Powershell remote connect to DPM not working (Network Steve Forum)

Powershell remote connect to DPM not working

Hello all,

Using System Center DPM 2012 R2.

Trying to start with automation in SMA using our DPM servers. Tried to use the sample script
"Sample-Managing-DataProtectionManager", this is a simple script with a connect-DPMServer statement. When executing keep getting the error "Connect-DPMServer Unable to connect .. ID: 948". Verify that the DPM service is running on this computer.

Pretty sure that DPM services are running. Using an account with domain admin rights and full access to the DPM server (local admin) and SQL Server instance (sysadmin) hosting the DPM db's. And firewalls allow access (tried with firewalls off).

When I try to connect to one of the DPM servers from a remote DPM Management shell all works fine. When I try to simulate the inlinescript (used by SMA) with an invoke-command from a remote
host I get the same error. Tried starting PowerShell as administrator, but still no luck. Tested if the invoke-command was running as administrator and elevated, this is the case.

I get the feeling that I am missing something :-). Anyone any luck with using dpm from sma or using powershell from a remote host to connect to a DPM server and can help me?

Kind regards,

Erwin

Edited by Erwin van Dijk-KadenIT Monday, December 15, 2014 10:55 AM

December 15th, 2014 1:54pm

The following technet link has details which might be of help to you:

http://technet.microsoft.com/en-us/library/hh830726.aspx

Free Windows Admin Tool Kit Click here and download it now

December 22nd, 2014 1:50pm

Gidday Erwin,

I might be able to help you out as I have spent a considerable amount of time doing this sort of thing from Orchestrator - and there was a lot of pain!

With DPM in particular, generally you are probably going to be manipulating all sorts of things using powershell, so it would pay when making your initial connection to the DPM server from SMA to use CredSSP authentication. Please see this article: http://blogs.technet.com/b/heyscriptingguy/archive/2012/11/14/enable-powershell-quot-second-hop-quot-functionality-with-credssp.aspx

What this will allow you to do is from the SMA engine, the DPM server is only a proxy point for doing the real work. If you use Kerberos authentication, the subsequent hops from the DPM server to protected sources will fail.

If you are having problems connecting to the DPM server altogether, then you need to make sure that you have your WinRM settings configured correctly.

Please let me know if any of this is hitting the mark and whether you'd like any further information.

Cheers,

adrian

January 9th, 2015 6:14am

Hello Adrian,

Thx for your reply. I will take a look at it and come back when I know more.

Kind regards,

Erwin

Free Windows Admin Tool Kit Click here and download it now

January 9th, 2015 9:05am

Hello Adrian,

Finaly got some time to check it out. Did some testing with CredSSP. When doing some manual tests using the Invoke-Command all works fine.

But not sure how to force SMA in using CredSSP. Can you eleberate on this?

Can I still use Inlinescript? Can you show me a simple example of a SMA runbook connecting to a DPM server using CredSSP.

Thx in advance.

Kind regards,

Erwin

January 18th, 2015 2:10pm

Hey mate,

Below is a powershell script that I use within Orchestrator for performing some of my DPM tasks. Hopefully this might help you out....

You should get the general gist of what's required and be able to leverage most of this by just substituting the relevant bits for your environment. The user connection point requires an account that has administrative rights within DPM.

$User = "DOMAIN\User"
$PWord = ConvertTo-SecureString String "Password" AsPlainText -Force
$Credential = New-Object TypeName System.Management.Automation.PSCredential ArgumentList $User, $PWord
$SessionOption = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
$Session = New-PSSession -ComputerName SERVERNAME -Credential $Credential -Authentication CredSSP -SessionOption $SessionOption
 
Invoke-Command -Session $Session -ScriptBlock{
  Import-Module DataProtectionManager

$DPMClient = "NETBIOSName"
$PG = Get-DPMProtectionGroup | Where-Object { $_.Name -eq "Protection Group Name" }
$ModPG = Get-ModifiableProtectionGroup -ProtectionGroup $PG
$PS = Get-ProductionServer -DPMServerName DPMSERVER | where { $_.Servername -like $DPMClient }
$DS = Get-DPMDatasource -ProductionServer $PS -Inquire | where { $_.Name -eq "DatabaseName" }
Add-ChildDataSource -ProtectionGroup $ModPG -ChildDataSource $DS
Set-DPMReplicaCreationMethod -ProtectionGroup $ModPG -Now
Set-ProtectionGroup -ProtectionGroup $ModPG

}

Remove-psSession $Session

Let me know how you get on.

Free Windows Admin Tool Kit Click here and download it now

January 20th, 2015 11:46pm

Hi Adrian,

Finally got it working, but not that easy. SMA is using workflow and you can't use New-PSSession in a workflow. You need to use inlinescript then. And then you have to workout how to use your variables.

Below my working example. Thx for your assistance!

workflow Managing-DataProtectionManager
{
    
    # Connection to access DPM server.
    $DpmConnection = Get-AutomationConnection -Name 'DpmConnection'
    $DpmServer = $DpmConnection.ComputerName
    "Using script host $DpmServer"
	# Create a PSCredential from the 'Username' and 'Password' fields within 
	# 'DpmConnection' because this is the form of authentication that an 
	# inlinescript accepts. 
    $SecurePassword = ConvertTo-SecureString -AsPlainText -String $DpmConnection.Password -Force
    $DpmCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $DpmConnection.Username, $SecurePassword
    ################################################################################################################################################################
    inlinescript {
        $sesOption = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
        $ses = New-PSSession -ComputerName $Using:DpmServer -Credential $Using:DpmCredential -Authentication CredSSP -SessionOption $sesOption
        Invoke-Command -Session $ses -ScriptBlock {
            param($DpmSrv)
            # Import DPM module.
            Import-Module DataProtectionManager               
            # Connect to DPM server.
            Connect-DPMServer -DPMServerName $DpmSrv
            # Obtain a list of disks found on DPM server.
            #Get-DPMDisk
            Get-DPMBackupNetworkAddress
        } -ArgumentList $Using:DpmServer
        Remove-PSSession -Session $ses 
    } -PSComputerName $DpmServer -PSCredential $DpmCredential
}

January 22nd, 2015 8:28pm

This topic is archived. No further replies will be accepted.