Pages

mandag 12. mai 2014

DPM: Troubleshooting

When debugging problems with DPM you should look at the logs.

For the agent you will find the logs in:
%windir%\temp\MSDPM*.log
C:\Program Files\Microsoft Data Protection Manager\DPM\Temp

For the server you will find the logs where you installed DPM, for example:
C:\Program Files\Microsoft System Center 2012 R2\DPM\DPMLogs
C:\Program Files\Microsoft System Center 2012 R2\DPM\DPM\Temp

If the problem is Connectivity, try to run
C:\Program Files\Microsoft Data Protection Manager\DPM\bin\SetDPMServer.exe -dpmServerName <yourdpmserver>

Configure Windows Firewall Correctly:
The following initial command should enable the agent to be installed:
netsh advfirewall firewall add rule name = "dpmac" dir=in program="C:\Program Files\Microsoft Data Protection Manager\DPM\ProtectionAgents\AC\<DPMVersion>\dpmac.exe" action=allow

Note DPM version information has to reflect your current DPM installation version. A sample path is used above. Replace <DPMVersion> (and path if required) with the correct DPM version number in the form x.x.xxxx.x.
DPM 2010: version 3.0.7696.0
DPM 2012: version 4.0.1908.0
DPM 2012 SP1: version 4.1.3313.0
DPM 2012 R2: version 4.2.1205.0

If this command does not enable the agent installation to succeed, add the following additional rules:
netsh advfirewall firewall add rule name="Microsoft System Center 2012 R2 Data Protection Manager Replication Agent" dir=in program="C:\Program files\Microsoft Data Protection Manager\DPM\bin\dpmra.exe" profile=Any action=allow

netsh advfirewall firewall add rule name="Microsoft System Center 2012 R2 Data Protection Manager DCOM setting" dir=in action=allow protocol=TCP localport=135 profile=Any

netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=yes

netsh advfirewall firewall add rule name="DPMAM_WCF_SERVICE" dir=in program="C:\Microsoft Data Protection Manager\DPM\bin\AMSvcHost.exe" profile=Any action=allow

netsh advfirewall firewall add rule name="DPMAM_WCF_PORT" dir=in action=allow protocol=TCP localport=6075 profile=Any

Also verify:
  1. Configure Windows Firewall on client. You have several options:
    • Configure rules to allow specific ports required (see above)
    • Create a rule that will allow all inbound traffic from DPM Server.
    • Turn the firewall off (not recommended but can be used to test if the firewall is the problem).
  2. Ping client from DPM server: ping <yourdpmclient>
  3. Ping DPM server from client: ping <yourdpmserver>
  4. Ping to test MTU size: ping <yourdpmserver> -l 1472 -f
    (If you get Packet needs to be fragmented but DF set, you need to lower 1472 until you get reply. A low value could indicate that you do not get the required throughput).
  5. Use tracert from client to verify routing: tracert <yourdpmserver>
  6. Use tracert from DPM server to verify routing: tracert <yourdpmclient>
  7. Use net view to verify shares on the client: net view \\<yourdpmclient>
  8. Use net view to verify shares on the DPM Server: net view \\<yourdpmserver>
  9. Use sc to verify RPC connectivity to client: sc \\<yourdpmclient> query
  10. Use sc to verify RPC connectivity to DPM Server: sc \\<yourdpmserver> query
  11. Use WBEMTEST to verify DCOM connectivity to client:
    Click Connect > Type inn Namespace: \\<yourdpmclient>\root\default > Connect > Enum Classes > Recursive > OK (If you fail at any point you have problems with DCOM).
  12. Use WMIC to verify WMI connectivity to client: wmic /node:<yourdpmclient> OS list brief
  13. Use NETSTAT to verify that client can connect to DPM server from port 5718: netstat -ano
  14. Use TASKLIST to verify that it is DPMRA.exe that use port 5718 (you need to notice the PID from NETSTAT and compare to the same PID in this list: tasklist /svc
  15. If it is suspected that TCP Chimney Offload is not operating as expected:
    • Try updating network card drivers
    • Check current status: netsh int tcp show global
    • Turn off: netsh int tcp set global chimney=disabled
  16. If it is suspected that RSS is not operating as expected:
    • Try updating network card drivers
    • Check current status: netsh int tcp show global
    • Turn off: netsh int tcp set global rss=disabled
  17. Verify SPN records with SETSPN: setspn -L <yourdpmclient>
    Look at HOST records and verify that they match the hostname and are valid. To register SPN records you can use (you must be domain admin for this): setspn -S HOST/<yourdpmclient> <yourdpmclient>. You can also check for duplicate SPN records with setspn -X.
A mini troubleshoot test when deploying agent could be to do the following from the DPM server:
ping <yourdpmclient>
net view \\<yourdpmclient>
sc \\<yourdpmclient> query
wmic /node:"<yourdpmclient>" OS list brief
wbemtest

If ping fails, then use tracert to see where the traffic dies. Also check the integrated firewall on the target server. If ping fails by using the name, then test by pinging the ip address of the target server. It that works then check the DNS registration.

If net view fails with error 53, make sure the computer name is correct AND that file and printer sharing are enabled. If net view fails with "System error 5 has occurred. Access is denied." verify that you are logged on using an account with permission to view shares on the remote computer. If net view failes by using the name then test with ip address. It that works then check the DNS registration and if it checks out use ipconfig /flushdns and ipconfig /registerdns on both the DPM server and on the client. It this resolves the issue, verify that ADMIN$ is listed.

If sc failes check the client integrated firewall to see if RPC traffic is locked down and being denied. Turn off the firewall and\or rely on the firewall logging as discussed earlier. If there are any firewalls in between the DPM server and the client make sure RPC ports are allowed.