The company that I work for is a Microsoft Gold Partner. Now I know that I write a lot about Linux, and other stuff, but because I work for a Microsoft gold Partner, that means that I am sometimes forced to drink the Microsoft Kool-Aid. Sometimes drinking the Kool-Aid is not that bad, and can sometimes save us money.
For instance, we were up for renewal for our backup Exec licenses. To renew for each little piddly agent in order to backup our entire infrastructure it was going to cost us over $100,000. It turns out that Microsoft’s Data Protection Manager is a part of our EA agreement, so it doesn’t cost us anything extra! BOOM!
The problem with Data Protection manager though is that it really was designed for single domain operations. When you start getting into untrusted domains, things start to get complicated. Now there is a procedure for manually installing the DPM agent on untrusted domain servers which works pretty good, but the documented process for installing, and configuring the agent on an untrusted domain controller doesn’t work so well. In fact the way you are SUPPOSED to install it is by running the following from the command line on the untrusted domain controller:
The above commands work fine on a member server in an untrusted domain, but do you think it works on a Domain Controller? BULL SHIT!
When trying to connect I was getting errors similar to this on the untrusted domain controllers:
A DPM agent failed to communicate with the DPM service on FQDN.DPMSERVER.COM because access is denied. Make sure that FQDN.DPMSERVER.COM has DCOM launch and access permissions for the computer running the DPM agent (Error code: 0x80070005, full name: FQDN.DPMSERVER.COM).
DCOM was unable to communicate with the computer FQDN.DPMSERVER.COM using any of the configured protocols.
I did figure out how to get it working. What you have to do is simply double click on the DPMAgentInstaller_x86.exe or DPMAgentInstaller_x64.exe for 32 bit DC’s or 64 bit DC’s respectively and let the install complete. Or right-click and run-as Administrator if you have UAC enabled. Once complete reboot. For some reason if you point DPM to the DPM server during install on a domain controller it screws something up.
After reboot, run the following command like you normally would:
SetDpmServer.exe -dpmServerName FQDN.DPMSERVER.COM -isNonDomainServer –userName DpmAgentUser
After that you can attach to the untrusted DC’s successfully, and you can actually back them up!
I’m still pretty new to Data Protection Manager, so if you have some tips and suggestions I am all ears! Hit me up in the comments!