Export (0) Print
Expand All

Install the DPM protection agent

Updated: January 12, 2015

Applies To: System Center 2012 - Data Protection Manager, System Center 2012 R2 Data Protection Manager, System Center 2012 SP1 - Data Protection Manager

You install the Protection Agent on computers and servers you want to protect using the Protect Agent Installation Wizard to install protection agents that are located outside of a firewall, and you can manually install protection agents on computers that are located behind a firewall, or that are located in a workgroup or a domain that does not have a two-way trust relationship with the domain that the System Center 2012 – Data Protection Manager (DPM) server is located in. After you install a protection agent manually, you then need to attach the agent in DPM Administrator Console to enable protection. To install protection agents on computers that are located behind a firewall, see Install the agent on a computer behind a firewall. To install protection agents on computers that are in a workgroup or a domain that does not have a two-way trust relationship with the domain that the DPM server is located in, see Install the agent on a computer in a workgroup or untrusted domain.

  • Install the Protection Agent from the DPM console—Use this procedure to install the agent on computer outside a firewall or on a computer on which the firewall can be modified by the procedure to allow communication between the agent and the DPM server.

  • Install the Protection Agent manually—Use this procedure if the computer is behind a firewall thats block traffic between the agent and the DPM server, or if you encounter network or permission related issues.

  • Install the Protection Agent on computers in a workgroup on untrusted domain—In this scenario you’ll need to configure a certificate for authentication purposes and then install the agent. For more information see Protect computers in workgroups and untrusted domains.

  • Install the Protection Agent on a RODC— You can install the agent on a read-only domain controller (RODC). Note that if a firewall is enabled on the RODC, you must either turn the firewall off or run the following commands before installing the agent.

  • Install the Protection Agent using a server image— You can use a server image to install a protection agent without specifying the DPM server by using DPMAgentInstaller.exe. After the image is applied to the computer and the computer is brought online, you run SetDpmServer.exe to complete the configuration and create the firewall exceptions.

Install the Protection Agent from the DPM console
  1. In DPM Administrator Console, click Management > Agents. Click Install on the tool ribbon to open the Protection Agent Installation Wizard.

  2. On the Select Agent Deployment Method page, click Install agents > Next.

  3. On the Select Computers page, DPM displays a list of available computers that are in the same domain as the DPM server. Add the required computer.

    • The first time you use the wizard DPM queries Active Directory to get a list of available computers. After the first installation, DPM stores the list of computers in its database, which is updated once each day by the auto-discovery process.

    • To find a computer in another domain that has a two-way trust relationship with the domain that the DPM server is located in, you must type the fully qualified domain name of the computer that you want to protect (for example, <Computer1>.Domain1.contoso.com, where Computer1 is the name of the computer that you want to protect, and Domain1.contosa.com is the domain to which the target computer belongs.

    • The Advanced button page is enabled only when there is more than one version of a protection agent available for installation on the computers. You can use this option to install a previous version of the protection agent that was installed before you upgraded DPM server to a more recent version.

  4. On the Enter Credentials page, type the user name and password for a domain account that is a member of the local Administrators group on all selected computers.

    • In the Domain box, accept or type the domain name of the user account that you are using to install the protection agent on the target computer. This account may belong to the domain that the DPM server is located in or to a domain that has a two-way trust relationship with the domain that the DPM server is located in.

    • If you’re installing a protection agent on a computer across a trusted domain, enter your current domain user credentials. You can be a member of any domain that has a two-way trust relationship with the domain that the DPM server and you must be member of the local Administrators group on all selected computers on which you want to install an agent.

    • If you select a node in a cluster, DPM detects all additional nodes in the cluster and displays the Select Cluster Nodes page.

  5. On the Select Cluster Nodes page, select an option that you want DPM to use for installing agents on additional nodes in the cluster, and then click Next.

  6. On the Choose Restart Method page, select the method to use to restart the selected computers after the protection agent is installed. The computer must be restarted before you can start protecting data. A restart is necessary to load the volume filter that DPM uses to track and transfer block-level changes between DPM server and the protected computers.

    • If you select to restart the computers later the protection agent installation status iisn’t automatically refreshed on the Agents tab in the Management task area after the computer restart, and you’ll need to click Refresh Information.

    • Note that you don’t need to restart the computer if you are installing a protection agent on another DPM server.

    • If any of the computers that you selected are nodes in a cluster, an additional Choose Restart Method page appears that you can use to select the method to restart the clustered computers. You’ll need to install a protection agent on all nodes in a cluster to successfully protect the clustered data. The computers must be restarted before you can start protecting data. Because of the time required to start services, it might take a few minutes after a restart before DPM can contact the agent on the cluster.

    • DPM will not automatically restart a computer that belongs to a Microsoft Cluster Server (MSCS) cluster. You must manually restart computers in an MSCS cluster.

  7. On the Summary page, click Install to begin the installation. If the EULA appears accept it for installation to start. On the Task tab of the Installation page you can see whether the installation is successful. You can click Close before the wizard is finished and monitor the installation progress in Agents tab in the Management task area. If the installation is unsuccessful, you can view the alerts in the Monitoring task area on the Alerts tab.

    Note that after you install a protection agent on a computer that is part of a Windows SharePoint Services farm, each of the computers in the farm will not appear as protected computers on the Agents tab in the Management task area, only the computer that you selected. However, if the Windows SharePoint Services farm has data on the selected computer, DPM protects the data on all of the computers in the farm, provided all of them have the protection agent installed.

Install the Protection Agent manually
  1. If you’ll installing the agent on a computer behind a firewall, run the following command on the computer before you begin the protection agent installation, to make sure that the agent can be pushed out through the firewall: netsh advfirewall firewall add rule name="Allow DPM Remote Agent Push" dir=in action=allow service=any enable=yes profile=any remoteip=<IPAddress>, Where IPAddress is the address of the DPM server.

  2. On the computer that you want to protect, open an elevated Command Prompt window, and then run the following commands:

    To assign a drive letter, type: net use Z: \\<DPMServerName>\c$
    where Z is the local drive letter that you want to assign and <DPMServerName> is the name of the DPM server that will protect the computer.

    To change the directory, do the following:

    • For a 64-bit computer type cd /d <assigned drive letter>:\Program Files\Microsoft DPM\DPM\ProtectionAgents\RA\3.0.<build number>.0\amd64 where <assigned drive letter> is the drive letter that you assigned in the previous step and <build number> is the latest DPM build number. For example: cd /d X:\Program Files\Microsoft DPM\DPM\ProtectionAgents\RA\3.0.7696.0\amd64

    • For a 32-bit computer type: cd /d <assigned drive letter>:\Program Files\Microsoft DPM\DPM\ProtectionAgents\RA\3.0.<build number>.0\i386
      where <assigned drive letter> is the drive that you mapped in the previous step and <build number> is the latest DPM build number.

  3. To install the protection agent open an elevated Command Prompt window, and then run one of the following commands:

    • For a 64-bit computer type: DpmAgentInstaller_x64.exe <DPMServerName>
      where <DPMServerName> is the fully qualified domain name (FQDN) of the DPM server.For example: DPMAgentInstaller_x64.exe DPMserver1.contoso.com



    • For a 32-bit computer type: DpmAgentInstaller_x86.exe <DPMServerName>
      where <DPMServerName> is the fully qualified domain name of the DPM server.

    Note that:

    • To perform a silent installation, you can use the /q option after the DpmAgentInstaller_x64.exe command.For example: DpmAgentInstaller_x64.exe /q <DPMServerName>

    • To accept the EULA manually in a silent installation use DpmAgentInstaller_x64.exe /q <DPMServerName> /IAcceptEULA

    • If you specify a DPM server name in the command line, it installs the protection agent, and automatically configures the security accounts, permissions, and firewall exceptions necessary for the agent to communicate with the specified DPM server. If you didn’t specify a server name, open an elevated Command Prompt on the targeted computer and do the following:

      1. To change the directory type: cd /d <system drive>:\Program Files\Microsoft Data Protection Manager\DPM\bin

      2. Type: SetDpmServer.exe –dpmServerName <DPMServerName>. This configure security accounts, permissions, and firewall exceptions for the agent to communicate with the server.

  4. If you added the computer to the DPM server before you installed the agent, the DPM server begins to create backups for the protected computer. If you installed the agent before you added the computer to the DPM server, you must attach the computer before the DPM server begins to create backups. See Attach the DPM protection agent.

Install the Protection Agent on a RODC
  1. Either turn the firewall off on the RODC or runs the following commands on the RODC before you install the agent:

    • netsh advfirewall firewall set rule group="@FirewallAPI.dll,-29502" new enable=yes

    • netsh advfirewall firewall set rule group="@FirewallAPI.dll,-34251" new enable=yes

    • netsh advfirewall firewall add rule name=dpmra dir=in program="%PROGRAMFILES%\Microsoft Data Protection Manager\DPM\bin\DPMRA.exe" profile=Any action=allow

    • netsh advfirewall firewall add rule name=DPMRA_DCOM_135 dir=in action=allow  protocol=TCP localport=135 profile=Any

  2. On the primary domain controller, create and then populate the following security groups, where the protected server name is the name of the RODC on which you plan to install the protection agent:

    • Create a security group named DPMRADCOMTRUSTEDMACHINES$PSNAME, and then add the DPM server machine account as a member.

    • Create a security group named DPMRADMTRUSTEDMACHINES$PSNAME, and then add the DPM server machine account as a member.

    • Add the DPM server machine account as a member of the Builtin\Distributed Com Users security group.

  3. Ensure that the security groups that you created earlier have replicated on the RODC. Then Install the protection agent on the RODC.

  4. On the DPM server, perform the following steps to grant launch and activation permissions for the DPMRA service:

    1. Open DPM Management Shell, and then run the command dcomcnfg.exe.

      The Component Services window opens.

    2. In the Component Services window, expand Computers, expand My Computer, right-click the DPMRA service, and then click Properties.

    3. Click General, and then set the Authentication Level to Default.

    4. Click Location, and then ensure that only Run application on this computer is selected.

    5. Under Launch and Activation Permissions, select Customize, and then click Edit to open the Launch Permission dialog box.

    6. In the Launch Permission dialog box, assign permissions for Local Launch, Remote Launch, Local Activation, and Remote Activation for the DPM server machine account.

    7. Click OK to close the dialog box.

    8. Navigate to <drive letter>:\Program Files\Microsoft DPM\DPM\setup, copy the following files to the RODC at <drive letter>:\Program Files\Microsoft DPM\DPM\setup.

      • setagentcfg.exe

      • traceprovider.dll

      • LKRhDPM.dll

  5. On the RODC, from an elevated command prompt, run the command setagentcfg.exe a DPMRA domain\DPMserver from the location that you specified in the previous step (<drive letter>:\Program Files\Microsoft DPM\DPM\setup).

  6. Attach the protection agent to the DPM server. See Attach the DPM protection agent.

Install the Protection Agent using a server image
  1. On the computer on which you want to install the protection agent, at a command prompt, type DpmAgentInstaller.exe.

  2. Apply the server image to a physical computer, and then bring the computer online.

  3. Join the computer to a domain, and then log on with a domain user account that is a member of the local Administrators group.

  4. At a command prompt, go to cd <system drive letter>:\Program Files\Microsoft Data Protection Manager\bin, and run SetDpmServer.exe <dpm server name>.

    Specify the fully qualified domain name (FQDN) for the DPM server. For the protected computer’s domain or for unique computer names across domains, specify only the computer name.

    ImportantImportant
    You must run SetDpmServer.exe from <drive letter>:\Program Files\Microsoft Data Protection Manager\bin. If you run the program from any other location, the operation will fail.

  5. Attach the agent. See Attach the DPM protection agent.

-----
For additional resources, see Information and Support for System Center 2012.

Tip: Use this query to find online documentation in the TechNet Library for System Center 2012. For instructions and examples, see Search the System Center 2012 Documentation Library.
-----
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2015 Microsoft