none
DPM 2010 Error 308 DC RRS feed

  • Question

  • I am currently having an issue when i install the DPM agent onto a certain Domain Controller.

    At the moment i have 30 odd domain controllers/ File/print servers successfully being backed up by DPM2010.

    But when i install the agent  onto this particular Domain controller/File Server after about 1 hour all the other domain controllers start to appear with error 300 or error 308.

    Error - The detailed RPC server is unavailable (0x800706BA) appears on all of the other domain controllers.

    So i have done the following
    I have installed the dpm agent on a 32bit version of this server - Same issue
    i rebuilt the server from scratch and installed a 64x version on server, renamed it - same issue
    manually installed - no joy, firewall exceptions all added.

     

    If i uninstall teh agent and remove it from DPM all of the other servers come online, back to normal.

    IF I Demote the domain controller that is having the issue and have it as a standard File server, install DPM it works.  It is only when the server is a DC that i have this issue???

    Can anyone offer any help what so ever..  Surly someone has to have come across this before.

     

    Thanks for reading, hope you can help :)

     

     


    • Edited by Aido82 Thursday, July 7, 2011 12:15 PM
    Thursday, June 16, 2011 2:25 PM

All replies

  • Maby your default domain policy is alterd? Try adding the dpm servers computer account to the domain admin group. Does it work?

    Best Regards

    Robert Hedblom

    MVP DPM


    Check out my DPM blog @ http://robertanddpm.blogspot.com

    Saturday, June 18, 2011 9:04 PM
    Moderator
  • I have the DPM Server as a domain Admin - still no joy
    Friday, June 24, 2011 7:44 AM
  • if i demote the domain controller and put dpm agent on server,  it works.

    When the server is a DC it fails and the other DC's protected by DPM down with it

     

    Monday, June 27, 2011 9:50 AM
  • What OS is the server you see as the problem server, and is your environment using DFS-R or NtFRS?  Do you see any local log files being generated for AD DS, file replication, or DNS errors?

    I'm wondering if you are promoting the server with AD integrated DNS zones, and the DNS naming is not replicating properly or is replicating improperly causing the DPM server to be unable to resolve host entries.

    Tuesday, June 28, 2011 10:25 PM
  • Quick Update

     

    I have noticed that it is only when the DPMRATrustedMachine$ groups are replicated accross AD that the others fail.

    If i remove these grooups agents appear online except effected server, but with the DPMRADCOMTrustedMachines$SERVERNAME and DPMRADmTrustedMachines$SERVERNAME groups created all fail


    Tuesday, July 5, 2011 9:57 AM
  • Has any one any idea's at all as to what is happening here.

    Exactly the same issue as before and i still have not got this resolved. 

    As soon as the DPMRADCOMTrustedMachines$SERVERNAME and DPMRADmTrustedMachines$SERVERNAME groups are created for my new server (RODC) all the other server become unavailable.  As soon as i remove the group all other servers are available again.

    This is driving me crazy.  i have followed the below down to a tee but still no joy.


    > 1. Create and populate the following security groups on Primary domain
    > controller: (Where $PSNAME is the name of RODC on which you're planning to
    > install agent)
    >     a. Create DPMRADCOMTRUSTEDMACHINES$PSNAME  and add DPM server as a

    > member
    >     b. Create DPMRADMTRUSTEDMACHINES$PSNAME and add DPM server as a member
    >     c. Add DPM server as a member of Builtin\Distributed com users group
    > 2. Ensure that above changes are replicated on to RODC
    > 3. Install agent on RODC
    > 4. Grant launch and activate permissions for DPM server on DPM RA service by
    > doing the following:
    >     a. Run "dcomcnfg"
    >     b. Expand Component Services ->  Expand Computers -> Expand My
    > Computer -> Expand DCOM Config
    >     c. Right click DPM RA Service and select Properties
    >     d. Under 'General', "Authentication Level - Default"
    >     e. Under 'Location', only "Run application on this computer" should be
    > checked
    >     f. Under Security, verify that the "Launch and Activation Permissions"
    > (select > "Edit") include the machine account for the DPM Server and Allow
    > "Local  Launch", "Remote Launch", "Local Activation", "Remote Activation"
    >     j. Click OK
    > 5. Copy setagentcfg.exe, traceprovider.dll and LKRhDPM.dll from "c:\Program
    > Files\Microsoft DPM\DPM\setup" on DPM server and place them in "c:\Program
    > Files\Microsoft DPM\DPM\setup" on RODC.

    > 6. Run "setagentcfg.exe a DPMRA domain\DPMserver"  on RODC using an elevated
    > command prompt. (Run setagentcfg.exe from the location above i.e c:\Program
    > Files\Microsoft DPM\DPM\setup)
    > 7. If  a firewall is enabled on RODC run the following commands:
    >     a. netsh advfirewall firewall set rule group="@FirewallAPI.dll,-29502"
    > new enable=yes
    >     b. netsh advfirewall firewall set rule group="@FirewallAPI.dll,-34251"
    > new enable=yes
    >     c. netsh advfirewall firewall add rule name=dpmra dir=in
    > program="%PROGRAMFILES%\Microsoft Data Protection Manager\DPM\bin\DPMRA.exe"
    > profile=Any action=allow
    >     d. netsh advfirewall firewall add rule name=DPMRA_DCOM_135 dir=in
    > action=allow protocol=TCP localport=135 profile=Any
    >
    > 8. Attach agent on DPM server, now you are ready to protect the RODC.

    Tuesday, June 5, 2012 3:34 PM
  • Try to put the computer account for the DPM server within the domain admin group and try if it works.

    Please post information regarding your progress.


    Best Regards

    Robert Hedblom

    MVP DPM


    Check out my DPM blog @ http://robertanddpm.blogspot.com

    Wednesday, June 6, 2012 8:21 PM
    Moderator
  • hi Robert, thanks for the fast response.

    i placed the DPM server initially in as a domain admin, then i also placed the server i am trying to protect in as a Domain admin, no change at all.

    Unfortunatly the same result occured, it seems that only when these DPMRADMTRUSTEDMACHINES$ groups are created that the other DC agents appear offline with an error message of:

    DCOM 10009 error -

    DCOM was unable to communicate with the computer server.domain.com using any of the configured protocols.

    Protection agent version: 3.0.7696.0
    Error: Data Protection Manager Error ID: 308
     The protection agent operation failed because DPM could not communicate with the Protection Agent service on amswddat003.entirl.com.
    Detailed error code: The RPC server is unavailable (0x800706BA)
    Recommended action: If you recently installed a protection agent on amswddat003.entirl.com, the computer may be restarting. Wait a few minutes after restarting the computer for the protection agent to become available. If the problem persists, do the following:
    1) Verify that server2.domain.com is remotely accessible from the DPM server. i can rdc and telnet onto the box

    2) If a firewall is enabled on server2.domain.com , verify that it is not blocking requests from the DPM server. firewall disabled

    3) If server2.domain.com is a workgroup server the password for the DPM user accounts may have changed or expired. To resolve this error, run SetDpmServer with the -UpdatePassword flag on the protected computer and Update-NonDomainServerInfo.ps1 on the DPM server. not in a worksgoup

    4) Restart the DPM Protection Agent service on server2.domain.com . If the service fails to start, uninstall the protection agent by using Add or Remove Programs in Control Panel on server2.domain.com . Then in the Management task area, on the Agents tab, in the Actions pane, click Install to reinstall the protection agent on amswddat003.entirl.com. done to no avail

    Im completly stuck

    • Edited by Aido82 Thursday, June 7, 2012 11:17 AM
    Thursday, June 7, 2012 10:58 AM