Wednesday, November 25, 2009

DPM 2010: Client Based Protection

During Teched 2009 in Berlin we where able to see and learn more on the next release of DPM. One of the features that Microsoft has put a lot of effort in is the client based protection.
In the 2007 release of DPM you could also protect clients, but that actually only works for “well connected” workstations. Machines switched off (or taken out of the network) will fail and flutter the DPM console with error messages.
The client based protection in DPM 2010 has been completely redesigned. With DPM 2010 clients are supported within the network, through VPN and even offline. Clients on the network or connected through VPN store their data on the DPM server. Restores can be done from the DPM server, using previous version in Explorer or the Office plug-in (image 10).
Clients offline, in an airplane for example, are also protected using a local back-up cache directory on their system. These clients can even do a restore when their on the road. When these clients connects to the network, the local cache is written to the DPM server. (local snapshots are not available on XP clients)
Offline clients will not generate loads of errors on the DPM server (like in DPM 2007) Only when a client has not connected to the DPM server for 14 days (default value\image 6) a warning will be displayed.

First step is to install the agent on the client, this process is a little different then for a server . You can use SCCM (System Center Configuration Manager) to install the agents, or do a manual installation. When the Windows Firewall is running you will need the tool SetDPMserver.exe to make the correct exclusions. You do not have to attach the agents in the DPM console like with other manual installations, this will be done automaticity when you create the protection group
Next step is to create a new protection group, the image below shows the option to create a server or a client based protection group. In this case we select the client bases protection group. 
clients
Image 1: Create new protection group

Now it’s time to select the members, the clients you will protected.
select members
Image 2: Select protection group members

The DPM Administrator can select which data on the clients should be protected. This can be done on the Specify inclusions and Exclusions page. This is a rule base selection on volumes or folders, with the option include or exclude.  The DPM Administrator can also allow/deny the user to add additional folders to protect. Under File type exclusions specify the file types to exclude using file extensions.
select data
Image 3: Select files to include or exclude 

Protecting client computers can consume a lot of storage on your DPM server. Therefore you can limit the amount of disks available per protected client
select allocation 
Image 5: Specify storage space

In the screen below you specify the protection details. How long should data be kept on the DPM server, How often should data be replicated from the client to the DPM server, how many days can a client be disconnected before an alert is generated,
select retention
Image 6: Specify retention time

The DPM administrative console shows the protection status (from an administrative point of view)
protection overview
Image 7: Protection group status

On the Client computer a new icon is available in the notification area.  When activated with the mouse this icon shows the DPM synchronization status. The following information is showed when you click on the icon; the Summary tab allows users to check their protection status. How many files are protected, what is the current synchronization status, when was the last synchronization, when is the next.
image image
Image 8: User GUI; protection status

The Protection items tab; When the Administrator allows it, the users can add additional directories to protect
 client_side_selection
Image 9: User GUI; specify additional directories

With DPM 2010 allows users to recover data items from client computers. Restores can be done directly from explorer, with the option Restore previous version.
image
Image 10: Previous version restore

The list will include files that are saved on the DPM server as well as local recovery points,
image
Image 11: Available previous versions

Specifications:

  • Support up-to a 1000 clients per DPM server
  • Support for Windows XP sp2*, Windows Vista and Windows 7
  • DPM supports the following VPN protocols (PPTP,SSTP,L2TP)

*The end-user restore feature is not enabled on Windows XP

Conclusion: Client protection in DPM 2010 gives administrators and users a lot of new options to protect their client data. to be continued

Enable End-User Recover in DPM fails

When you want to enable End-User Recovery on a DPM servers run Windows 2008, you will probably run into an error

To enable End_user recovery you should click on the recovery tab and then under actions  click on “Configure end-user recovery” and click Configure Active Directory"

This will result in an error: “Active Directory could not be configured because the Active Directory domain could not be found. Make sure that the domain name is properly constructed. The following example shows a properly constructed domain name: city.corp.company.com” 

image

The reason is the way the security of Windows 2008 is configured

The workaround is to use the DPMADSchemaExtension.exe tool, located in C:\program files\Microsoft DPM\DPM\End User Recovery. In order to run this tool logon to a domain controller map to the directory above and run DPMADSchemaExtension.exe.

  1. Enter Data Protection Manager Computer Name –> Enter here the DPM server name : Note: this is not the FQDN name of the server, but just the server name.
  2. Enter Data Protection Manager Server domain name –> Enter here your domain name. Note: This will be the FQDN domain name so if your domain is yourdomain.local enter yourdomain.local
  3. Enter Protected Computer Domain Name –> This field can be left blank if the DPM server is in the same domain as the Domain Controller that owns the Schema master role.
  4. Click OK on the next to Information screens
  5. On the DPM server open the DPM 2007 Administrative Console, select the recovery tab and then under actions  click on “Configure end-user recovery”  Notice that the configure active directory button is grayed out and that you can place a check mark in the “Enable end-user recovery” check mark button.
  6. You will get a warning telling you that you must wait for a synchronization to take place before the setting change takes effect. Click OK

 

The information in this post is taken from the source below (Keith Hill). I was only able to find the result in the Google cache therefore I recreated this document.

Source: http://209.85.229.132/search?q=cache:sOz_ZPThi7AJ:blogs.technet.com/askcore/archive/2008/06/29/dpm-how-to-enable-end-user-recovery-using-windows-2008-server.aspx+dpm+end+user+recovery+schema&cd=3&hl=en&ct=clnk&gl=nl

Tuesday, November 17, 2009

Disaster recovery using P2V and DPM

One of the interactive sessions on Teched Berlin was about Virtualization and Data Protection Manager. The disaster recovery section of the session had very interesting point of view on using P2V migration and DPM as a disaster recovery scenario. 

A fully virtualized environment will make a disaster recovery scenario a lot easier. You just backup/snap-shot the virtual machines (VHD files and configuration) and when your host dies you just restore them to another Hyper-V host and your back in business.

What about when you have still some physical machines in your environment?

You can use a Bare Metal restore (BMR), but there are some implications with it.

clip_image002

  • First of all you need to have sufficient physical hardware for this. This might not be a problem when you’re planning for a single server failure. This is most likely not an option when you’re planning for a larger (Datacenter) outage. In this case you should have a lot of server on stock just waiting for a failure to happen.
  • The second downside is that for a Bare Metal Restore you need to have, as much as possible, identical hardware. For older servers this might be challenging.
  • Last point is the recovery time needed when doing a BMR. BMR’s can be time consuming, time in which your users will experience a service interruption.

So what alternatives do we have?

Assuming you have also a virtual environment available,

Preparation  Steps

  • Make a Physical to Virtual Migration (P2V) of the machine you want to protect
  • Leave this guest turned off on the Hyper-V machine you migrated it to
  • Make daily data and system state backups of the physical server

You now have an offline virtual machine, with the correct drivers stand-by.

Recovery Steps

When the physical server fails you can activate the offline Virtual machine using the following steps

  • When the physical server is down; Start the Virtual –copy- of the machine
  • Restore the latest data using data protection manager to this virtual machine.

image

Notes:

  • Because of the use of the p2v tool, all correct drivers are on the virtual machine
  • The computer account of the virtual machine could be expired, in this case you need to reset the computer account
  • Make sure you know the local admin account and password of the machine
  • The start of the Virtual Machine could created as a SCOM recovery task
  • The restore of the data with DPM can be scripted with Powershell
  • You need to keep the system state of the physical machine, in case you want to go back to the physical server.

Based on the presentation Data Protection Manager and virtualization better together presentation during Tech-ed Berlin 2009.

 

Checks Mike’s post for more info an some interesting questions

Sunday, November 15, 2009

DPM tip of the day (1)

If your planning a new DPM 2007 implementation these days make sure you go for the x64 version on Windows 2008 or Windows 2008 R2.
Doing this your are ready for a in place upgrade to the next version DPM 2010. Data Protection manager 2010 will only come in a 64 bits version running on Windows 2008 or Windows 2008 R2.
The agents will still be available for 32 bits systems :-)

Thursday, November 12, 2009

DPM 2010: Release date

Nothing official yet, but during Teched in Berlin, we got estimated release date for The Release candidate and the RTM

image

Wednesday, November 4, 2009

DPM 2010: Exchange 2010 DAG Support

For C2ict, the company I work for, we have implemented the DPM 2010 beta. To get familiar with all the new features of DPM 2010, but more importantly because DPM 2010 supports the Exchange 2010 Database Availability Group). C2ict joined the TAP for Exchange 2010 and therefore also requires a backup solution for Exchange 2010. During the TAP we used a special build of DPM2007 that was able to protected the Exchange 2010 database, unfortunately this build was not DAG aware.
A good reason to switch to the DPM 2010 beta.

In the picture below you see how to select the Exchange 2010 databases. When creating a new protection group, you will find the name of your DAG on the select Group members TAB. Here you select the database to protect.

clip_image002

At this point you should have copied the ESEUTIL and the supporting DLL from your Exchange server to the DPM server. Just as in DPM 2007, we can use the DPM server to run eseutil data integrity checks. For Exchange 2010 DAG it is recommenced to do this only for the log files. (Need to get more familiar with Exchange 2010 to figure out why)

clip_image002[7]

When protecting multiple copies of the same database (within a DAG), you should make a Full backup of only one copy of the database and a copy backup of the other database. This because a Full backup of one copy of the database will also clean-up the logs for the other copies.

clip_image002[9]

These are the Exchange 2010 specific steps for creating a protection group.

More info:
Exchange Server 2010 Backup and Restore SDK
Changes to Backup and Restore in Exchange 2010
Single Item Recovery in Exchange Server 2010

Monday, November 2, 2009

Windows 2008 (R2) system state fails due to . . .

I have been troubleshooting a issue with a failing System State backup on 2 Windows 2008 R2 servers. These two servers both run Exchange 2010.
The DAG backup with DPM 2010 works perfect, but the system State keeps failing with this error in the application log.
--------------------------------------------
Log Name:      Application
Source:        Microsoft-Windows-Backup
Date:          2-11-2009 17:36:18
Event ID:      521
Task Category: None
Level:         Error
Keywords:     
User:          SYSTEM
Computer:      <server_name>
Description:
Backup started at '2-11-2009 16:36:13' failed as Volume Shadow copy operation failed for backup volumes with following error code '2155348129'. Please rerun backup once issue is resolved.
--------------------------------------------

According to some Forum post the error code '2155348129' may be caused by the incorrect Active volume. (When a OEM Partition is the active partition instant of the system partition) 
http://social.technet.microsoft.com/forums/en-US/winserverfiles/thread/d5daada2-b78b-4935-bd9e-80726c26c4a8/ 

But this is not the case here.

A closer look in the application log shows a second error for the Forefront Vss writter:
--------------------------------------------
Log Name:      Application
Source:        FSCVSSWriter
Date:          2-11-2009 17:36:17
Event ID:      11003
Task Category: (11)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      <server_name>
Description:
Microsoft Forefront Protection VSS Writer failed when preparing for backup. Writer instance: FSCVSSWriter Error code: 0x00000000
Event Xml:
--------------------------------------------

Workaround:
I found a workaround With a little help of this post


-> Disable the Forefront Protection VSS Writer in the service Panel

image

In the same post is also an issue with the SQL VSS\Hyper-V writer mentioned as cause.

Friday, October 30, 2009

DPM 2010 and OCS front-end protection

Tom Pacyk wrote a post in 3 parts on protecting and recovering the OCS front-end server role with DPM 2010

Quote: “The goal of this series is to demonstrate how to recover your OCS Front-End’s RTC database in the event of a disaster where your database or disk hosting the RTC database has become corrupted. Or maybe you’ve recovered a server’s installation and configuration, but now need to recover the user information. I’m going to do this in 3 different parts: backing up, destroying, recovering.”

Your OCS Front-End and DPM 2010 Part 1- Backup
Your OCS Front-End and DPM 2010 Part 2- Destruction
Your OCS Front-End and DPM 2010 Part 3- Recovery

Link to Tom’s Blog: http://www.confusedamused.com/

Thursday, October 29, 2009

SharePoint protection failed

DPM can be used to protected Microsoft Office SharePoint 2007 or Windows SharePoint Services 3.0. DPM used the SharePoint VSS writer for this Protection. More details in the post SharePoint Protection with DPM

To provide the DPMRA agent with the necessary permissions to protect SharePoint, you need to run the ConfigureSharepoint.exe tool. This utility configures the WSS Writer service and any associated services with the correct credentials required to access the farm for backup and recovery purposes.

This works like a charm in most environments. However in some highly secured domains you can run in to issues. When a Group Policy overwrites the required permissions, the protection will fail.

In this case you will see errors like below.

Error on the DPM Server:
------------------------------------------------------------------------------------
Recovery point creation jobs for Shared Services Provider SSP_Database_server_name\Instance\database_name on SharePoint front-end_server_name  have been failing. The number of failed recovery point creation jobs = 4.
If the datasource protected is SharePoint, then click on the Error Details to view the list of databases for which recovery point creation failed.  (ID 3114)

An unexpected error occurred during job execution. (ID 104 Details: The server process could not be started because the configured identity is incorrect. Check the username and password (0x8000401A))
------------------------------------------------------------------------------------

Error in the application log of the WFE (SharePoint Front-end):

Event Type:    Error
Event Source:    DCOM
Event Category:    None
Event ID:    10004
Date:        29-10-2009
Time:        10:05:04
User:        N/A
Computer:    <WFE server>
Description: DCOM got error "Logon failure: the user has not been granted the requested logon type at this computer. " and was unable to logon <domain>\<configuration account> in order to run the server:
{E95EF0B1-D0E3-45D9-B699-8B37F068CF25}
------------------------------------------------------------------------------------

This can be related to Log on as a batch job permission that should be assigned to the account you specified when running the ConfigureSharePoint.exe command.
image

This right is set by the ConfigureSharepoint.exe –EnableSharePointProtection command. Make sure this right is not overwiten by your security (Group) policies.

Monday, October 26, 2009

SharePoint Protection with DPM

I’m not the first one to blog about this. But I’m just very impressed with the great documentation available on the Microsoft weblog about protecting and recovering SharePoint (MOSS)

 image

I Just had to share it with you:
DPM and SharePoint - Part 1 - A love/love relationship
DPM and SharePoint - Part 2 - How does DPM protect SharePoint data?
DPM and SharePoint - Part 3 - How does DPM restore SharePoint data?
DPM and SharePoint - Part 4 - Why do I get this error?

Saturday, October 24, 2009

DPM 2010: Jason Buffington on Protecting Exchange 2010

Jason talks with Leslie Kitz (also in the System Center team) about how DPM 2010 adds to what Exchange 2010 does for data protection and availability.  After that a quick demo!
Check it out on Nexus SC: The System Center Team Blog

Thanks Marnix

Wednesday, October 7, 2009

Tape library inventory using Powershell

The command to start a fast or detailed inventory using Powershell is not to difficult, the trick is to get the correct name for the tape library.
In the example below we use an additional Powershell command to read the Library name in to a variable.  

First we need to list all tape libraries attached to the DPM server. When you have a Tape library attached, you might see the drive listed as well. Note the order the tape libraries are listed.
(replace dpm01 with the name of your DPM server)

PS > get-dpmlibrary -DPMServerName dpm01

Name                                     Drives                   Slots          I/E ports
----                                     ------                   -----               ---------
Stand-alone Drive: I...                       1                    0                 0          #0
Library: Library1                             2                      23                1          #1

Now we read the library details in to the variable $DPMlib
(replace dpm01 with the name of your DPM server)

$dpmlib = get-dpmlibrary -DPMServerName dpm01

Using the information collected with the first command we now can start the inventory. The number added to the $DPMlib variable is the order number in which the library is listed, start counting with 0. In this example, the number 1.

Fast inventory:

PS > Start-DPMLibraryInventory -DpmLibrary $dpmlib[1]

JobCategory                        Status                             HasCompleted
-----------                             ------                                  ------------
FastInventory                      Scheduled                            False

Detailed inventory:

PS > Start-DPMLibraryInventory -DetailedInventory -DpmLibrary $dpmlib[1]

JobCategory                        Status                                  HasCompleted
-----------                             ------                                  ------------
DetailedInventory                Scheduled                               False

When you use it in a script it will look like this

$dpmlib = get-dpmlibrary -DPMServerName dpm01
Start-DPMLibraryInventory -DpmLibrary $dpmlib[1]

Tuesday, October 6, 2009

Migrate protection data

There are some cases you might need to migrate your protection data to a new disk. DPM Sp1is shipped with a Powershell script that allows you to migrate your protection data to new storage.
For this you need to follow these steps:

First get a list of disks attached to your DPM server; pay attention to the order the disks are listed 

Start the DPM Management Shell

PS> get-dpmdisk –dpmservername DPM01

Name          Status            NtDiskId Total Capaci Unallocated  Type
                                                   ty        Space
----          ------            -------- ------------ ------------ ----
COMPAQ MSA... Healthy               3       732 GB       582 GB Basic          #0
COMPAQ MSA... Healthy               4       732 GB       582 GB Basic          #1
VMware Vir... Healthy               1        50 GB        28 GB Basic               #2
VMware Vir... Healthy                2         5 GB         0 GB Basic                 #3

Read the disk order in to a variable ($disk)

PS > $disk = Get-DPMDisk -DPMServername dpm01

Now you can use the script MigrateDatasourceDataFromDPM.ps1. First find the disk number of the source disk, these numbers are not displayed when you use the get-dpmdisk command. Do not get fooled by the NTdiskID, you do not need those. You just need to count the disks listed starting with 0 (see red numbers in example). Now find the number for the destination disk using the same trick.

In the example below we like to migrate the data from disk 2 to disk 1

PS > ./MigrateDatasourceDataFromDPM.ps1 -DPMServerName dpm01 -Source $disk[2] -Destination $disk[1]

More options and examples can be found on Technet

Friday, October 2, 2009

DPM 2010: Some Friday afternoon screen shots

Just preformed the first DPM 2010 installation in a small test environment. First of all I need to say I’m very pleased with the documentation that is shipped the beta. The installation documents not only describes the basic installation of DPM 2010 on a clean system, but also various upgrade scenarios from DPM 2007. Beside the setup guide, there is also documentation for protecting Hyper-v, SharePoint item-Level recovery, SQL Server End User Recovery, client computer protection and many more.

The Operation System requirements for the DPM server have changed. Only the x64 versions of Windows 2008 and Windows 2008 R2 are supported. Windows 2003 is no longer supported.
SQL 2008 is the supported database, you can either use a remote SQL database or use the local instance delivered with the DPM installation

New is the option to Install DPM on a domain controller. This requires some additional configuration (mostly creating security groups and users).

I used Windows 2008 R2 (x64) for this installation. Using the R2 version of Windows 2008 makes the installation easier because Powershell 2.0 (one of the prerequisites) is already included in the Operation system. The installation is straight forward, one additional reboot is required when Windows Single Instance store (SiS) is not installed.

The DPM Administrator console starts when the installation is completed. A first look at the console shows a lot of similarity with the previous version, no big interface changes like in each new release of Microsoft office.

image 

But during a better look you will definitely shows find the changes. First of all the agent installation now includes an option to attach manual installed agents (behind firewall). You needed Powershell for this in the previous version.

image

When creating a new protection group or adding a member to an excising protection group you will notice two changes. First is the auto grow option for the protection volume. With this option the replica and recovery volume automatically grow when more space is required for protection. Second is the consistency check option. The GUI now includes an option to automatically start a consistency check when a replica is inconsistent. Both options will reduce the number of failed recovery point creations.

imageimage 

Last for this Friday afternoon is the Recover point status report. This is a direct link (on the protection tab) to a report that shows the recovery point status of the selected data sources.

image image

There is a lot more to tell … To be continued

Thursday, October 1, 2009

DPM 2010 Poll: The results

Together with the release of DPM 2010 beta also the the Poll “What should DPM v3 include ?” ended.  More coincidence than planning, anyhow the results are here!
First I like to thank everyone how took the time to vote, 121 votes were counted, which is more then I expected.

The results are show below, you will count more then 121 votes because one voter could select multiple options.

image

 

  1. Exchange single mail restore: DPM2007 restores the full mailbox store only
  2. Improved Tape backup support: Allow to configure in more detail when backups run.
  3. Support for None Microsoft OS/applications: In the 2007 release only applications that have a VSS writer available are supported.
  4. Protect none (trusted) domain servers: A machine in a none trusted domain or in a workgroup cannot be directly protected by DMP2007
  5. Management console on another computer: The graphical interface can only be installed on the DPM2007 server itself.
  6. Better SAN integration: Does the SAN integration need improvement
  7. Improved documentation: Is the documentation sufficient or should v3 include more/better documentation
  8. USB/Firewire storage support: There is no native support for backups to USB/Firewire disk.
  9. More standard reports: Are the reports of the current DPM version sufficient or should v3 include more reports


The big ‘winner’ in this poll is the Exchange single mail box restore. I can quite understand why this point score so ‘good’. According to my memory the initial marketing state something like “Single mail item restore without brick level backup” Which is technically correct, but does involve restore the full mailbox database and after that using Powershell to get the correct mail items. 
Another imported ‘winner’ is Improve tape support. This is also something I hear in the field, people struggle with configuring tape backup the way it reflex their business needs.

In the next weeks we will find out which of these suggestions are included in DPM 2010

Again thank you for taking the time to vote! Now it time to test the new DPM 2010 beta!!

Thursday, September 17, 2009

DPM 2010 (V3) Public beta

Microsoft has announced that the public beta for the next version of DPM will be released this month.

An exact day is not available yet! Jason Buffington will present a webcast to fill you in on all the new features and  stuff.

When: Thursday, October 08, 2009 9:00 AM Pacific Time (US & Canada)

Web cast Event Overview:

This month, Microsoft released the public beta for Microsoft System Center Data Protection Manager (DPM) 2010. Before you download the software, attend this webcast to learn about Data Protection Manager 2010 and the product features that are causing excitement in the IT community. We deploy a DPM 2010 server and walk you through most of the new features in DPM 2010 and the enhancements that were made to the Data Protection Manager 2007 Service Pack 1 (SP1) solution, which is protecting Windows-based application servers and file servers today.

image

Wednesday, September 16, 2009

New release for KB970867

Scug.be reports that Microsoft has released a new version of KB970867. More details here and on the Microsoft site

Friday, September 11, 2009

Back-up Exchange 2010

The current version of DPM is not Exchange 2010 aware*. Therefore you can not directly backup Exchange 2010 mailboxes with DPM2007.
For now (as a work around) there is a plug-in available for the Windows 2008 server backup feature that allows you to backup the Exchange 2010 databases. This plug-in is called WSBExchange.exe and is standard installed with Exchange 2010. The plug-in runs as a service (Microsoft Exchange Server Extension for Windows Server Backup), which can be used by Windows server Backup.

This is a basic way to project

  • Backups are VSS-based only. You cannot make streaming ESE backups
  • Backups are taken on volume level, To backup the database and log files you need to protect the full volume that contains these files.
  • Only full backups can be taken
  • Log file truncation will occur after a successful full backup.

First you configured Windows 2008 Server Backup locally on the mailbox server.
Then you can configure DPM to protect the backup files of Windows Server Backup on the mailbox server.

This is maybe not the most efficient way to protect your Exchange, but at least  it’s a work around till DPM is Exchange 2010 aware.

More info on protecting Exchange 2010 with Windows server backup:

untitled

*For Exchange 2010 TAP customers there is a special version of DPM2007 available that is Exchange 2010 aware. But this version does not support any other data then Exchange 2010

Saturday, September 5, 2009

DPM 2007 Configuration Analyzer

DPM Configuration Analyzer is a diagnostic tool that verifies configuration settings on your Microsoft System Center Data Protection Manager 2007.

The DPM Configuration Analyzer (DPMCA) is a diagnostic tool you can use to evaluate important configuration settings on DPM 2007 servers. The tool scans hardware and software configurations of the DPM servers you specify, evaluates them against a set of predefined rules, and provides you with best practice suggestions that can make your DPM experience more optimal.

More on: http://www.microsoft.com/downloads/details.aspx?FamilyID=54b4bb57-d6e3-4c1e-a889-a24cfa18fcd4&displaylang=en#Instructions

Tuesday, September 1, 2009

Script to resolve: Free tape threshold reached

When you have a tape library for which you change the tapes on a daily or weekly basis you properly run in to the following warning: Free tape threshold reached.

The number of free tapes in the Tape Library ,name> is less than or equals the threshold value of #. You must add tape to the library and it as free in order to prevent future backups from failing (ID 3305)

You receive this warning even when there are enough expired tapes available in the tape library. You get this warning because DPM checks the number of free tapes, in spite of the fact that DPM can write to expired tapes as well.
image

The advised resolution in DPM is manually mark all expired tapes as free. However a real IT-admin does not like manual labor. Therefore we created a PowerShell script that checks for expired tapes and marks them free.
If you run the script manually it looks like this:
image

Powershell script:

param ([string] $DPMServerName)
add-PSSnapin Microsoft.DataProtectionManager.PowerShell
if(("-?","-help") -contains $args[0])
{
    Write-Host "Description: This script marks all expired tapes as free"
    Write-Host "Usage: MarkExpiredTapesAsFree.ps1 [-DPMServerName] <Name of the DPM server>"
    exit 0
}
if (!$DPMServerName)
{
    $DPMServerName = Read-Host "DPM server name"
    if (!$DPMServerName)
    {
        Write-Error "Dpm server name not specified."
        exit 1
    }
}
if (!(Connect-DPMServer $DPMServerName))
{
    Write-Error "Failed to connect To DPM server $DPMServerName"
    exit 1
}
$libraryList = Get-DPMLibrary -DPMServerName $DPMServerName
foreach ($library in $libraryList)
{
    $expiredTapeList = @(Get-Tape -DPMLibrary $library |
    ? {$_ -is [Microsoft.Internal.EnterpriseStorage.Dls.UI.ObjectModel.LibraryManagement.ArchiveMedia] -and

$_.DatasetState -eq "Recyclable"})
    if ($expiredTapeList.Length -gt 0)
    {
        Write-Host "Marking $($expiredTapeList.Length) tape(s) as free in $($library.UserFriendlyName)."
        Set-Tape -Tape $expiredTapeList -Free
        $expiredTapeList | select Location
    }

}

We have scheduled this script to run daily using the Windows task scheduler. Expired tapes are now mark as free on a daily basis

In order to schedule a Powershell command you need to create a cmd that calls the Powershell script. The command file is listed below

command file:

powershell -command "& 'd:\ps_scripts\MarkExpiredTapesAsFree.ps1' <servername>"

Thanks to Mischa for his help with the script.

Saturday, August 29, 2009

Elearning

I told you in my post yesterday that there is no Elearning for DPM available yet. Again thing can change quickly. Microsoft just has released the Elearning track for DPM.

This is a collection of 6 two-hour eLearning modules that include hands-on labs, much of the same courseware as our newly announced classroom-based DPM course, and is built for to prepare you for the DPM Certification exam.

There are six modules –each approximately two-hours long

More on: http://blogs.technet.com/jbuff/archive/2009/08/28/announcing-dpm-elearning-is-now-

Friday, August 28, 2009

Exam 70-658 – Configuring System Center Data Protection Manager 2007

Since a couple of weeks you can take the Microsoft DPM2007 Exam.  Happy with this option, I scheduled the exam for this morning.
When preparing for the exam, I wasn’t sure what to expect. There are no books, CBT or test exams available yet.
And I have to say the exam was a bit more difficult than I first expected. I had to read all the questions carefully..
But the result was good. PASS!!!

image

Without the books and all that stuff there is still a lot of information available to prepare for the exam.

Below a list of what I used.

There is also a Microsoft learning track available: Course 50213A. (I did not had the opportunity to take a look at this yet.)

Beside all of this I think it really helps if you have some good experience with setting up, configuring and not the less troubleshooting DPM.

-Good luck!!!, to those of you that will take the test as well-
And let me know what you think of the exam?

Wednesday, August 26, 2009

DPM v3 Q&A

i Found the Q&A text from the First look on Webcast on DPM v3 posted on the Internet.

You can find them on: http://snefi.freeblog.hu/files/dpm.txt

Friday, August 21, 2009

Change the location of the system state backup file


As you might know, DPM stores the system state of a machine first locally on the protected machine before copying the data to the DPM server. DPM select the most suitable disk for the local copy of the system state when you run the backup for the first time. You might want to change this location when available disk space changes or when you add additional disk to your system.
This can be done by editing the configuration file on the protected computer. 

(Technet)
The backup file of system state is created at %systemdrive%\DPM_SYSTEM_STATE.

To change the location of the system state backup file

1.On the protected computer, open PSDatasourceConfig.xml in an XML or text editor. PSDatasourceConfig.xml is typically located at install path\Program Files\Microsoft Data Protection Manager\DPM\Datasources.

2.Change the <FilesToProtect> value from %systemdrive% to the desired location.

image

3.Save the file.

4.On the DPM server, if there is a protection group protecting the system state of the protected computer in step 1, run a consistency check.

5.The consistency check will fail and generate an alert. Perform the recommended actions in the alert as follows:

a.In the alert details, click the Modify protection group link, and then step through the wizard.

b.Perform a consistency check

-------------------------------------------------------------------

When you have issues with backing up the system state of the machine you should always check the logs on the local machine.

-Application log
-C:\Windows\Logs\WindowsServerBackup

FI: Backup started at ‘’ failed with following error code '2155348165' ( There was a failure in preparing the backup image of one of the volumes in the backup set. ). Please rerun backup once issue is resolved.

Thursday, August 20, 2009

Heavy Weight Consistency Check using PowerShell


David Allen has posted a interesting piece on performing consistency checks checks using Powershell. He also describes the difference between a standard and a Heavy Weight consistent check.

Read it all: http://www.scdpmonline.org/heavy-weight-consistency-check-using-powershell.aspx

Wednesday, August 19, 2009

Backing Up DPM by Using a Secondary DPM Server

In addition to my Prepare for a DPM server disaster post that describes how to protect the DPM server database locally on disk or tape. Now a link to the TechNet article that describes how to protect the DPM server by using a second server http://technet.microsoft.com/en-us/library/bb795680.aspx

Monday, August 17, 2009

Prepare for a DPM server disaster

The DPM SQL database (DPMDB) is the most crucial part of your DPM installation. The database contains all your protection group information and tape\disk catalogs.
When this database gets corrupted (believe me this can happen), you will loss all this configuration data.

When you have a single DPM server implementation, you can protect this database in two ways.

  • Make a backup\Dump to disk: dpmbackup command
  • Make a backup to tape: Create a protection group to include the DPM database

I would recommend to use both techniques to protect your DPM databases.The disk solution allows you to recover the DPM quickly when it gets corrupted. The backup to tape allows you to recover the configuration when the full DPM server has become unavailable.

Make a DPM database backup to disk

  • Use the command DPMbackup –db to create a dump of the database to the folder %program files%\Microsoft Data Protection manager\DPM\Volumes\ShadowCopy\Database Backups.
  • When you schedule this command to run frequently,it is recommended to save multiple versions of the database. With the DPMbackup –db command you cannot specify a alternative location for the database backup. Therefore it is recommended to copy your database dump to an alternative location. This will prevent you from overwriting a good working copy with a more recent corrupt version.

Restore a DPM database from disk

Before you start:

  1. Secure the current DPMDB.BAK database backup, by renaming it: %program files%\\Microsoft DPM\DPM\Volumes\ShadowCopy\Database Backups
  2. Next, create a backup of the running database in DPM  with the following command: dpmbackup –DB Also rename this DPMDB.BAK file to DPBDB_before_restore.BAK

Restore database:

  1. Use DPMSync to attach the database to DPM.
    • DPMSync –RestoreDB –DBLoc (location and name of the database secured in step 1 of before you start) When this database is also corrupt you can use a previous saved version of the database
    • DPMSync takes the DPM service offline and attaches the backed up database to SQL Server.
  2. Run the command DpmSync –sync
    • This will sync the database with the available recovery points
  3. Start DPM 2007 Administrator Console. You now have some protection errors to resolve.
  4. Secure now the working DPM DB running: DPMBACKUP –DB from the DPM server

Make a DPM database backup to disk

Enable local protection (When using the local SQL installation): 

  • Starting with DPM 2007 SP1 it is possible to backup the local files of the DPM server.
  • To enable it you need a powershell command (DPM Management Shell): Set-DPMGlobalProperty –AllowLocalDataProtection $true

Protect SQL database:

  • Create a new protection group
  • Select the local DPM server and select under SQL the DPMDB
  • Use long-term protection using tape
  • Specify the protection schedule

Recover a DPM database from disk
This is a not the most pleasant solution, since you have to uninstall and reinstall DPM2007. You should only use this when the recovery from disk is not possible

  1. create a backup of the running database in DPM  with the following command: dpmbackup –DB ,rename this DPMDB.BAK file to DPBDB_before_restore.BAK
  2. Place the tapes with the most recent DPM database backup
  3. Uninstall Microsoft System Center Data Protection Manager 2007 through the Add/Remove Programs applet in Control Panel.

    Important

    Remember to select Retain disk-based recovery points.

  4. Restart the computer.
  5. Delete the DPM database using SQL Server Management Studio.
  6. Install DPM 2007.
  7. Restart the computer
  8. Install the same level of Service pack and latest hotfixes
  9. Restart the server again
  10. Secure the now clean Database
    • Run the command dpmbackup –DB
  11. Open the Libraries tab on the Management tab of DPM Administrator Console.
  12. Click Rescan on the Actions pane. Go to Updating Tape Library Information for more information on using the Rescan option.
  13. Select the library from the list and click Inventory libraries… and perform a detailed inventory from the Actions pane.
  14. Select the imported tape from the list and click Recatalog imported tape on the Actions pane.
    • Do this for all tapes on which the DPM database resides
  15. Open the Recovery tab from DPM Administrator Console.
  16. Select the DPMDB by expanding the External Tapes node.
  17. Click Recover on the Actions pane.
  18. Restore the database files to a separate folder
  19. All DPM and SQL services must be stopped.
  20. Rename the following Database files .\DPMDB:
    • a) DPMDB2007RTM.mdf to DPMDB2007RTM.mdf.old
    • b) DPMDB2007RTM_log.ldf to DPMDB2007RTM_log.ldf.old
  21. Copy the restored database files to the location .\DPMDB
  22. Start first the SQL services, next start the DPM services
  23. When all services are started again:Run the command DpmSync –sync
    • This will sync the database with the available recovery points
  24. Start the DPM administrative console
    • If this works > DPM should be up, you now have some protection errors to resolve
    • If this not work try step 15 to 23 for with the two other versions of the database

***Secure the now working database Run the command dpmbackup –DB

Friday, July 31, 2009

DPM June QFE KB970867

The in June released hotfix rollup package for System Center Data Protection KB970867 fixes 9 issues.

Issue 1
If you enable library sharing, you cannot delete a protection group, and you receive the following error message.
Issue 2
The SharePoint backup process fails if DPM 2007 cannot back up a content database. If you install this update, the SharePoint backup process will finish. However, an alert will be raised if DPM 2007 cannot back up a content database.
Issue 3
DPM 2007 jobs randomly fail. In the administrator console, you see error code 0x800706BA if you check the detailed information about the failed job.
Issue 4
DPM 2007 does not delete directories that are no longer being protected from the replica volume.
Issue 5
After you install this update rollup, you can configure DPM 2007 to perform VSS copy backup.
Issue 6
Reconciling a VSS shadow copy causes the DPM 2007 service to crash.
Issue 7
The DPM 2007 service crashes if a tape backup job is canceled during the CheckConcurrencyBlock operation.
Issue 8
The Pruneshadowcopies.ps1 script cannot delete expired recovery points.
Issue 9
If a parent backup job of a SharePoint farm fails, but the child backup succeeds, the DPM 2007 service crashes.

After the installation of this rollup you do need to update your agents. You do not need to rebooted the protected servers.

More info and download link at Microsoft

Fast inventory fails

Found that the fast inventory of the Tape library in DPM can fail or show the wrong results in some cases. According to a newsgroup post this can be caused (in certain types of libraries) by the press of a cleaning tape.

The post reports this for IBM 35XX series and HP 1/8 tape libraries. We have seen the same issue on the Dell TL2000 tape library which is actually an IBM Totalstorage 3573 Tape library.

The workaround is to remove the cleaning tape from the library.

The newsgroup threat also describes a fix setting a registry key. (I have not tried this yet)

The rekey fix is to handle some  unexpected behavior of tape library. The issue is when there is cleaner media present in some library element (slot/drive/transport ) the IOCTL_CHANGER_GET_ELEMENT_STATUS for that particular elment returns with ELEMENT_STATUS_EXCEPT set in CHANGER_ELEMENT_STATUS.Flags and CHANGER_ELEMENT_STATUS.ExceptionCode is set to ERROR_UNHANDLED_ERROR.  This is unexpected behavior as per WHQL and as a result of this you will see Fast  Inventory failing with "Hardware Issue". The workaround is added in DPM 2007 SP1 and we have seen this issue with only IBM 35XX series and HP 1/8 tape library

Thanks to Sachin

Link to full newsgroup threat

Monday, July 27, 2009

Poll: What should DPM v3 include?

Microsoft is working on the next version of DPM. The First public beta will properly available at the end of the summer or in the fall?

Some of the new features that DPM v3 will include were shown during a recent webcast. But what should DPM v3 include according to you?

You can select multiple items from the list

  • Improved Tape backup support: Allow to configure in more detail when backups run, exclude certain dates from the schedule, specify which tapes should be used when.
  • Support for None Microsoft OS/applications: In the 2007 release only applications that have a VSS writer available are supported. Other applications are supported using a flat file dump/backup.
  • Protect none (trusted) domain servers: A machine in a none trusted domain or in a workgroup cannot be directly protected by DMP2007
  • Management console on another computer: The graphical interface can only be installed on the DPM2007 server itself. The PowerShell management shell can be installed on a remote management station as well.
  • More standard repots: Are the reports of the current DPM version sufficient or should v3 include more reports
  • Improved documentation: Is the documentation sufficient or should v3 include more/better documentation
  • Better SAN integration: Does the SAN integration need improvement
  • Exchange single mail restore: DPM2007 restores the full mailbox store, with Powershell you select the mailbox to recover.
  • USB/Firewire storage support: There is no native support for backups to USB/Firewire disk. A workaround that works is installing a virtual tape drive

Other suggestions, drop me a mail!

May I have your Votes please!!!

This is just a informational poll, I do not have any influence on what will be in the next version of DPM. But you never know :-)

Wednesday, July 22, 2009

The DPMRA service terminated with service-specific error 10048


After maintenance on one of the Exchange CAS/HUB servers the DPM server could not contact the DPM agent anymore.

The Error Code:

Log Name:      System
Source:        Service Control Manager
Date:          17-7-2009 14:36:34
Event ID:      7024
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      servername.domain.local
Description:
The DPMRA service terminated with service-specific error 10048 (0x2740).

This article on Microsoft site tells that this could be caused by another service running on the ports used by DPMRA service. (port 5718 and 5719)

To find which service this is you can use the command netstat –oan, this returns the ports and the corresponding PID. With the command tasklist /svc  you find the service involved.

In this case the service MSExchangeFDS (Microsoft Exchange File Distribution) was running on both ports.

We used the following work around:

  • Stop the Microsoft Exchange File Distribution service
  • Set the DPMRA service from manual to automatically
  • Start the DPMRA service
  • Start the Microsoft Exchange File Distribution service

This work around fixed the issue for us.


Thanks to Karl

Monday, July 20, 2009

Exchange 2007 Restore with DPM and PowerShell

 

Set-up Overview

This post shows how to recover a mailbox using DPM and Powershell commands

For the examples in this post we use the following set-up

  • Exchange 2007 CCR cluster: EXc01
  • Storage group to recover from: SG01
  • Mailbox to recover from: MBXStore01
  • User to recover: Matthijs
  • User to recover mail to: Manager
  • Disk for recovery storage group: E:\
  • Name recovery storage group: Recovery Storage Group

High-level steps for a recovery

  • Create recovery storage group;
  • Restore data to Recovery Storage Group;
  • Copy/merge mail to target mailbox;
  • Remove Recovery Storage Group.

Restore to recovery Storage Group

Task description

Example

  • If you do not have an existing Recovery Storage Group, create one by using the new-storagegroup cmdlet in Exchange Management Shell.
  • Logon to the Active node of the Exchange cluster
  • Start the exchange management shell
  • Create a Recovery Storage Group (RSG) by running the following Exchange Management Shell cmdlet: [PS] new-storagegroup -Server [servername] -LogFolderPath [log file path] -Name “Recovery Storage Group” -SystemFolderPath [database directory] Recovery

new-storagegroup -Server exc01 -LogFolderPath E:\RSG -Name “Recovery Storage Group” -SystemFolderPath E:\RSG -Recovery

  • Add a recovery database to the RSG by running the following Exchange Management Shell cmdlet: [PS] new-mailboxdatabase -mailboxdatabasetorecover [database_name] -storagegroup [Server_name\RSG_name] -edbfilepath [database_path]

This creates a mailbox on exchangeserver1\RSG\DB11. The .edb file name must be the same as the .edb file name for the mailbox you are recovering.

new-mailboxdatabase -mailboxdatabasetorecover exc01\SG01\MBXStore01 -storagegroup "exc01\Recovery Storage Group" -edbfilepath E:\RSG\MBXStore01.edb

  • Logon to the DPM server
  • start DPM administrative console
  • Select the recovery TAB
 
  • On the left side of the window select the Exchange cluster for which you want to perform a system state restore
  • Expand the domain name, expand the cluster name
  • Expand All protected data Exchange data
  • Select the storagegroup that contains the mailbox to restore
image
  • In the middle of the window
  • (lower screen) First select the mailbox store and select the users mailbox
  • (Uper screen)select the data and additionally the time of the mailbox to restore.
  • In the right side of the click recover
image
  • The recovery wizard start
  • Check the selected settings and click next
  • In the Select recover type window, select Recover the mailbox to an Exchange Server and click Next
image
  • In the specify destination type:
  • Exchange server: [Exchange mailbox cluster] EXC01
  • Storage group name: Recovery Storage Group
  • Database name: [RSG_databasename] mbxstore01
  • In the specify recovery options window, leave all settings default and click Next
  • In the summary window, check all settings and click recover
  • In the Recover status window, check the status and click close
image
     

Restore mailbox content to other mailbox

Task description

Example

  • Logon to the exchange cluster again
  • Open the Exchange management Shell
 
  • Restore the content of a mailbox to another mailbox in a special folder
  • Start by running the following Exchange Management Shell cmdlet: restore-mailbox -RSGMailbox [mailbox in RSG*] -rsgdatabase [RSG_Name\Mailbox_database_name] –baditemlimit 10-id [target_mailbox*] -Targetfolder [target_folder]

*Use the display name

restore-mailbox -RSGMailbox "Matthijs" -rsgdatabase "Recovery storage group\MBXstore01" –baditemlimit 10 -id "manager” -Targetfolder "restore van Matthijs 20090704"

  • The confirmation question will be displayed. Check the action described and Click Y

Confirm

Are you sure you want to perform this action?

Recovering mailbox content from the mailbox 'Vreeken, Matthijs' in the recovery

database 'EXC01\Recovery Storage

  • The mailbox restore is in progress
 
  • The results are displayed
 
  • In outlook there is a new folder created with the content of the restored mailbox
 

Restore lost mail to original mail box merge

Task description

Example

  • Logon to the exchange cluster again
  • Open the Exchange management Shell
 
  • Restore the content of a mailbox to another mailbox in a special folder
  • Start by running the following Exchange Management Shell cmdlet: restore-mailbox -id [mailbox in RSG*] -rsgdatabase [RSG_Name\Mailbox_database_name] –baditemlimit 10

*Use the display name

restore-mailbox -id "’matthijs" -rsgdatabase "Recovery storage group\MBXstore01" -baditemlimit 10

  • The confirmation question will be displayed. Check the action described and Click Y
 
  • The mail restore is in progress
 
  • The results are displayed
 
  • In outlook there is a new folder created with the content of the restored mailbox
 

Other useful restore command:

Restore only emails received/send between specify data:
Restore-mailbox _RSGMailbox <Mailbox_name_In_RSG> –RSGDatabase <RSG_Name>\<Mailbox_DatabaseName> –ID <Mailbox_Name_To_restore> –TargetFolder <Folder_Name> –StartDate <Start_date> –EndDate <EndDate>


Remove recovery storage group

Task description

Example

  • Logon to the exchange cluster again
  • Open the Exchange management Shell
 
  • Dismount the database with the command: dismount-database -identity "[server_name\RSG_Name\Mailbox_database_name]”

dismount-database -identity "exc01\Recovery Storage Group\MBXstore01"

  • The confirmation question will be displayed. Check the action described and Click Y
 
  • Remove the mailbox from the Recovery Storage Group with the command: Remove-mailboxdatabase –identity <server_name\RSG_name\Database_name>

Remove-mailboxdatabase -identity "exc01\recovery storage group\MBXstore01"

  • The confirmation question will be displayed. Check the action described and Click Y
 
  • The move the Recovery Storage group with the following command: remove-storagegroup –identity <server_name\RSG_name>

remove-storagegroup –identity “exc01\recovery storage group”

  • The confirmation question will be displayed. Check the action described and Click Y
 
  • The recovery storage group has been removed from exchange.
 
  • Now remove the files from the Recovery Storage Group directory

E:\RSG\*.*