Thursday, June 4, 2009

DPM agent install and Windows 2008 server Harding

When the server you try to install the DPM 2007 agent on is locked down by the Windows firewall, you could have a hard-time installing the DPM agent on the server.

In most of the cases when you try to push the agent from the DPM administrative console you get an error message that the Windows Firewall on the target machine is blocking the installation.Disabling the firewall rules for all adapters can solve this issue. Run the following command on the Target machine before pushing the agent:
netsh firewall set opmode disable

When the Security configuration wizard is used, it can be a little trickier
My experience is that you get the following error during pushing the agent from the DPM console:

Install protection agent on xxx failed:
Error 313: The agent operation failed because an error occurred while running the installation program on xxx.
Error details: Fatal error during installation (0x80070643)
Recommended action: Review the log files on xxx: [windir]\temp\msdpm*.log and take appropriate action. Retry the operation, and if the error persists, restart the computer and then retry the operation again.


But also local install will falll with this error:
Installing agent and configure for dpmserver =[xxx]
DPMAgentInstaller failed with errorcode =80070643, error says: Fatal error during installation.
Check log files in [WINDIR]Temp\MSDPM*.LOG
Press Enter key to close the window

Manual set DPM server wil also fail with error:
SetDpmServer failed with errorcode =80004005, error says: Unspecified error

The reason is that during the DPM agent installation some exceptions need to be made to the Windows firewall and with the Windows Security configuration Wizard.

The following workaround can be used:
  1. Logon to the target machine (from console – remote management card etc)
  2. Copy the installation files to a local temp directory
  3. Net stop mpssvc (will stop windows firewall services\will stop network connections)
  4. run the installation (for x64): DPMAgentInstaller_KB959605_AMD64.exe dpmservername.fqdn
  5. Reboot the target server
  6. Make a firewall rule that allows the application DPMRA to communicate(all profiles)
  7. On the DPM server, from the DPM Management Shell prompt, type Attach-ProductionServer.ps1 .

4 comments:

  1. Thank you Matthijs, after a long search I found your post and it worked for me, you saved my day :).

    ReplyDelete
  2. Wonderful! Nice tip! Thanks a lot! :)

    ReplyDelete
  3. To the host only used Net stop mpssvc
    and install agent from server DPM.

    Works fine.

    tks

    ReplyDelete
  4. Thanks a lot .. ! its works for me as well..

    ReplyDelete