Deploying DPM Agent on Windows Server 2008 – Workaround?
This is something that got me baffling all day…well…maybe half a day. Oh well, maybe a coupla hours. The frustrating thing is that I could not find any documentation on it and when I thought I found something it led me to some place that I couldn’t find. Alright, alright..enough grouchiness. The problem came when I was trying to deploy a DPM agent to Windows Server 2008 (which happens to have AD installed) from the administrator console. Problem installing the agent showed me error 319 below. Something to do with communicating with the DPM Agent Coordinator.
Looking up the net it was pretty obvious a firewall issue. The problem here was when looking up for the Managing Servers chapter states nothing that was workable. Having made sure all the necessary ports (stated in TechNet) required by DPM it still got me running into the same problem. Found out that the problem is with the protected server’s firewall. Though the necessary ports stated was allowed it still did not allow the agent to go in unless the firewall is turned off, only the agent will install.
After some digging got me to think that the firewall was blocking a program rather than a port. This is something I couldn’t find docs mentioning this. The trick here is to create an exception for the DPM Agent Coordinator service that will be created during the push from the console. Since the service does not exist (yet) the path to the .exe has to be specified (no points for guessing how I discovered the executable). Well, if you are fast enough you would see the service popping up starting, started, stopping, stopped and then disappear. With my fast fingers i manage to find out the path and the .exe that it triggers.
Now, creating the exception is no biggy. This has to be done in the Windows Firewall with Advanced Security. Create a new inbound rule.
Select the rule type; Program
Specify the path to the executable. BTW, it is C:WindowMicrosoft Data Protection ManagerDPMAgentsAC2.0.5820.0dpmac.exe
Set it to allow the connection.
Set the profile.
Give it a name.
And then you are done.
Again, I cannot find anywhere this is documented but this actually worked for me. So, if somebody can point me to a direction where I can find where this is documented please please…I’d appreciate it a lot. Please tell me if there’s a better way of doing this too.