DPM agents not functioning on Server 2008 DCs

August 20, 2009 · Filed Under Active Directory, Data Protection Manager 2007 · Comment 

I recently rebuilt two domain controllers in a remote site to be Windows Server 2008 SP2 64-bit. They were previously running Windows Server 2003 SP2 R2 64-bit and were in DPM 2007 SP1 with no issues.  The build for the 2008 installation from bare metal:  the old DCs were demoted, kicked out of the domain and then rebuilt as new with 2008.

When trying to install a DPM agent to the new DC installations now, error 337 was received in the DPM console:  the agent did install, but the service does not start and the agent is in an error condition in the DPM console.  Looking at a relevant DCOM article in TechNet to verify security for error 337 provided no help.   Attempting to manually install and register the DPM agents resulted in the same error.  Either way, not good…no protection groups can be configured and no backups can occur.

I could find no documentation specific to what might need to be done to get this working. 

Here’s the solution as provided by PSS (with minor edits by me): 

*** Problem Description ***
In a 2003 domain that is upgraded to a 2008 domain (native mode) DPM agents on the 2008 domain controllers will never communicate to the DPM server. The agent in DPM will show a red x on it. You can remove the agent and then reinstall the agent with the same results.

*** Resolution ***
DPM requires access to AD keys that only have the Builtin “Users” with permissions on them.  During the upgrade of the domain, it removes the NT Authority “Authenticated Users” group from the Builtin “Users” group and thus breaks the DPM server from getting access to these keys.  To fix this problem, add the NT Authority “Authenticated Users” group to the Builtin “Users” group in Active Directory Users and Computers and wait for replication to occur (in the event of DPM in a remote site), refresh the DPM agent information in the DPM console and you should be green and good.

Strange.

  • Share/Save/Bookmark

Tags: , , ,

Data Protection Manager 2007 error ID 998

March 16, 2009 · Filed Under Data Protection Manager 2007, Exchange Server 2007 · Comment 

I’m currently doing some testing with Exchange Server 2007 and Data Protection Manager 2007 on Hyper-V.  As I needed several VMs for the testing, I just installed one and then used NewSID to change the VM SID and name before joining each one to my test domain.  Later, upon attempting to configure a new protection group on DPM for one of the Exchange servers I got this error: 

The operation failed because of a protection agent failure.

Retry the operation.

ID: 998
Details: Unknown error (0×80042318) (0×80042318)

dpm_vss_errors_newsid_01

After checking the usual suspects, including the required VSS patch on the Exchange server to be protected and examining the Event Logs on the Exchange Server I found lots of VSS errors with Event ID 12302 on the Exchange server.

dpm_vss_errors_newsid_02

Tt turns out the problem is actually with using NewSID…it doesn’t play well with VSS.  The solution’s pretty simple once you find it–here’s one place it resides.  The steps are as follows:

  1. Stop the Microsoft Shadow Copy Provider & Volume Shadow Copy Service.
  2. Export the contents of the HKLM\Software\Microsoft\EventSystem key to a .reg file (as a backup).
  3. Delete the HKLM\Software\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions key. (Just delete the Subscriptions subkey; leave the EventClasses key.)
  4. Restart the server.
  5. Run the “VSSADMIN LIST WRITERS” command, which should procude output similar to that shown below.

dpm_vss_errors_newsid_03

This causes the VSS entries in the HKLM\Software\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions key to be rebuilt when the writers initialize.

If that does not resolve the problem, check the Sysinternals forum link mentioned above for more steps.

  • Share/Save/Bookmark

Tags: , , ,

Data Protection Manager 2007 error ID 31309

January 16, 2009 · Filed Under Data Protection Manager 2007 · 2 Comments 

To protect a server using Data Protection Manager 2007, you must install two prerequisite software items:

  • The DPM agent (see my previous post about the Visual C++ 2008 Redistributable cleanup issue), and
  • The VSS hotfix from MS KB 940349

If you attempt to protect data on a server immediately after it reboots following the hotfix installation, you may get an error message with ID 31309 stating that you must install the required prerequisite software…which of course, you’ve already done.  Fortunately, the fix to this annoyance is the same as for error ID 31008 as discussed in MS KB 947470.  The issue is that the agents don’t update the DPM server immediately.  The updates occur approximately every 20 - 30 minutes.

Just complete these steps and you should be on way to protecting that server:

  1. Start the Data Protection Manager 2007 Administrator Console, and then click the Management tab.
  2. Click the Agents tab, and then click Refresh information in the Action pane.
  3. Verify that OK appears in the Agent Status column for each protected server.
  4. Click the Protection tab, and then follow these steps:
    1. Create a new protection group, or modify an existing protection group.
    2. Select a data source.
    3. Verify that you can add a data source to the protection group successfully.
  • Share/Save/Bookmark

Tags: , ,

Ops Mgr agents not discovering Active Mailbox nodes

July 1, 2008 · Filed Under Exchange Server 2007, Operations Manager · Comment 

A while back, when I had first started rolling out Operations Manager 2007, I had a strange issue occur where the agents would not discover that the Active nodes in CCR mailbox clusters actually were actually holding the “mailbox” role.  The agents made this discovery correctly on the Passive nodes of the CCR clusters, but not on the Active nodes.  In fact, the agent wasn’t discovering any Exchange Server 2007 roles on the Active nodes of the CCR clusters.

The problem ended up being that something (although we never found out what) had a lock on the required portion of the Registry that the Ops Mgr agent was trying to scan.  Working with PSS, Ops Mgr tracing per KB 942864 was dialed up and analyzed for the Active nodes of the CCR clusters.  A snippet from one of the server’s “TracingGuidsNative.etl” log indicates that the Ops Mgr agent was failing to open the registry key below HKLM\Microsoft\Exchange\v8.0\.

[4]33AC.220C::04/11/2008-00:28:25.131 [ModulesRegistry]Failed to open registry key SOFTWARE\Microsoft\Exchange\v8.0\MailboxRole. Error 0×80070006(ERROR_INVALID_HANDLE)

[4]33AC.220C::04/11/2008-00:28:25.131 [ModulesRegistry]Failed to open registry key SOFTWARE\Microsoft\Exchange\v8.0\HubTransportRole. Error 0×80070006(ERROR_INVALID_HANDLE)

[5]33AC.1CD8::04/11/2008-00:28:25.131 [ModulesRegistry]Failed to open registry key SOFTWARE\Microsoft\Exchange\v8.0\MailboxRole. Error 0×80070006(ERROR_INVALID_HANDLE)

[0]33AC.0870::04/11/2008-00:43:23.733 [ModulesRegistry]Failed to open registry key Software\Microsoft\Exchange\v8.0\HubTransportRole. Error 0×80070006(ERROR_INVALID_HANDLE)

[3]33AC.220C::04/11/2008-00:43:23.733 [ModulesRegistry]Failed to open registry key Software\Microsoft\Exchange\v8.0\MailboxRole. Error 0×80070006(ERROR_INVALID_HANDLE)

[5]33AC.3114::04/11/2008-00:43:23.733 [ModulesRegistry]Failed to open registry key SOFTWARE\Microsoft\Forefront Server Security\Exchange Server. Error 0×80070006(ERROR_INVALID_HANDLE)

[7]33AC.2824::04/11/2008-00:43:23.733 [ModulesRegistry]Failed to open registry key SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server. Error 0×80070006(ERROR_INVALID_HANDLE)

[7]33AC.2824::04/11/2008-00:43:23.733 [ModulesRegistry]Failed to open registry key SOFTWARE\Microsoft\Exchange\v8.0\HubTransportRole. Error 0×80070006(ERROR_INVALID_HANDLE)

[0]33AC.0C18::04/11/2008-00:58:24.102 [ModulesRegistry]Failed to open registry key SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server. Error 0×80070006(ERROR_INVALID_HANDLE)

[0]33AC.0D78::04/11/2008-00:58:24.102 [ModulesRegistry]Failed to open registry key SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server. Error 0×80070006(ERROR_INVALID_HANDLE)

[5]33AC.0D78::04/11/2008-00:58:24.102 [ModulesRegistry]Failed to open registry key SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server. Error 0×80070006(ERROR_INVALID_HANDLE)

Unfortunately, no exact process was found that was locking the Registry.  By chance, a reboot neccessitated by the installation of Exchange Server 2007 SP1 Update Rollup 1 freed the lock.  After that reboot, the discovery successfully completed.

  • Share/Save/Bookmark

Tags: , , , , ,

Don’t forget to update your Ops Mgr agents!

June 27, 2008 · Filed Under Operations Manager · Comment 

Just a note to those who are updating their Ops Mgr servers for the Exchange Server 2007 MP (or otherwise becuase you need to), when you install the two hotfixes that update your agent…you’ll of course need to push the update out to your agent managed servers.  :)  Just look in your Pending Management folder…

  • Share/Save/Bookmark

Tags: