Installing Protection Agents

Applies To: Data Protection Manager, System Center Data Protection Manager 2007

You use the Protection Agent Installation Wizard to install protection agents on servers that are members of the same domain and servers across trusted domains. If you are installing a protection agent and encounter network-related or permissions-related issues because of domain policies, we recommend that you install the protection agent manually using the command line interface. To install a protection agent using the command line interface, see Installing Protection Agents Manually.

If you need to install protection agents on servers that reside behind a firewall, see Installing Protection Agents behind a Firewall.

If you are installing protection agents for protection across forests, see Installing Agents across Forests in this topic.

Before you install protection agents on the computers you are going to protect, you must apply hotfix 940349. For more information about this hotfix, see Microsoft Knowledge Base article 940349, "Availability of a Volume Shadow Copy Service (VSS) update rollup package for Windows Server 2003 to resolve some VSS snapshot issues" (https://go.microsoft.com/fwlink/?LinkId=99034).

For information about installing a protection agent by using a server image on the computer without specifying the DPM server, see Installing Protection Agents Using a Server Image.

Installing Protection Agents Using DPM Administrator Console

To install a protection agent, you can use the Protection Agent Installation Wizard to guide you through the installation process.

To install a protection agent

1. In DPM Administrator Console, on the navigation bar, click Management, and then click the Agents tab.

2. In the Actions pane, click Install.

   The Protection Agent Installation Wizard starts and displays a list of available computers in the DPM server domain. If this is the first time you have used the wizard, DPM queries Active Directory to get a list of potential computers. After the first installation, DPM displays the list of computers in its database, which is updated once each day by the auto-discovery process.

3. On the Select Computers page, select one or more computers (50 maximum) from the Computer name list, click Add, and then click Next.

   If you know the name of a specific computer on which you want to install the protection agent, you can quickly find and select the computer by typing the name of the computer in the Computer name box, and then clicking Add. DPM will query Active Directory for the computer, and then add it to the Selected computers list. If you do not know the name of the computer, browse the list to find the computer.

   To find a computer across a trusted domain, you must type the fully qualified domain name of the computer you want to protect (for example, Computer1.Domain1.corp.microsoft.com, where Computer1 is the name of the target computer that you want to protect, and Domain1.corp.microsoft.com is the domain to which the target computer belongs.

   Note

   The Advanced button on the Select Computers page is enabled only when there is more than one version of a protection agent available for installation on the computers. If it is enabled, you can use this option to install a previous version of the protection agent that existed before you updated to the most recent version.

4. On the Enter Credentials page, type the user name and password for a domain account that is a member of the local administrators group on all selected servers.

5. In the Domain box, accept or type the domain name of the user account that you are using to install the protection agent on the target computer. This account may belong to the current or trusted domain.

   If you are installing a protection agent on a computer across a trusted domain, you enter your current domain user credentials. You can be a member of any trusted domain, and you must be an administrator on the target server that you want to protect.

   If you selected a node in a server cluster, DPM detects the additional nodes in the cluster and displays the Select Cluster Nodes page.

   • On the Select Cluster Nodes page, in the Cluster node selection section, select the option that you want DPM to use for selecting the remaining nodes in the cluster, and then click Next.

6. On the Choose Restart Method page, select the method you will use to restart the computers after the protection agent is installed. The computer must be restarted before you can start protecting data. This restart is necessary to load the volume filter that DPM uses to track and transfer block level changes between DPM and the computers it protects.

   If you select No. I will restart the selected computers later, after the restart is complete and if the protection agent installation status is not refreshed on the unprotected server, in the Management task area on the Agents tab, click Refresh Information.

   Note

   You do not need to restart the computer if you are installing protection agents on a DPM server.

   If any of the servers you selected are clustered servers, an additional Choose Restart Method page appears that allows you to select the method you will use to restart the clustered servers.

   You must install the protection agent on all nodes of the server cluster to successfully protect the clustered data. The servers must be restarted before you can start protecting data. Because of the time required to start services, it might take a few minutes after a restart is complete before DPM can contact the server.

   Note

   DPM will not restart a server that belongs to Microsoft Cluster Server (MSCS). You must manually restart a server in an MSCS cluster.

7. On the Summary page, click Install to begin the installation.

8. On the Installation page, the results appear on the Task tab to indicate whether the installation is successful. You can click Close before the wizard is finished performing the tasks, and then monitor the installation progress in DPM Administrator Console on the Agents tab in the Management task area.

If the installation is unsuccessful, you can view the alerts in the Monitoring task area on the Alerts tab.

Installing Agents across Forests

This section provides information about installing a protection agent across a forest with selective authentication enabled. To protect a server across a forest with selective authentication, Allowed to Authenticate permissions must be given on the Active Directory directory service for the following computers:

• DPM server on the domain controller of domain "Server to be protected".

• DPM server on "Server to be protected".

• "Server to be protected" on the DPM server.

• “Account used to install the protection agent" on the DPM server.

For information about how to grant the Allowed to Authenticate permissions on computers in the trusted domain or forest, see Grant the Allowed to Authenticate permission on computers in the trusting domain or forest (https://go.microsoft.com/fwlink/?LinkId=184707).

Installing Protection Agents Manually

You can install protection agents manually. To manually install a protection agent, use the command line options in the following procedure.

You can also install a protection agent independently using Microsoft Systems Management Server (SMS). To create an SMS package for the DPM protection agent, you must provide the following to the SMS administrator:

• A share to the DpmAgentInstaller.exe and DpmAgentInstaller_AMD64.exe packages.

• A list of servers on which you are installing the protection agents.

• The name of the DPM server.

To silently install the protection agent, run DpmAgentInstaller.exe /q <DPM server name>.

To install a protection agent manually

1. On the computer on which you want to install the protection agent, we recommend that you map a network drive to the DPM server.

   For example, from the command prompt, type net use Z: \\DPM1\c$.

2. On the protected computer, from the command prompt, change the directory (CD) to z:\Program Files\Microsoft DPM\DPM\Agents\RA\2.0.5820.0\i386 (if you have a 64-bit computer, use AM64), and then type DpmAgentInstaller.exe <DPM server name>.

   For example: DPMAgentInstaller.exe DPM1.Fully.qualified.domain

   OR

   On a 64-bit computer, type DPMAgentInstaller_amd64.exe <DPM server name>.

   Note

   If you use the DPM server name in the command line, DPM installs the protection agent and configures the security permissions for the DPM server.

   You can perform a non-interactive installation by specifying a /q parameter after the DpmAgentInstaller.exe command. For example, type DpmAgentInstaller.exe /q <DPM server name>.

3. Restart the protected server.

   Note

   The following step is not required if you specified the DPM server in Step 1.

4. To complete the protection agent configuration for the appropriate DPM server and firewall settings, from the command prompt, type <drive letter>:\Program Files\Microsoft Data Protection Manager\DPM\bin\SetDpmServer.exe – dpmServerName <DPM server name>.

   For example:
        SetDpmServer.exe –dpmServerName DPM01
   Where DPM01 is the actual DPM server name.

5. On the DPM server, from the DPM Management Shell prompt, type Attach-ProductionServer.ps1 <DPM server name> <production server name> <user name> <password> <domain>.

   The password parameter is not required and we recommend that you do not provide it. DPM will prompt you for a password, which will not appear on the screen. However, you can provide the password if you want to use the script to install a protection agent on a large number of servers.

The required configurations to protect the production computer are created. DPM Administrator Console now displays the production computer.