Tag Archives: data protection manager

Install SystemCenter DPM 2016 – HowTo…

Prerequisites:

We need the following prerequisites first:

VM:
  • 2 vCPU
  • 4096MB Memory dynamic min. 512MB – max. 8192MB
  • Systemdrive – 128GB Dynamic
  • Backupdrive – <whatever you need>GB
User Accounts:
Login Purpose Permission
DOMAIN\_svc_sqlservice Account for SQL Database Instance on DPM Server none (permissions set by sql setup…)
DOMAIN\_svc_sqlreporting Account for SQL Reporting Instance on DPM Server none (permissions set by sql setup…)
DOMAIN\_svc_sqlagent Account for SQL Agent on DPM Server none (permissions set by sql setup…)
SQL:

Install SQL Server local on DPM Server or use a remote SQL Server (DPM 2016 does not support AlwaysOn Groups – so i will install a local SQL Server instance on DPM VM itself)

<sql.ini>

SQL components you need:

  • DataBase engine
  • Reporting Services Native

..in addition you need SQL Server Management Studio (DPM setup check this prerequisite) – if you do not install management studio you will receive this error while installation of DPM:

..so start install of SQL Management Studio:

Install:

The ISO of DPM you can download, have only a single MSI file that extract the source files for installation – you can mount this from a remote source, extract remote, or as same i will do – copy the MSI to C:\Temp – double-click on the MSI package and enter C:\Temp\DPM2016Setup as destination directory.

After extracting – double-click on setup.exe – install will start:

…enter the localhost-name and the name of the sql instance you installed before with the SQLxxx.ini…

…setup will check and install all prereq´s – while installing Hyper-V PowerShell Modules you have to restart the DPM server and run setup again:

..after reboot – start DPM setup again:

…after finishing of setup – install all updates – at time of creation of this blog it is “Update Rollup 2 – Data Protection Manager 2016”

Remote Administration:

If you want to remotely manage your DPM server and have a “Administration Workstation” you can install “DPM Remote Administration” there. (HINT: other tutorials and howto´s tell you that you need SCOM, Management-Packs,… to install Remote Tools – thats not correct – for “Remote Administration” you need nothing of these – you need SCOM,.. only if you want to install “DPM Central Console”…

…after finish setup of Remote Administration you have to check for Updates – because DPM Console checks the version between Console and Server and need the same on both. (you receive an error starting a console with an old version…)

Post-Task´s after finishing setup:

Add Disks/Volumes to DPM:

DPM uses a new concept called MBS (Modern Backup Storage) – based on ReFS Volumes with Storage Spaces – so adding disks is completely different than in DPM 2012R2 – in my case i will add two virtual disks (dynamic and 64GB) to my DPM Server VM (you can add additional disks later) and start with Server Manager in dem DPM Server VM:

…right click on the first disk and click on new storage pool (choose ONE disk has a reason: this will create a Storage Pool with column size 1 – so you can later simple add single disks to the pool)

..give the new pool a name:

…if you have a physical DPM Server with JBODs – best practice here is to add several disks and configure one of them as Hot-Spare – because we have a DPM virtually – we need no hot-spare:

…now we create a virtual disk:

…best practice is to use a simple layout:

…we use Fixed provisioning type:

…specify a size a little smaller than the disk (we expand this volume later):

…deselect create volume and click on close:

…add the second disk to storage pool:

…and extend the virtual disk:

..i will not use all (in this example) 128GB:

…now we can create a volume on the new vdisk:

..add a drive letter:

…now you can add this volume to DPM:

HINT: you have to click on rescan if you don´t see your new volume here…

…give it a friendly name and click ok:

Add Agents:

Now it´s time to add agents to DPM – click on Agents in console and click Install:

HINT: if you want to install an agent in a untrusted source (not domain joined source or in a domain that do not trust – see my post: Install DPM agent in unstrusted workgroup…

..in my environment in want to install it first on my hyper-v cluster – so i choose my both hyper-v nodes (not necessary to include clustername – ie “hvfc”):

..enter a account that has local admin rights on this servers (you can use your own account, it is only for the installation of agent NOT for service or other purposes..)

..a reboot of ALL (because it is a cluster) is necessary to add hyper-v nodes/cluster to DPM – i will not start automatically (you must restart ALL clusternodes)

..if you receive a error – check your firewall settings on the target computers (for all port exclusions see: https://technet.microsoft.com/en-us/library/hh757794(v=sc.12).aspx – for a list of exclusions only for dpm agents see: https://technet.microsoft.com/en-us/library/hh758204(v=sc.12).aspx):

HINT: easy way – use the following powershell cmdlets on the potentially protected computers:

..or use a GPO – after setting the correct port exclusion – agent installation will work:

 

Install DPM Agent in untrusted Workgroup…

To install the DPM Agent on computers running outside the DPM domain is a little bit tricky – hopefully the steps below are helping to describe this procedere:

first find the agent setup files on DPM server – to do this locate the agent setup directory with the newest version – on DPM Server browse to C:\Program Files\Microsoft System Center 2012 R2\DPM\DPM\agents\RA

inside this folder copy the appropriate OS version – ie. amd64 for the 64-bit agent:

paste this on the computer where you want to install the agent – ie. C:\Temp\DPM\Agent:

on the computer where you want to install the agent, open a CMD with admin rights and change to the directory where you copied the setup files – ie. C:\Temp\DPM\agent\amd64\1033

DPM agent needs the FQDN of the DPM server – check nslookup if name resolution working correctly or edit Hosts file to have a local name resolution

HINT: for DPM the fqdn name and NETBIOS name are two different things (!) – if you enter fqdn here, you have to enter also the fqdn on DPM SERVER side while adding the agent…

to install the agent with showing a progress bar – enter the following command:

to install completely silent – enter:

(KBxxxx reference to the newest version of agent – in this case DPM agent 2012R2CU10…)

HINT: ..if you get a 0x80070005 “Access is denied” error – try to start the DPMAgentInstaller without parameters!

confirm the “Restart message” and change to the new install dir of agent:

enter the following command:

…choose a password and DPM is creating a local user account with the name you choose – you can check this with Computer Management->Local User and Groups->Users

Agent setup also creates the following three groups:

  • DPMRADCOMTrustedMachines
  • DPMRADmTrustedMachines
  • DPMRATrustedDPMRAs

…the new account is member in the first two groups..

On DPM server do the following:

click on Management->Add -> Windows Servers:

…be careful here to enter the correct values – FQDN must resolvable from DPM server – username is in format <new_created_local_account_before> (don’t use <DOMAIN>\<accountname> here !)

click attach:

..agent should be attached with status “Success” – you have to restart the agent Computer to finish the agent Installation…

Install DPM Agent on a Domain Controller in a untrusted Domain/Workgroup…

Installing a DPM Agent on a domain controller is unfortunately not so easy as installing a dpm agent in a untrusted workgroup (dpm agent installer wants to create a local user…)

Tasks to do on DPM agent computer:

  • install Agent (ie. DPMAgentInstaller_AMD64.exe <fqdn_of_DOM_server>
  • open cmd Shell with admin rights
  • change to DPM directory (c:\Program Files\Microsoft Data Protection Manager\DPM\bin)
  • call setup:

  •  enter a new Password for DPM Agent/Server communication

Since the DPM agent computer is a domain controller of other domain, setup is creating a domain account called <new_name_for_dpm_agent>:

  • Add the agent account to the following groups on the domain controller:
    • DPMRADCOMTrustedMachines$…
    • DPMRADmTrustedMachines$…

Tasks to do on DPM server computer:

open Computer Management on DPM server to add the <new_name_for_dpm_agent> account to the following groups:

  • DPMRADCOMTrustedMachines
  • DPMRADmTrustedMachines
  • MSDPMTrustedMachines
  • Distributed COM Users

  • (only necessary if you have added this agent before) – open DPM ManagementShell with admin rights and change to DPM\bin directory – enter:

  • add agent on DPM server as usual
  • a few minutes later the new agent should appear as “Agent Status” – OK in DPM console…