DPM 2010 Offsite Backup RRS feed

  • Question

  • I have setup 2 DPM 2010 servers in a primary/secondary setup. The primary server is functioning on-site and working correctly and "relatively" faultlessly. The secondary server when I initially set it up worked and backed up the primary server database and everything that the primary was backing up successfully. Since then however the secondary server has gone off-site to another part of our academy, another school. This other school has their own domain, IP address range and subnet mask. We have requested from the LEA a tunnel to provide access between the two servers and they have duly set this up IP to IP.

    On checking the off-site server I found that it cannot connect with the primary server anymore referring to a trust relationship and not being able to establish one. Also for some odd reason the primary server appears to have no agent installed and I cannot install one from the offsite server, either manually (which gives me a message about the on-site server being  the DPM server so cannot install the agent) or via the console from the off-site server (which says it cannot reach our domain controller).

    Agents aside there is the trust relationship issue which I don't understand as both off-site and on-site servers are part of our domain, even though the off-site exists on the other school's network. I can use remote desktop from on-site to off-site but only via IP address, the name triggers an error message regarding time synchronisation (the clocks appear to be in sync certainly no more than a fraction of a second different). Ports appear to be open correctly, used telnet for the various DPM ports and they get a response. Yet DPM fails.

    What do I need to do or tell our LEA to do to get this setup to work correctly?

    John Gifford

    Wednesday, May 30, 2012 8:50 AM

All replies

  • Hi John,

    From your post it sounds like routing on the IP's and ports being open are both setup so you should be good there. I did not see anything in your post about resolving either netbios or FQDN's of the two DPM servers. Ensure they can resolve to each other from both sites.

    You can add an entry to each host file using the IP's they setup for you.

    My Blog | |

    If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer". This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

    Wednesday, May 30, 2012 4:41 PM
  • I've done the hosts file on the off-site server, the on-site has access to the DNS server which I've just amended the DNS record to reflect the changed IP of the off-site server. The off-site server has also got our primary DNS as it's secondary entry, the primary is with the other school.

    I have tried telnet from the off-site to the on-site and on-site to off-site through the list of DPM ports and found the following:

    • TCP 135 (DCOM)- responds
    • TCP 5718 (Agent Coordinator)- Connect failed
    • TCP 5719 (Protection Agent)- Connect failed
    • TCP 88 (Kerberos)- Connect failed
    • TCP 389 (LDAP) - Connect failed
    • TCP 139 & 445 (NetBios) - responds

    I tried portqry for the UDP ports:

    137 shows as LISTENING, 138 LISTENING OR FILTERED, while 53, 88 and 389 show as NOT LISTENING

    I also tried telnet through a selection of the dynamic DCOM ports (1024 - 65535) and got Connect failed every time.

    • Neither server currently has a firewall on it's active connection.
    • I can map folders/files on one server to the other easily enough.

    Yesterday, I tried the manual install of the agent from off-site to on-site using the DPMAgentInstaller_x64 with the server name of the off-site as a parameter it again rejected the install with a message about "this is the DPM server (the on-site one) you can't install the agent."

    So all those ports failing are they to do with the tunnel?

    John Gifford

    Thursday, May 31, 2012 11:57 AM
  • Update : Our LEA has now changed the tunnel setup so that the off-site server can contact the DC, effectively we have an extended domain network. However installation of the agent from the secondary (offsite) onto the primary (onsite) still fails, this time citing error 346 and a problem with WMI communication. When I tried the WBEMTest program to check it it tells me that it can't contact the RPC server.

    Service wise I know that all the required services are operating including RPC and WMI are running/active on the onsite server.

    I've tried RPCping and get a 1726 exception error code in both direct directions but beyond using rpcping to communicate with an exchange server I can find no explanation of what the 1726 error is or how to solve it.

    John Gifford

    Wednesday, June 6, 2012 12:50 PM