none
Attach-ProductionServerWithCertificate.ps1 Fails when trying to attach CertificateBased ServerAuthentication DPM 2012 RRS feed

  • Question

  • Hi,

    Attach-ProductionServerWithCertificate.ps1 Fails when I try to attach a server from an untrusted domain on my DPM 2012 Server.

    I followed the following great article http://blogs.technet.com/b/dpm/archive/2012/04/23/how-to-use-certificates-to-authenticate-computers-in-workgroups-or-untrusted-domains-with-data-protection-manager.aspx

    Everything was succesfull except the last part. I get the following error message.

    There is failure while attaching production server with certificates
    C:\Program Files\Microsoft DPM\DPM\bin\Attach-ProductionServerWithCertificate.p
    s1 : DPM CPWrapper Service on the "MyComputer" computer has encoun
    tered a failure and may be in an unusable state. Exception Message = The socket
     connection was aborted. This could be caused by an error processing your messa
    ge or a receive timeout being exceeded by the remote host, or an underlying net
    work resource issue. Local socket timeout was '00:00:58.4360000'..
    At line:1 char:43
    + Attach-ProductionServerWithCertificate.ps1 <<<<  -DPMServerName DPM -PSCr
    edential C:\Temp\CertificateConfiguration_"MyComputer".bin
        + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorExcep
       tion
        + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorExceptio
       n,Attach-ProductionServerWithCertificate.ps1

    - Check that the relevant firewall exceptions are configured correctly.
    - Check if the certificate used by the DPM CPWrapper service on the "MyComputer" computer is trusted by the peer server.
    - Try to restart the DPM CPWrapper service on the "MyComputer" computer.

    I tried with firewall, without firewall. No Change.

    I tried to restart the DPM CPWrapper service. No Change.

    I uninstalled KB2718704 on both servers. No Change.

    Does anybody have a new idea?

    I hope so.

    GreetZ,

    DJITS

    Update:

    I finally figured out what the problem was. After Enabling the CAPI2 eventlog I saw an error "The certificate's CN name does not match the passed value". Another post here on the forum (http://social.technet.microsoft.com/Forums/is/winservergen/thread/c4efe45f-d7be-4f34-98de-9f5c51ca24e6) gave the suggestion to check my CRL's. One of the cached CRL's was on a End of Life server. After staring up the Server I was able to Attach my Server in DPM.

    Thanks All for your help.


    • Edited by DJITS Monday, August 6, 2012 8:55 AM Problem Solved
    Tuesday, June 19, 2012 12:42 PM

Answers

All replies