I was successfully protecting a Windows Server 2008 R2 Ent. Server with my M.S. System Center 2012 R2 DPM R2 Server until today.  The only changes I know about are the fact that this 2008 server was promoted to a domain controller today using the same name and I.P. Address.  It appears that the DCPromo process has broken DPM protection somehow.  Is it true that a "dcpromo" of a protected server can cause DPM Agent failures?  If so what is the preferred method to fix this problem.  I'm hoping that I don't really have to stop and clean up the current protection for this server and then start over again.  Does anyone have a solution for this problem?  Here are the errors I'm getting:

Affected area: ServerName.DomainName

Occurred since: 1/13/2015 8:30:02 AM

Description: The DPM protection agent on ServerName.DomainName could not be contacted. Subsequent protection activities for this computer may fail if the connection is not established. The attempted contact failed for the following reason: (ID 3122)

The protection agent operation failed because it could not access the protection agent on ServerName.DomainName. ServerName.DomainName may be running DPM, or the DPM protection agent may have been installed by another DPM server. (ID 302 Details: )

More information

Recommended action: Uninstall DPM or the DPM protection agent from ServerName.DomainName and install the DPM protection agent again from the computer that you want to use to protect the computer.

On the Agents tab in the Management task area, check the status of the agent.

Resolution: To dismiss the alert, click below

Inactivate

-------------------------------------------------------------------------

Protection agent version: 4.2.1254.0

Error: Data Protection Manager Error ID: 270

The agent operation failed on ServerName.DomainName because DPM could not communicate with the DPM protection agent. The computer may be protected by another DPM server, or the protection agent may have been uninstalled on the protected computer.

If ServerName.DomainName is a workgroup server, the password for the DPM user account could have been changed or may have expired.

Recommended action: Check the following to troubleshoot this issue:

1) If the agent is not installed on ServerName.DomainName, run DpmAgentInstaller.exe with this DPM computer as a parameter. For details, see the DPM Deployment Guide.

2) To attach the computer correctly to this DPM server, run the SetDpmServer tool with the -Add option on the protected computer.

3) If the computer is protected by another DPM server, or if the protection agent has been uninstalled, remove the protected data sources on this computer from active protection. Then, remove the entry of this computer from the Agents tab in the Management task area.

4) If ServerName.DomainName is a workgroup server, run SetDpmServer with the -UpdatePassword flag on the protected computer and Update-NonDomainServerInfo.ps1 on the DPM server to update the password.

5) If the DPM server and the protected computer are not in the same domain, ensure that there is a two-way trust setup between the two domains.

Note:  I tried running the setdpmserver tool but got the following message:

SetDpmServer failed with errorcode =0x80070534, error says: No mapping between account names and security IDs was done.

I also tried the attach agents option but DPM tells me that there is already an agent installed.

I also tried to manually start the DPMRA service on the client but it fails with error code 1168.

Any helpfull information would be greatly appreciated. 

Thank you,

MPeterson 

Hi,

Try the following:

1. Uninstall the agent from the protected computer.
2. Restart the computer.
3. Install the DPM-agent manually.
4. Re run the SetDPMServer command.
5. Try start the service.

If the problem still exist, please look into the following steps:

Verify the COM+ permissions for the DPM agent on the protected server. There could be a mismatch in the permissions:

1. Click START / Administrative Tools / Component Services
2. Expand Component Services / Computers / My Computer / DCOM Config
3. Right click on the "DPM RA Services" and choose properties. Verify that under the Security tab / Launch and Activation Permissions you got Customize marked, click the "Edit..." button in the ACL you should see the computer account for your DPM server.
4. If it's not present add it and mark all allow boxes and try to start the service again.

You should also verify that your DPM-server computer account is a member of these two local security groups on the protected server:

• DPMRADCOMTrustedMachines
• DPMRADmTrustedMachines

• Edited by MarkusEliasson Thursday, January 15, 2015 10:48 PM

Hi,

Try the following:

1. Uninstall the agent from the protected computer.
2. Restart the computer.
3. Install the DPM-agent manually.
4. Re run the SetDPMServer command.
5. Try start the service.

If the problem still exist, please look into the following steps:

Verify the COM+ permissions for the DPM agent on the protected server. There could be a mismatch in the permissions:

1. Click START / Administrative Tools / Component Services
2. Expand Component Services / Computers / My Computer / DCOM Config
3. Right click on the "DPM RA Services" and choose properties. Verify that under the Security tab / Launch and Activation Permissions you got Customize marked, click the "Edit..." button in the ACL you should see the computer account for your DPM server.
4. If it's not present add it and mark all allow boxes and try to start the service again.

You should also verify that your DPM-server computer account is a member of these two local security groups on the protected server:

• DPMRADCOMTrustedMachines
• DPMRADmTrustedMachines

• Edited by MarkusEliasson Thursday, January 15, 2015 10:48 PM