Export (0) Print
Expand All

Install Azure Backup Agent and upload the certificate

Published: February 20, 2012

Updated: April 7, 2014

Applies To: Windows Server 2008 R2 with SP1, Windows Server 2012

Azure Recovery Services includes a backup vault which you can use to store backups from your server. To backup a server you must install an agent to use within the management console to configure the items to protect. This topic describes installing the Azure Backup Agent used with Windows Server.

In this document

Installing the Azure Backup Agent requires the following:

  • Windows Identity Framework

  • Windows PowerShell

The Azure Backup Agent is an add-on that can be installed on servers running either Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 SP1. There is also an extension for customers that are running that is installed separately. The Azure Backup Agent provides the MMC snap-in user interface to use when scheduling backups and recovering content. It also installs the online backup cmdlets for Windows PowerShell.

  1. The easiest way to download the Azure Backup Agent is to go to the Azure Management Portal.

  2. Sign in to your account.

  3. Click Recovery Services. If you have already created a backup vault click the name of backup vault to view the vault dashboard. Otherwise, click New and Create a Backup Vault using the Quick Start wizard.

  4. Click Download Agent

  5. You will be presented with a dialog where you can choose which agent to download: Select the appropriate agent. You will be redirected to the Microsoft Download Center to download the agent software.

    1. Agent for Windows Server 2012 and System Center 2012 SP1 - Data Protection Manager

    2. Agent for Windows Server 2012 Essentials

    If you will be using Azure Backup with your DPM server, make sure to install the Update Roll up 2 for System Center Data Protection Manager SP1 before installing the Azure Backup Agent. For full details on this update, see Update Roll up 2 for System Center Data Protection Manager SP1. For more information about using Microsoft Azure Backup with Windows Server 2012 Essentials, see Windows Server 2012 Essentials.

  6. Click the Agent for Windows Server 2012 and System Center 2012 SP1 - Data Protection Manager link to go to the download location for the Azure Backup Agent.

  7. Download the Azure Backup Agent. Take note of the location where you downloaded the WABInstaller.exe file. Once the agent is installed you can use the appropriate local management interface (such as the Microsoft Management Console snap-in, System Center Data Protection Manager Console, or Windows Server Essentials Dashboard) to configure the backup policy for the server.

    If your server is running Windows Server 2012 Essentials, see Install Azure Backup Agent for Windows Server 2012 Essentials

If the prerequisite software listed previously is not already installed on your server, it will be installed and enabled as part of the Azure Backup Agent installation. In addition, the server on which you install the Azure Backup Agent should have at least enough local free storage space for cache location, which should be estimated at 10 percent of the amount of data to be backed up.

To install the Azure Backup Agent, run the installer, WABInstaller.exe. The installer does not require a reboot for the installation to complete in most cases. Administrative permissions are required to install Azure Backup Agent. If you will be installing Azure Backup Agent on multiple servers, you can place the installer file on a shared network location, or you can use Group Policy or management products such as Microsoft System Center Configuration Manager to perform the installation.

Using Microsoft Azure Backup does not require that you install Windows Server Backup. However, the two backup methods complement each other. Windows Server Backup can perform tasks such as bare metal and system state restores, which are not available by using Microsoft Azure Backup.

To complete the installation by using the command-line interface, see the Command line installation section.

  1. Sign in to your server using a local computer administrator account, and then run WABInstaller.exe.

  2. The Supplemental Notice for the Service is displayed. Click I accept the service agreement terms and conditions, and then click OK to continue the installation.

  3. The Prerequisites Check page is displayed and any missing prerequisite software is selected for installation. Click Next to approve the installation of the prerequisite software and continue the installation.

  4. The Installation Settings page is displayed. On this page, you choose the Installation Folder and Cache Location for Microsoft Azure Backup. By default the installation folder will be <system drive>:\Program Files\Azure Backup Agent. If you click Browse you can navigate and choose a new location in which to create the Azure Backup folder.

    By default the cache location folder will be <system drive>:\Program Files\Azure Backup Agent. In the cache location, the installation process will create a folder named Scratch within the Azure Backup Agent folder. The cache location should have free space equivalent to 10 percent of the amount of data that will be backed up. For example, if you were to use Microsoft Azure Backup to back up 500GB of data you should allocate approximately 50GB of free space for the Scratch folder. Only local system administrators and members of the Administrators group have access to the Scratch folder to prevent denial-of-service attacks. Click Install when you have identified the folders that you want the Azure Backup Agent to use.

    If you are reinstalling Azure Backup Agent, using the same cache location as the previous installation is recommended.

  5. If you have not enabled automatic updates on your server, the Microsoft Update Opt-In page is displayed to give you the opportunity to enable Microsoft Update. The Microsoft Update settings are for all Microsoft product updates, and they are not exclusive to the Azure Backup Agent. Click Next to continue.

  6. The Installation page is displayed. A progress indicator displays when the installation begins and shows the progress of the installation. When the installation is complete, you will receive a message that the Azure Backup Agent was installed successfully. At this point, you can choose to check for updates. It is recommended that you allow the updates check to occur.

  7. Click Finish. If you selected to check for updates, Internet Explorer will automatically start and the updates check will be performed. After any updates have been installed, you are ready to start configuring Azure Backup Agent.

At this point you can start the Microsoft Azure Backup management console from the Start menu, the desktop icon, or within the Windows Server Backup MMC snap-in. Windows PowerShell cmdlets for Azure Backup have also been installed, so you can begin using Windows PowerShell to work with Microsoft Azure Backup.

  1. Open a command prompt with administrator privileges.

  2. Navigate to the location where you downloaded the installer file.

  3. Type wabinstaller.exe, and then append option parameters as appropriate for your environment. The option parameters are as follows:

    If no parameters are supplied, all default values are used to complete the installation.

    • /q   Quiet installation. No further prompts will be shown. Any parameters not specified will use the default values.

      Example: wabinstaller.exe /q

    • /p:<location>   Type the path to the location of the installation folder that you want Microsoft Azure Backup to use. If this parameter is not specified, the installation folder will be <systemdrive>:\Program Files\Azure Backup Agent.

      Example: wabinstaller.exe /p:"D:\installlocation"

    • /s:<location>   Type the path to the folder that you want to use for the cache location (scratch folder). If this parameter is not specified, the cache location folder will be <systemdrive>:\Program Files\Azure Backup Agent\Scratch.

      Example: wabinstaller.exe /s:"D:\scratchpath"

    • /m   This parameter is used to opt-in to Microsoft Update and enable automatic updates. If this parameter is not specified the Automatic Updates setting on the server will not be changed.

    • /nu   This parameter causes the server to not check for updates after installation is complete. If this parameter is not specified, a check for updates will occur automatically after installation is complete.

    • /d   Removes Azure Backup Agent from the server.

Before you can use Azure Backup you must upload a public certificate to identify the backup vault. The private certificate must be installed in the certificate store of the server that you are going to protect with Azure Backup

To prepare the certificate

To successfully register a server you must have an X.509 v3 certificate to register your servers with Recovery Services vaults. The certificate must have a key length of at least 2048 bits and should reside in the Personal certificate store of your Local Computer. When the certificate is installed on your server, it should contain the private key of the certificate. To upload to the certificate to the Azure Management Portal, you must export the public key as a .cer format file.

You can either use:

  • Your own self-signed certificate created using makecert tool, or

  • Any valid SSL certificate issued by a Certification Authority (CA) that is trusted by Microsoft and whose root certificates are distributed via the Microsoft Root Certificate Program. For more information about this program see http://support.microsoft.com/kb/931125.

Some other attributes which you need to ensure on the certificates are:

  • Has a valid ClientAuthentication EKU

  • Is currently valid with a validity period that does not exceed 3 years

To use your own self-signed certificate, follow these steps:

  1. Download the Windows Software Development Kit (SDK) for Windows 8 to obtain the Certificate Creation Tool (makecert.exe).

    Makecert.exe is included in the .NET Framework 4.5 Software Development Kit option. You can install only that part of the SDK to reduce the amount of space required.

  2. Open Command Prompt (cmd.exe) with Administrator privileges and run the following command, replacing CertificateName with the name of your certificate and endofvalidityperiod with the expiration date of the certificate in mm/dd/yyyy format: makecert.exe -r -pe -n CN=<CertificateName> -ss my -sr localmachine -eku  -e <endofvalidityperiod>  -len 2048 "<CertificateName>.cer"

    See MakeCert for more details about the parameters supported by this tool.

If you will be registering a different server than the one you used to make the certificate, you need to export the .pfx file (that contains the private key), copy it to the other server and import it to that server’s Personal certificate store.

  1. From the Start screen type mmc.exe to start the Microsoft Management Console.

  2. On the File menu, click Add/Remove Snap-in. The Add or Remove Snap-ins dialog box appears.

  3. In Available snap-ins, click Certificates, and then click Add.

  4. Select Computer account, and then click Next.

  5. Select Local computer, and then click Finish.

  6. In the Microsoft Management Console, in the console tree, expand Certificates, and then expand Personal.

  7. In the details pane, click the certificate you want to manage.

  8. On the Action menu, point to All Tasks, and then click Export. The Certificate Export Wizard appears. Click Next.

  9. On the Export Private Key page, click Yes, export the private key. Click Next.

  10. On the Export File Format page, select Personal Information Exchange – PKCS #12 (.PFX). Click Next.

  11. On the Password page, type and confirm the password that is used to encrypt the private key. Click Next.

  12. Follow the pages of the wizard to export the certificate in PFX format.

  1. Copy the private-key (.pfx) certificate files to a location on the local server.

  2. From the Start screen, type mmc.exe, and then press Enter to open the Microsoft Management Console.

  3. In Microsoft Management Console, on the File menu, click Add/Remove Snap-in.

  4. In the Add/Remove Snap-in dialog box, select Certificates and then click Add.

  5. The Certificate snap-in dialog will open, select Computer account and click Next.

  6. Select Local Computer and click Finish.

  7. You are returned to the Add/Remove Snap-in dialog box, click OK.

  8. In the Microsoft Management Console, expand Certificates, right-click Personal, point to All Tasks, and then click Import to start the Certificate Import Wizard.

  9. On the Certificate Import Wizard Welcome page, click Next.

  10. On the File to Import page, click Browse and locate the folder that contains the .pfx certificate file that contains the certificate that you want to import. Select the appropriate file, and then click Open.

  11. On the Password page, in the Password box, type the password for the private-key file that you specified in the previous procedure and then click Next.

  12. On the Certificate Store page, select Place all certificates in the following store, click Browse, select the Personal store, click OK, and then click Next.

  13. On the Completing the Certificate Import Wizard page, click Finish.

  1. Sign in to the Management Portal.

  2. Click Recovery Services, then click the name of backup vault that will be identified by the certificate and then click Manage certificate.

  3. From the Manage Certificate dialog box, select Browse your computer and locate the public certificate you want to upload.

  4. Select the check mark to start the upload process.

Once the certificate has been successfully uploaded the certificate thumbprint and expiration date with be displayed on the dashboard. At this point you are now ready to use the Azure Backup Agent to register your server with the backup vault. Continue on to the Register Servers with Azure Backup scenario.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2014 Microsoft