Search This Blog

Monday, March 28, 2016

Solved: RODC secondary protection with DPM fails with "Agent not reachable"

This was a tough one (to configure secondary protection for RODC with DPM 2012 R2)

First of all it was not so easy to set up DPM agent on RODC using this article https://technet.microsoft.com/en-us/library/hh758186.aspx, but it somehow I managed to get install DPM agent on RODC and start backing it up.

So then we decided that it would be cool to add secondary protection for the RODC (because there where some critical files on it), but this was not as easy as it should be. All other secondary protections "just worked", but that was not the case with RODCs, the failed with "Agent not reachable" error.
After a little bit of playing I added secondary DPMs machine account to local admin group of RODC and it worked, but as we all know "give admins rights everywhere" is not a good practice.
After weeks of trying different kind of things (because there is no documentation for this scenario), I somehow manged to work with two extra steps:

  1. Both primary and secondary DPM should be members of these groups:
    •  DPMRADCOMTrustedMachines$RODC
    •  DPMRADmTrustedMachines$RODC
    •  DPMRATrustedDPMRA$RODC
    •  Builtin\Distributed COM Users
  2. On RODC execute command:
SetAgentCfg.exe a DPMRA <Primary DPM server> DPMRADCOMTrustedMachines$RODC DPMRADmTrustedMachines$RODC

This somehow helped! RODC didn't show "Agent not reachable" errors and backups succeeded!

I will be glad to help if someone is having the same issue!

No comments:

Post a Comment