Tag Archives: dpm untrusted workgroup

Install DPM Agent in untrusted Workgroup…

To install the DPM Agent on computers running outside the DPM domain is a little bit tricky – hopefully the steps below are helping to describe this procedere:

first find the agent setup files on DPM server – to do this locate the agent setup directory with the newest version – on DPM Server browse to C:\Program Files\Microsoft System Center 2012 R2\DPM\DPM\agents\RA

inside this folder copy the appropriate OS version – ie. amd64 for the 64-bit agent:

paste this on the computer where you want to install the agent – ie. C:\Temp\DPM\Agent:

on the computer where you want to install the agent, open a CMD with admin rights and change to the directory where you copied the setup files – ie. C:\Temp\DPM\agent\amd64\1033

DPM agent needs the FQDN of the DPM server – check nslookup if name resolution working correctly or edit Hosts file to have a local name resolution

HINT: for DPM the fqdn name and NETBIOS name are two different things (!) – if you enter fqdn here, you have to enter also the fqdn on DPM SERVER side while adding the agent…

to install the agent with showing a progress bar – enter the following command:

to install completely silent – enter:

(KBxxxx reference to the newest version of agent – in this case DPM agent 2012R2CU10…)

HINT: ..if you get a 0x80070005 “Access is denied” error – try to start the DPMAgentInstaller without parameters!

confirm the “Restart message” and change to the new install dir of agent:

enter the following command:

…choose a password and DPM is creating a local user account with the name you choose – you can check this with Computer Management->Local User and Groups->Users

Agent setup also creates the following three groups:

  • DPMRADCOMTrustedMachines
  • DPMRADmTrustedMachines
  • DPMRATrustedDPMRAs

…the new account is member in the first two groups..

On DPM server do the following:

click on Management->Add -> Windows Servers:

…be careful here to enter the correct values – FQDN must resolvable from DPM server – username is in format <new_created_local_account_before> (don’t use <DOMAIN>\<accountname> here !)

click attach:

..agent should be attached with status “Success” – you have to restart the agent Computer to finish the agent Installation…

Install DPM Agent on a Domain Controller in a untrusted Domain/Workgroup…

Installing a DPM Agent on a domain controller is unfortunately not so easy as installing a dpm agent in a untrusted workgroup (dpm agent installer wants to create a local user…)

Tasks to do on DPM agent computer:

  • install Agent (ie. DPMAgentInstaller_AMD64.exe <fqdn_of_DOM_server>
  • open cmd Shell with admin rights
  • change to DPM directory (c:\Program Files\Microsoft Data Protection Manager\DPM\bin)
  • call setup:

  •  enter a new Password for DPM Agent/Server communication

Since the DPM agent computer is a domain controller of other domain, setup is creating a domain account called <new_name_for_dpm_agent>:

  • Add the agent account to the following groups on the domain controller:
    • DPMRADCOMTrustedMachines$…
    • DPMRADmTrustedMachines$…

Tasks to do on DPM server computer:

open Computer Management on DPM server to add the <new_name_for_dpm_agent> account to the following groups:

  • DPMRADCOMTrustedMachines
  • DPMRADmTrustedMachines
  • MSDPMTrustedMachines
  • Distributed COM Users

  • (only necessary if you have added this agent before) – open DPM ManagementShell with admin rights and change to DPM\bin directory – enter:

  • add agent on DPM server as usual
  • a few minutes later the new agent should appear as “Agent Status” – OK in DPM console…