none
Failed to install SCDPM 2012 SP1 Beta Agent in WS2008R2 Domain Controller RRS feed

  • Question

  • Hi everyone, I hit an issue of agent installation in WS2008R2 based domain controller, the base OS of SCDPM 2012 is WS2012 RTM, where by the DC is 2008 R2 based.

    The agent installation was a success before promote to domain controller, after the dcpromo, the connectivity of DPM MS with DPM agent of the DC failed with error. After agent removed from DC, the manual installation of the agent to the DC failed with this error.

    DPMAgentInstaller failed with errorcode =0x80070534, error says: No mapping between account name and security IDs was done.

    Appreciate for any assistance. 


    • Edited by RalphKoh Thursday, September 20, 2012 9:48 AM
    Thursday, September 20, 2012 9:48 AM

Answers

  • I got the same issue when pushing an agent from my DPM2012 SP1 beta machine to a domain controller.

    It looks like an issue with the installer in combination with domain groups used.
    When I checked the MSDPMAgentBootReap0curr.log I found that the installer is trying to use the wrong domain group to set DCOM permissions.
    DPMRADCOMTrustedMachines instant of DPMRADCOMTrustedMachines$MachineName

    I found a (dirty) workaround for this issue. 

    • Before installing the DPMagent create the domain group DPMRADCOMTrustedMachines
    • After the DPM agent installation add the computer account of the DPM server to the group DPMRADCOMTrustedMachines

    ----------------
    Let's hope this is fixed in the final release of SP1



    • Proposed as answer by RamonB Saturday, October 6, 2012 3:20 PM
    • Edited by Matthijs_vreeken Saturday, October 6, 2012 3:35 PM typos
    • Marked as answer by RalphKoh Saturday, October 13, 2012 2:12 PM
    Friday, October 5, 2012 5:36 PM

All replies

  • Anyone found a solution to this?

    I am having the same issue here....

    Tuesday, September 25, 2012 5:04 PM
  • Anyone have idea about this issue? 

    It seems already been 1 week here.


    • Edited by RalphKoh Wednesday, September 26, 2012 2:59 AM
    Wednesday, September 26, 2012 2:59 AM
  • I got the same issue when pushing an agent from my DPM2012 SP1 beta machine to a domain controller.

    It looks like an issue with the installer in combination with domain groups used.
    When I checked the MSDPMAgentBootReap0curr.log I found that the installer is trying to use the wrong domain group to set DCOM permissions.
    DPMRADCOMTrustedMachines instant of DPMRADCOMTrustedMachines$MachineName

    I found a (dirty) workaround for this issue. 

    • Before installing the DPMagent create the domain group DPMRADCOMTrustedMachines
    • After the DPM agent installation add the computer account of the DPM server to the group DPMRADCOMTrustedMachines

    ----------------
    Let's hope this is fixed in the final release of SP1



    • Proposed as answer by RamonB Saturday, October 6, 2012 3:20 PM
    • Edited by Matthijs_vreeken Saturday, October 6, 2012 3:35 PM typos
    • Marked as answer by RalphKoh Saturday, October 13, 2012 2:12 PM
    Friday, October 5, 2012 5:36 PM
  • Very nice Matthijs, this solved it for me!

    Ramon

    Saturday, October 6, 2012 3:21 PM
  • Hi Matthijs,

    Thanks for your helps, I manage to install the DPM agent to the DC from the console, however, the the DPM agent status of the DC was shown as ERROR in DPM console, please refer to screenshot below.

    The required steps has been done, the setdpmserver commmand was successfully done, also the firewall has been disabled. However the DPM agent status still shown as ERROR, seems like the DPM server was failed to contact the DC DPM agent. 

    Do you encountered this issue after the installation?

    Many thanks.

    Regards,

    Ralph


    • Edited by RalphKoh Monday, October 8, 2012 8:20 AM
    Monday, October 8, 2012 8:18 AM
  • Hi Ralphkoh,

    Did you also add the Computer Account of the DPM server to the group DPMRADCOMTrustedMachines?

    After this you also need to refresh the DPM agent from the Management Tab?

    Regards,

    Matthijs

    Monday, October 8, 2012 8:21 AM
  • Hi Matthijs,

    Yes I've done that. The problem still there.

    I will setup another test environment for this issue, will let you know once I got the result. 

    Thanks.

    Regards,

    Ralph


    Monday, October 8, 2012 8:33 AM
  • I got the same issue when pushing an agent from my DPM2012 SP1 beta machine to a domain controller.

    It looks like an issue with the installer in combination with domain groups used.
    When I checked the MSDPMAgentBootReap0curr.log I found that the installer is trying to use the wrong domain group to set DCOM permissions.
    DPMRADCOMTrustedMachines instant of DPMRADCOMTrustedMachines$MachineName

    I found a (dirty) workaround for this issue. 

    • Before installing the DPMagent create the domain group DPMRADCOMTrustedMachines
    • After the DPM agent installation add the computer account of the DPM server to the group DPMRADCOMTrustedMachines

    ----------------
    Let's hope this is fixed in the final release of SP1



    How do you add the name of the DPM server to that group when the machine I am trying to protect is in a different domain? I don't want to setup a trust.


    Mike Lewis

    Thursday, November 15, 2012 4:43 PM
  • Hi Matthijs, I am new to DPM but have used many other System Center products in the passed. I am learning myself DPM and have just installed DPM 2012 SP1 beta, and run into the same issue as you described. I wanted to know how I have to create that domain group. Do you mean as a protection group in DPM?

    looking forward to your feedback thanks!

    Monday, November 19, 2012 10:39 AM
  • To create a group Jeroen you can go to ADUC and your security group and right click and select new group. Give it the name above.

    A workaround is to place your DPM server in the domain admins group and error id 270 will go away and the agent will connect, this is due to the restrictions set on a DC. Tested this in my lab...

    Tuesday, January 8, 2013 1:08 PM
  • How can this be done if the DPM server is on a different domain? I am connecting my agents using the -isnondomain switch and am getting the "Failed! SetDpmServer failed with errorcode =0x80070534, error says: No mapping between account names and security IDs was done." error

    Help please!


    Mike Lewis

    Tuesday, January 22, 2013 10:06 PM