Today is World Availability Day!
Everything went well for a very long period of time
The DPM agent reported the following error:
Error: Data Protection Manager Error ID: 316
The security agent operation in APP-V-SQL.LAB.COM failed because the service did not respond.
Detailed error code: Internal error code: 0x8099090E
Recommended action: If you recently installed the security agent in APP-V-SQL.LAB.COM, your computer may restart. Wait a few minutes after restarting the computer for the protection to become available. Otherwise, follow these steps to resolve the issue:
1) Check the DPMRA source for recent records in the APP-V-SQL.LAB.COM event log to see why the agent did not respond.
2) Make sure that the DPM server is remote accessed from APP-V-SQL.LAB.COM.
3) If the firewall is enabled on the DPM server, make sure that it does not block APP-V-SQL.LAB.COM requests.
4) If APP-V-SQL.LAB.COM is a workgroup computer configured to use NETBIOS, ensure that the NETBIOS name of the DPM server is available from APP-V-SQL.LAB.COM. Otherwise, check that the DNS name is remote access.
5) If APP-V-SQL.LAB.COM is a workgroup server, make sure that the DPM server has an IPSEC exception to allow data transfer from workgroup servers.
6) If APP-V-SQL.LAB.COM is a workgroup server, the password for DPM user accounts could have been changed or may have expired on the secure server. To resolve this error, run the SetDpmServer-protected computer -UpdatePassword flag and the DPM server Update-NonDomainServerInfo.ps1.
7) Restart the DPM Protection Agent in APP-V-SQL.LAB.COM. If the service does not start, reinstall the DPM security agent.
8) If APP-V-SQL.LAB.COM is configured with certificates, make sure that the DPM CPWrapper service is running on the DPM server and APP-V-SQL.LAB.COM. Also, make sure that the certificates used by both computers are valid.
The details of the error are self-evident, there are several points to troubleshoot.
Let’s start troubleshooting each point.
Item 1: I don’t see any errors in the app’s event log.
Item 2: The DPM server can also be accessed remotely from the DPM server and the secure server.
Item 3: The firewall does not block requests.
Item 4: The secure server is in a different domain (untrusted), the NETMIOS name of the DPM server is available from the secure server, and vice versa.
Item 5: The secure server is in a different domain (untrusted), the DPM server can communicate with workgroup servers without any problems.
Item 6: The secure server is in a different domain (untrusted), the password for DPM user accounts used on the secure server is never set to expire. I tried to reset my password, but unfortunately the agent is not yet available.
7 places: I restarted the DPM Protection Agent on a secure server, the service started successfully, but unfortunately the agent is not yet available.
Item 8: Certificates are not used.
None of the proposed solutions solved the problem
So what’s the matter then?
I will add point 9 to the list above and see how we can solve this problem
9) If the secure server is a workgroup server, make sure that the password for the local user accounts on the DPM server has never expired.
As you may have noticed, I protect my domain and non-domain hosts in my environment.
Non-domain machines only reported this issue, but domain machines did not complain.
When you install a DPM agent on untrusted servers, you first install the agent on a secure server and then configure the DPM server. SetDpmServer.exe –dpmservername DPM2012 –isnondomainserver username UNTRUST1, and finally you manually connect the agent to the DPM server using Paste-NonDomainServer.ps1 cmdlet.
Now, behind the scenes, the DPM agent creates a local user account in a secure separate part, and when you connect the agent to the DPM server, the same user ID is also created locally on the DPM server.
Open the Computer Management console on the DPM server at Local users and groups find the user account and open the properties.
As you see The user must change the password the next time they log in
Let’s change it to format The password never expires.
Now update the agent again in the DPM console and here
But wait, we haven’t finished yet! Because after 42 days you will experience the same problem again
What?… And why after 42 days?
Because if you remember, the server’s Local Security Policy has expired by default after 42 days!
To avoid this problem in the future, you need to make sure that you set Maximum password age With a DPM server The password does not expire (0 days).
You can add item 9 to the troubleshooting list.
Hopefully it helps!
Happy World Backup Day!