none
Unable to protect Windows Server 2008 R2 RRS feed

  • Question

  • Hi,

    I have a mixed envronment of Windows Server 2008 R2 and Windows Server 2012. I have deployed DPM When it was at RU4. Agent deployed Well and i could configure protection group. since that time I'm know at RU6.

    Here comes the issue. I decided to split the protection group. I modified the existing unique Protection group to remove all data sources that will be in a new PG. after doing that I tried to create a new PG with removed DS. The issue is that when some Windows Server 2008 R2 data sources are selected the PG creation fail stating that the server cannot be found in Active Directory. However I have noticed that when confirming PG change some of the listed step are executed before failing

    I suspected the Firewall but disabling it does not solve the issue, Firewall logging does not show any dropped packet related to the issue.


    Cheers

    Wednesday, July 29, 2015 1:03 AM

All replies

  • Hi,

    Please refresh the effected protected server under the AGENTS and make sure it says OK - troubleshoot any issues found there.

    Next, when re-protecting it, before you expand the protected server, click on the REFRESH button so DPM will re-enumerate the machine and update cached data source list.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Wednesday, July 29, 2015 6:36 PM
    Moderator
  • Hi,

    I already checked that the Agent is ok and the refresh does not solve the issue.

    I've done some additionnal testing and found an interesting while strange behaviour.

    Firsrt of all the issue happens when the DPM server and the PS are on 2 different site. At least in one case a WAN Accelerator device is present.

    1st scenario

    The protected sever datasources were initally in a PG, being backed up correctly. then datasources of the PS were removed while retaining data to be added to a different PG.

    after various testing I discovered that adding Volumes and DB datasources to the PG succeed while adding System Protection (BMR) fails and make adding other datasources in the same action fail also. The strange part is that when failing, no DS is added to the PG, an error message is displayed for every failing DS mentionning the same server in all error messages as being not in AD (see 2nd scenario for similar error message issue)

    2nd Scenario

    DPM A is protecting several 2012 (PS-A, PS-B) and 2008 R2 servers (PS-C, PS-D) (1 volume/server System Protection (BMR) /server)

    DPM-B will be the secondary DPM for Datasources protected by DPM-A.

    I create a PG on DPM-B Server and try to add the 8 Ds present on DPM-A\protected servers. (PS-A to D)

    • The operation fail with error 31144 mentionned 9 times.
    • 31144 is displayed once for the PG and 1 time for every DS (9 times in total)
    • the 8 last errors message mention that adding the DS failed because PS-C (always the same server) is not in in AD. Please notice that 4 servers are each having 2 DS but the 8 error message mention only one server name !

    Unliess I remove the 4 System Protection the PG cannot be created.

    Obviously, something changed as I used to be able to add them (scenario1) but I do not know how to find it.


    Cheers

    Wednesday, July 29, 2015 8:33 PM
  • Hi,

    Adding systemstate / BMR requires DPM be able to get to AD and get the protected servers machine account so we can apply permissions to the replica.  So it sounds like we really cannot look up the machine account in AD.

    See if this command works when ran on the DPM Server from administrative command prompt.

    c:\>Wmic /node:"Problem-Server-NetBIOS-Name" OS list brief


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.




    Wednesday, July 29, 2015 8:46 PM
    Moderator
  • Hi,

    for both scenario it works


    Cheers

    Wednesday, July 29, 2015 9:31 PM
  • Any way to eliminate that WAN Accelerator to see if that helps ?

    Try these steps to be sure DNS is working properly.

    Run nslookup <FQDN> of the domain for list of DC's and IP addresses)

    IE: nslookup MyDomain.com


    1.) From Protected SERVER:

    nslookup
    set q=any
    <dc_name> then try <dpm_name>
    exit


    2.) Then from DPM:

    nslookup
    server <dns ip address>
    set q=any
    <dc_name> then try <dpm_name>
    exit

    Are the ip's correct?

    If not perform the following.

    On DPM Server try these to reset / troubleshoot DNS issues:
    ipconfig /flushdns
    ipconfig /registerdns
    net stop netlogon
    net start netlogon


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Wednesday, July 29, 2015 9:51 PM
    Moderator
  • Hi,

    Wan accelrators will be hard to eliminate, too much impact

    I tried all tests even the Ipconfig /flushdns, ...

    All are OK


    Cheers

    Wednesday, July 29, 2015 10:08 PM