 2012 10:53 PM
  • hi Jamests,

    yes i solve the issue, it's a firewall issue, you need some one from the network team to open for you all the RPC dynamic range from 1024-65535 or you can open any to any and try, what i did is i monitor what the port blocked by the firewall between the 2 forest, you can do a test to know which ports is blocked, as the network team to monitor the packet and try to request to add the agent between the 2 forest, the blocked port will be appear, if this is not available ask them to open any to any for some time and monitor your firewall.

    Friday, June 1, 2012 4:29 PM
  • Thanks for the reply, Tarek, but the problem is not related to firewalls. Digging through the logs a little more I discovered an access denied error (below). This is very strange since as I stated above we've added a number of other systems from the same domain without issue. Matter of fact I've removed and re-added two of them just to see if maybe something had changed, they added just fine. I've done the RPC test with success, tried  FQDN and NetBIOS computer names, upper and lower case (shouldn't make a diff but one dude said it worked for him), different password combinations, check the registry on the failed system and the successful ones but they're the same... What's even stranger, checking the security log on the failed system, I see event 4476 (Credential Validation) followed by 4624 (successfully logged on) for the DPM account! 

    I realize now this problem is not the same as yours but thought I'd give you an update anyways.

    0DB8 014C 06/01 17:45:08.419 22 agentserviceproxy.cpp(280) [00000000232E1620]  WARNING Failed: Hr: = [0x80070005] : error in CoCreateInstanceEx for server [ServerName]
    0DB8 014C 06/01 17:45:08.419 22 agentserviceproxy.cpp(187) [00000000232E1620]  WARNING Failed: Hr: = [0x80070005] : Encountered Failure: : lVal : InitInterfaceRemote()
    0DB8 014C 06/01 17:45:08.419 22 dpmraservicesproxy.cpp(136)   WARNING Failed: Hr: = [0x80070005] : error in initializing: lVal : m_pAgentServiceProxy->Initialize()
    0DB8 014C 06/01 17:45:08.419 07 AgentCommunication.cs(583)   WARNING GetNonDomainServerProperties: Caught unauthorizedAccessException = System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

    • Edited by Jamests Friday, June 1, 2012 6:23 PM Added Full Error Message
    Friday, June 1, 2012 6:06 PM
  • yeah i did the same and i test rpc and it was ok and even i had the access denied also, but once i monitor the firewall i found 2 ports blocked by the firewall itself then when i open its ok but the status of the agent have give me error, and then i foudn there a security issue between the 2 forests.

    Friday, June 1, 2012 6:21 PM
  • Guess I should have added the system in question has been added to DPM in the past without issue. I'm starting to wonder if the problem related to May updates.
    Friday, June 1, 2012 6:36 PM
  • FOUND IT! Don't know how or why but NT Authority\Authenticated Users had been removed from the Users group on the server. Other admiss have access to the server so going to check and see if one of them removed for some reason.

    Thanks,

    James 

    Friday, June 1, 2012 9:22 PM