You are browsing the archive for agent.

Remote install of DPM 2010 agents

8:57 am in Uncategorized by mikeresseler

It is a fact… From time to time, DPM won’t install the agent through the GUI.  And yes, most of the time, then you need to install it manually.  In the larger environments, we use different methods for our DPM agent deployments, but in the smaller ones, the infrastructure for doing that just isn’t there. 

Hans De Leenheer, which is a colleague of mine does quite some DPM implementations with smaller companies as part of a larger projects.  As he likes the words “a good admin is a lazy admin” (which is something I share with him :-)) he decided to create a small procedure to install the agents on servers remotely.  Now he doesn’t need to RDP to each server.

The procedure can be found here:

http://hansdeleenheer.blogspot.com/2010/08/remote-install-of-dpm-2010-agents.html

Thanks Hans,

Enjoy

Mike

From the forums: Manual agent installation on a DC or RODC

7:59 am in Uncategorized by mikeresseler

As promised in previous post, here is already an interesting topic.

Many people seem to be having issues with installing an agent on a domain controller (DC) or on a read-only domain controller (RODC).  Whether it is through the automatic install or the manual install, sometimes it doesn’t work.  This can be due to various reasons, one of them being the DC or RODC secured more properly.

Below you can find a method for deploying an agent on a DC or RODC when you encounter this.  The method comes from Praveen D [MSFT]

1. Create and populate the following security groups on Primary domain controller: (Where $PSNAME is the name of RODC on which you are planning to install agent)
    a. Create DPMRADCOMTRUSTEDMACHINES$PSNAME  and add DPM server as a member
    b. Create DPMRADMTRUSTEDMACHINES$PSNAME and add DPM server as a member
    c. Add DPM server as a member of Builtin\Distributed com users group
2. Ensure that above changes are replicated on to RODC
3. Install agent on RODC
4. Grant launch and activate permissions for DPM server on DPM RA service by doing the following:
    a. Run "dcomcnfg"
    b. Expand Component Services ->  Expand Computers -> Expand My Computer -> Expand DCOM Config
    c. Right click DPM RA Service and select Properties
    d. Under ‘General’, "Authentication Level – Default"
    e. Under ‘Location’, only "Run application on this computer" should be checked
    f. Under Security, verify that the "Launch and Activation Permissions" (select > "Edit") include the machine account for the DPM Server and Allow
    j. Click OK
5. Copy setagentcfg.exe, traceprovider.dll and LKRhDPM.dll from "c:\Program Files\Microsoft DPM\DPM\setup" on DPM server and place them in "c:\Program Files\Microsoft DPM\DPM\setup" on RODC.
6. Run "setagentcfg.exe a DPMRA domain\DPMserver"  on RODC using an elevated command prompt. (Run setagentcfg.exe from the location above i.e c:\Program Files\Microsoft DPM\DPM\setup)
7. If  a firewall is enabled on RODC run the following commands:
    a. netsh advfirewall firewall set rule group="@FirewallAPI.dll,-29502" new enable=yes
    b. netsh advfirewall firewall set rule group="@FirewallAPI.dll,-34251" new enable=yes
    c. netsh advfirewall firewall add rule name=dpmra dir=in program="%PROGRAMFILES%\Microsoft Data Protection Manager\DPM\bin\DPMRA.exe" profile=Any action=allow
    d. netsh advfirewall firewall add rule name=DPMRA_DCOM_135 dir=in action=allow protocol=TCP localport=135 profile=Any
8. Attach agent on DPM server, now you are ready to protect the RODC.

Cheers,

Mike

How to remove a dead server from DPM 2010

7:30 am in Uncategorized by mikeresseler

Hey All,

Every DPM administrator will have sooner or later this problem.  A server has been removed, decommissioned or went dead suddenly.  But the agent was never installed through the UI so it remains there.  DPM starts to throw errors at you because it’s not possible anymore to backup that server and you want to delete the agent from the console.  And, of course, business requires that you retain the data for a specific period.

If that period is within the thresholds that have been set, then there is no problem as you will see later in this post.  However, if you need to maintain the data longer, then you better “restore” the data to a tape, so you can store it away for a longer time.

But, for today, here is the procedure how to remove the ‘dead’ agent

image

In this screenshot you can see an agent that is not reachable anymore.

image

So I tried to remove the agent.  I did right click and choose Uninstall

image

This is the error I’m getting.  The server is still in one of my protection groups, so I can’t remove it until I first remove it from the protection group.

So I’m going to the protection group

image

Right-click and choose Stop Protection of Group.

Note: In case you want to remove a server out of a protection group, but don’t remove the protection group then you need to modify it.  It will automatically create an Inactive protection for previously protected data in the UI

image

I choose to delete the protection group and retain the data

image

After the job, I have an inactive protection for this source

So back to my management, right-click on the dead server and Uninstall

image

image

I have to enter my credentials

image

The agent is being uninstalled

image

But as said, the server is dead, so this is not going to work.  DPM now asks me if I want to remove the agent record from the database.  I choose Yes

image

At the end, DPM still tells me that the job has failed, but since I told him to remove the record, it should have done the job after all.  And indeed, the server will not be listed anymore in the UI.

When I go back to protection, I will see that I still have data for that source and still can restore if needed.  Again, don’t forget to restore to somewhere if you need it longer, otherwise the data will be gone after it’s protection period is over

image

Cheers,

Mike

How to manually install an agent and attach it to the DPM server

6:54 pm in Uncategorized by mikeresseler

Hey All,

I’m receiving sometimes the question about manual installation of DPM agents.  Sometimes this is because off using deployment tools, other times it is because of firewall restrictions on the server.

The DPM agent installer from the console works great but when it needs to be done manual, it just needs to be done manual.

So for this, here is a small example on how to achieve this.

 

In this example, I will install the agent manually on the server, but it is perfectly possible to do this with SCCM or SCE or MDT.

 

First we need to find the agent installer sources

image

Depending on which version you need, choose it.  In this case it was a 64-bit server.

image

image

When the agent installation is complete, we need to run following command

image

The command is: SetDpmServer.exe –dpmServerName <name server>

Note that when the DPM server is in another domain, use the FQDN

image

As you can see, the DPM command is now configuring a few items

After that, you need to go to the console and choose to install agents

image

But instead of choosing the option Install Agents you need to choose Attach Agents and then depending on your situation: Computers on Active Directory Domain or Computers in Workgroup or Untrusted Domain

In my case, it is Computers on Active Directory Domain

image

In this window you need to choose your servers.  This can be one server but multiple at the same time is also possible.

image

Give the correct credentials

image

A review, press Attach to start the task

image

And quickly after, you will get the notification that it is a success.

That’s it.

But what if you want to do the command part on the server to be protected automatically?

This can be achieved by using parameters in your installation package for SCCM, MDT or SCE

USAGE:
DpmAgentInstaller.exe [/q] [<DPM server name>]

[<DPM server name>]
The name of the DPM server to be used for protecting this computer. Specify this parameter if the DPM server is known. If you are installing the DPM protection agent as a part of an image, skip this parameter. You can set the DPM server later using the SetDpmServer.exe tool.
[/q]
Performs a silent install.

So using the following command in your package should solve your problem here: DpmAgentInstaller.exe /q <DPMServerName>

So is this something you would want to use or not?  In my opinion, every windows server that you deploy should receive an agent.  Why?  Because you never know when you need to backup that server.  With DPM it is very easy to set the agent for a server as disabled.  It won’t use any license so that won’t cause a problem.

Just my 2 cents

Cheers,

Mike