You are browsing the archive for 2010 July.

From the forums: Manual agent installation on a DC or RODC

7:59 am in Uncategorized by mikeresseler

As promised in previous post, here is already an interesting topic.

Many people seem to be having issues with installing an agent on a domain controller (DC) or on a read-only domain controller (RODC).  Whether it is through the automatic install or the manual install, sometimes it doesn’t work.  This can be due to various reasons, one of them being the DC or RODC secured more properly.

Below you can find a method for deploying an agent on a DC or RODC when you encounter this.  The method comes from Praveen D [MSFT]

1. Create and populate the following security groups on Primary domain controller: (Where $PSNAME is the name of RODC on which you are planning to install agent)
    a. Create DPMRADCOMTRUSTEDMACHINES$PSNAME  and add DPM server as a member
    b. Create DPMRADMTRUSTEDMACHINES$PSNAME and add DPM server as a member
    c. Add DPM server as a member of Builtin\Distributed com users group
2. Ensure that above changes are replicated on to RODC
3. Install agent on RODC
4. Grant launch and activate permissions for DPM server on DPM RA service by doing the following:
    a. Run "dcomcnfg"
    b. Expand Component Services ->  Expand Computers -> Expand My Computer -> Expand DCOM Config
    c. Right click DPM RA Service and select Properties
    d. Under ‘General’, "Authentication Level – Default"
    e. Under ‘Location’, only "Run application on this computer" should be checked
    f. Under Security, verify that the "Launch and Activation Permissions" (select > "Edit") include the machine account for the DPM Server and Allow
    j. Click OK
5. Copy setagentcfg.exe, traceprovider.dll and LKRhDPM.dll from "c:\Program Files\Microsoft DPM\DPM\setup" on DPM server and place them in "c:\Program Files\Microsoft DPM\DPM\setup" on RODC.
6. Run "setagentcfg.exe a DPMRA domain\DPMserver"  on RODC using an elevated command prompt. (Run setagentcfg.exe from the location above i.e c:\Program Files\Microsoft DPM\DPM\setup)
7. If  a firewall is enabled on RODC run the following commands:
    a. netsh advfirewall firewall set rule group="@FirewallAPI.dll,-29502" new enable=yes
    b. netsh advfirewall firewall set rule group="@FirewallAPI.dll,-34251" new enable=yes
    c. netsh advfirewall firewall add rule name=dpmra dir=in program="%PROGRAMFILES%\Microsoft Data Protection Manager\DPM\bin\DPMRA.exe" profile=Any action=allow
    d. netsh advfirewall firewall add rule name=DPMRA_DCOM_135 dir=in action=allow protocol=TCP localport=135 profile=Any
8. Attach agent on DPM server, now you are ready to protect the RODC.



DPM forums: A great resource

10:59 am in Uncategorized by mikeresseler

Last few months I’m spending quite some time on the Data Protection Manager forums. There are a few reasons why I like to spend some time over there.

  1. I like to assist people who have issues with their DPM environments.  Why? I have no idea but I just like it.  Maybe it is because I also get a lot of help from these forums for other products but it is just something I like.  That, and probably the point system that brings out the competitor in me :-)
  2. Learning.  I like to read posts made by others and the possible resolutions that are posted.  When I have no clue about what can be the problem but the answer is still resolved, it can help me in the future when I should encounter the same problem.  It will also allow me to help others when they encounter that problem now that I have a solution
  3. Approaches.  Many users are posting questions about possible configurations they would like in their environment.  Although many can be seen as “Why would you want to do that”, there are many others where I say “Hey, that’s a great idea”.  And even those where I doubt, it still reminds me that every environment is unique and that business requirements sometimes can be hard to meet.


Now what about the support you get there.  No, it is not always the best support you can imagine.  Don’t forget that on these forums the helping people are volunteers and some Microsoft people.  Also don’t forget that it is pretty hard to troubleshoot issues when you don’t have the entire information, network architecture, log files and so on with you.  I remember a post that took on for days of troubleshooting while the actual issue was so stupid, that another pair of eyes on that server would have solved the issue within minutes.  But still, the answer came after a while.  If you however expect a resolution, and you need it fast, then you better contact your partner or place a Microsoft support call.

Who is who on these forums? And who is giving the responses.

Well, that could be about everybody who has a live-id (and who doesn’t).  Firstly, you have a few MSFT people who moderate the forums and who help.  People such as Praveen D [MSFT] and Mike J are really helpful over there and are doing a great job.  I assume that this is something additional they do in their work and that it is not their main work so considering that, nice job.

Secondly, you have the “other” people.  People like myself who are not Microsoft employees and who like to help others.  For DPM, I’m thinking about Robert Hedblom, Alex Smits and Taylorbox.  But I’m sure I’m forgetting a few others and the list of helping people has grown a lot lately, something I really like. (My apologies for those who I have forgotten)

Besides the Microsoft moderated forums, there are also others who like to share a forum themselves with the community.  One of these guys is David Allen who hosts a forum on and does a great job over there in answering people’s issues.  (And don’t forget the fact that he has one of the best DPM blogs)

So if you are having problems, make sure to stop by the DPM forums ( or by 

From time to time, I will be using the information found in the forums to write a post, such as the next one.  Why? Basically because it is good information and I can find it myself again :-) and it might be easier for others to find a solution on blogs then on forums.

One final remark.

Users who ask a question on the forum, should always give feedback when they got a response.  Now many questions remain “open” because they have never received feedback from the person with the problem.  This helps others that have this issue.  When they find the forum post, and see that it resolved the issue with the user that had it, they will be more certain to try the resolution in their environments.

It doesn’t take much time to answer, and you can always be notified when somebody responds.



DPM 2010 Documentation

9:28 am in Uncategorized by mikeresseler

A little bit unnoticed, but found it today, is the fact that there are 4 new documents for System Center Data Protection Manager 2010.

The documents can be found here:

Planning a DPM 2010 Deployment

Deploying System Center Data Protection Manager 2010

Data Protection Manager 2010 Operations Guide

Data Protection Manager 2010 Troubleshooting Guide




Another fine new blog?

7:54 am in Uncategorized by mikeresseler

Hey All,

Just discovered (by accident) a new blog about DPM.  The name of the blog is DPMCallBack and can be found here:

The first post is already a good one so I’m hoping for more :-)

The post describes the questions that you will get when you have issues with your DPM installation.  Whenever you want to open a case for DPM, it is good to have these questions answered in advance, it will save you some time 😉

Here is a copy of the questions:

• Is this a fresh installation of DPM using the RTM bits or was this an upgrade from a previous version or from Beta?

• When did the problem first start? You can select the Monitoring tab and review the Alerts/Jobs for details.

• Has it ever worked as expected?

• What changes (if any) were made just prior to the failures?

• Can you reproduce the problem? If so can you please provide the exact steps?

• Are other protected data sources experiencing the same problem?

• Is the error specific to one type of data source? Example, Exchange jobs fail but SQL and SharePoint are successful.

• What is the application version that is experiencing the problem? Example, SQL 2005, SQL 2008, Exchange 2007…etc.

• Is the protected data source running on a standalone server, domain controller or a cluster?

• Is the system that is experiencing the problem in the same domain as the DPM server?

• Do other protected data sources reside on the same machine? Are they also failing?

• Is the target machine for which you’re experiencing the issue on the same LAN as the DPM server or over a WAN?

• What is the error message and ID in the Details pane? If possible, please copy/paste this or provide a screenshot.




Interesting news…

1:50 pm in Uncategorized by mikeresseler

Hey All,

Just had my first week of vacation for this summer (I actually went cooking with a scouts group together with my wife and kids so it was also a bit working ;-)) and when I came back, my inbox, tweets and other stuff had some real interesting information.  An overview:

System Center Data Protection Manager

Six! new posts on the Data Protection Manager technet blog:

Jason has also posted an update about his book, Data Protection for Virtual Data Centers.

You can find more information and the first chapter on and the post on

David Allen from SCDPMOnline has posted a great article about Centralised DPM Availability Reporting.  Check it out here

System Center Essentials

The Essentials 2010 resource kit is launched.  Find more information here and here

Dell has announced a partnership with Microsoft to deliver a solution around SCE 2010.  Information can be found here and here

That’s it for now, still a lot of catching up to do for OpsMgr, Virtual Machine Manager and ConfigMgr, but at least I already read the SCE and DPM information :-)

Enjoy the holidays



MVP Award

7:41 pm in Uncategorized by mikeresseler

Hey All,

It is with great pleasure that I can announce that I have received the MVP Award for System Center Data Protection Manager.

As it goes with an award, it is custom to thank some people, and in my case they really have earned it.

Let’s start with my employer Ferranti Computer Systems and my colleagues (with special thanks to Arne Peleman, Mark Van Giel, Frederik Baert and Valérie Siroux) who allowed me to give presentations and spent some time on the System Center User Group.  Also the continuous remarks on my blog posts and presentations are a real help to improve.

Also the members of the System Center User Group Belgium earn a big thank you.  They gave me a place to blog and the possibility to give presentations.  They also helped me on various ways within the user community when I lost directions :-). (And I probably will loose directions again with this MVP thing… :-)) Thanks Alexandre Verkinderen, Kenny Buntinx, Kim Oppalfens, Kurt Van Hoecke and Yves Janssens. Let’s continue to make the System Center community a fun place to be :-)

I can’t forget some people from Microsoft.  Thank you Jason Buffington and Arlindo Alves for your feedback and support.  It is a real pleasure working with you both in the community.

To all the readers, people who come to our presentations and commenter’s.  Thank you, it is always a pleasure learning to know you and seeing you on events, whether offline or online.

Last but not least, there is a special and BIG thanks to my wife and children, who keep accepting the fact that Daddy is playing on his laptop again.  Without their patience and support, I probably would have stopped a long time ago.

Thanks all


Mike Resseler

Twitter: @MikeResseler