none
DPM backup server and client are won't connect RRS feed

  • Question

  • Hello,

    We have an DPM 2019 backup servers running in our environment (W2k19). We are in the process of adding several servers to the DPM backup. We have an issue while attaching a new server in DPM. At first everything looked fine. But DPM and the server used the FrontEnd Network card to connect. We are trying to change this to the BACKUp network card. But somehow both servers are unable to communicatie with each other using the backup NIC.Removing the server from DPM, reinstalling the DPM agent on the client server, adding persistent routes did not give us a solution. Everytime we are testing the connection via Powershell: test-netconnection both servers are using the frontend NIC instead of the backup NIC.

    Both servers are using the Backup NIC when connecting to other servers in our Backup LAN. Does someone know what could be the issue here ?

    Tuesday, April 14, 2020 1:03 PM

All replies

  • Hi,

    There are a few things to make sure when configuring a dedicated backup network:

    • Ensure that the name resolution of the protected server on the DPM server can resolve the backup address of the protected server and vice versa.
    • Configure the backup subnet and the corresponding subnet mask using Add-DPMBackupNetworkAddress.
      (The subnet should cover the entire range of network addresses for the DPM server and the servers you intend to protect.)
    • Restart the DPM agent on the DPM server and the protected computers. It may cause ongoing tasks to fail. Post a restart, watch out for alerts, and perform the recommended actions, if needed.

    You can follow the links below, check if you've missed anything:

    Improving performance with a backup network address

    Use a dedicated network for Data Protection Manager


    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    Tuesday, April 14, 2020 1:28 PM
  • The DPM server (IP: 10.71.137.187) and DPM agent (IP: 10.71.137.186)are able to resolve each other on the Backup LAN address. The backup LAN is 10.71.137.176/28. This is also configured via Powershell on the DPM server: PS C:\Windows\system32> Get-DPMBackupNetworkAddress |fl
    sequenceNumber : 1
    address        : 10.71.137.176/28

    Both servers are able to connect to another server on the backup-lan with IP: 10.71.137.185. But not each other.

    DPM Server:

    PS C:\Windows\system32> Test-NetConnection -computername 10.71.137.185 -port 135


    ComputerName     : 10.71.137.185
    RemoteAddress    : 10.71.137.185
    RemotePort       : 135
    InterfaceAlias   : Backup
    SourceAddress    : 10.71.137.187
    TcpTestSucceeded : True

    PS C:\Windows\system32> Test-NetConnection -computername 10.71.137.186 -port 135
    WARNING: TCP connect to (10.71.137.186 : 135) failed
    WARNING: Ping to 10.71.137.186 failed with status: TimedOut

    ComputerName           : 10.71.137.186
    RemoteAddress          : 10.71.137.186
    RemotePort             : 135
    InterfaceAlias         : Productie
    SourceAddress          : 10.71.137.238
    PingSucceeded          : False
    PingReplyDetails (RTT) : 0 ms
    TcpTestSucceeded       : False

    From the DPM Agent

    PS C:\Windows\system32> test-netconnection -computername 10.71.137.185 -port 135


    ComputerName     : 10.71.137.185
    RemoteAddress    : 10.71.137.185
    RemotePort       : 135
    InterfaceAlias   : Backup
    SourceAddress    : 10.71.137.186
    TcpTestSucceeded : True



    PS C:\Windows\system32> test-netconnection -computername 10.71.137.187 -port 135
    WARNING: TCP connect to 10.71.137.187:135 failed
    WARNING: Ping to 10.71.137.187 failed -- Status: TimedOut


    ComputerName           : 10.71.137.187
    RemoteAddress          : 10.71.137.187
    RemotePort             : 135
    InterfaceAlias         : Productie
    SourceAddress          : 10.71.137.234
    PingSucceeded          : False
    PingReplyDetails (RTT) : 0 ms
    TcpTestSucceeded       : False

    Wednesday, April 15, 2020 12:46 PM
  • When you are protecting a production server or a Windows client, the communication is initialized in different ways:

    • In a production server scenario, the DPM server initializes the communication
    • In a Windows client scenario, the DPM agent initializes the communication

    The DPM control protocol uses DCOM, DPM issues commands to the protection agent by invoking DCOM calls on the agent. The protection agent responds by invoking DCOM calls on the DPM server.

    TCP port 135 is the DCE endpoint resolution point used by DCOM.

    By default, DCOM assigns ports dynamically from the TCP port range of 1024 through 65535. However, you can configure this range by using Component Services.

    Note that for DPM-Agent communication you must open the upper ports 1024-65535.

    To open the ports, perform the following steps:

    1. In IIS 7.0 Manager, in the Connections pane, click the server-level node in the tree.
    2. Double-click the FTP Firewall Support icon in the list of features.
    3. Enter a range of values for the Data Channel Port Range.
    4. After you enter the port range for your FTP service, in the Actions pane, click Apply to save your configuration settings.

    You’ll find the above information and the list of required firewall ports for DPM 2019 over here:
    https://docs.microsoft.com/en-us/system-center/dpm/configure-firewall-settings-for-dpm?view=sc-dpm-2019

    An easy way to check which ports are being used is to use a network monitoring tool, like Wireshark or Microsoft Network Monitor, this helps you to identify the ports/protocols being used.

    Below you'll also find a very detailed troubleshooting for agent network communication:

    Data Protection Manager Agent Network Troubleshooting
    https://techcommunity.microsoft.com/t5/system-center-blog/data-protection-manager-agent-network-troubleshooting/ba-p/344726


    Blog: https://thesystemcenterblog.com LinkedIn:

    Wednesday, April 15, 2020 1:48 PM