none
Cant install DPM agent after DC demotion RRS feed

  • Question

  • I was backing up a DC thru DPM, it was demoted without my knowledge, then DPM lost connection with the server. I tried stopping the protection and uninstalling the agent on the DPM server, also unistalled agent on the server itself. Then tried reinstalling the agent to the server and got this error message:

    Any suggestions???? Thanks

    Wednesday, August 17, 2011 9:57 PM

All replies

  • Hi fusdjimreis,

    I can't help you with your issue, other than to say I've just come across the exact same thing myself today.

    We had a domain controller being protected by DPM 2010. This DC was running Windows Server 2003 R2. We've recently introduced two new 2008R2 DCs, and have successfully transferred the FSMO roles to them. Earlier today this older DC was demoted (but otherwise left online - just as a member server). Since then, DPM has been showing an error for this server - Cannot Connect To Remote Agent.

    I've tried using the SetDPMServer command on the ex-DC to point the DPM server, but it returns an error code of 80070534, which I believe means the client cannot map names to a SID. I've tried this command with the servername, servername.localdomain and DOMAIN\servername formats for the -setdpmservername parameter - all produce the same error.

    I can't uninstall the agent from the ex-DC via the DPM server console, it just times out and fails with a "DPM could not communicate with the Protection Agent service" error.

    My first thought was that the dpm service account needed to be added to the local groups on the ex-DC, but I've added that account into the Administrators, Users, Backup Operators and Distributed COM Users groups with no luck. Worth noting that the ex-DC can resolve these names/SIDs from the AD perfectly, when adding the service account into the local groups.

    Both servers have full connectivity between each other (no firewalls, same LAN) and both can happily ping each other and resolve names. Both servers have been rebooted.

    I hope someone can shed some light on this perplexing issue!

    Thanks!

    Matto :)


    Matto

    Cairns, QLD, AUS

    Thursday, August 18, 2011 5:11 AM
  • Dont know if anyone still has this issue but I had same error recently.

    After demoting the DC it will lose alot of settings that are the 'norm' for a standard active directory server that has DPM agent installed.

    To resolve try the following:

    1. Remove DPM agent on demoted DC via add/remove programs.

    2. Remove affected server from DPM server's Agents tab in Management (use powershell if neccessary)

    3. In active directory check the server is in the correct OU (will have moved from 'DCs' OU to 'Computers' OU)

    4. Log onto affected server and run gpupdate via cmd prompt.

    5. Log back onto the server and ensure that Authenticate Users is in the Builtin Users group (That group should have 'Authenticated Users', 'Domain Users', and 'INTERACTIVE' as members.). This will have been removed after running DCPROMO to demote the server.

    6. Go back to DPM server management tab and install agent again as normal.

    Success!

    Cheers,

    Paul

    Wednesday, January 22, 2014 9:47 AM
  • Paul,  

    My (now broken) DCPROMO'd DC is also a File Server.  If I "Remove affected server from DPM server's Agents tab in Management" I also have to remove the associated Protection Groups and therefore all of my back-up history.  Any tips for maintaining these properties while removing the Agent from the Management tab?

    Thanks,

    Rich


    Monday, March 3, 2014 3:25 PM
  • Dear Rich and Paul,

    On this weeked I walked in the same shoe...
    When I demoted our DC which a File server too the DPM 2016 cannot connect anymore...

    I followed Paul"s guide the only difference when I started stop protection of file server group I selected "Retrain protected data" so all of recovery points went to "Inactive Protection" state.

    After that I removed DPM agent manually from the File server and DPM server and ran gpupdate and add required groups for builtin users.

    Finally I installed DPM agent on the File server from DPM server. Now the installation worked well.
    Recreated the same FILE protection group and the DPM server recoginze this is the same previously inactivated group so it's offered a consistency check.

    Best Regards,

    Bela Vajda

    Saturday, August 26, 2017 4:34 PM