Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Unable to install Agent on W2K8 R2 Domain Controller

116 views
Skip to first unread message

cbf

unread,
Feb 11, 2010, 3:58:01 PM2/11/10
to
Manual agent installation (DMPAgentInstaller_x64.exe dpmservername) fails.
I'm trying to install the agent on a Windows 2008 R2 domain controller.

From MSDPMAgentInstall.LOG, deep in the middle of the file:

AddAuthorizedMachine method call successful
SetAgentConfig return code = 0x00000000
AddSecurityGroupsToAuthDB returned Error code = 0x00000000,
dpmserverAccount = fNtlmAuth =
AddSecurityGroupsToAuthDB returned Error code = 0x00000000,
dpmserverAccount = fNtlmAuth = [0]
ConfigureFirewall method return hr =0x80004005
1: __MSDPMSetupError 2: -2147467259 3: 880
DoMachineSpecificDPMConfiguration return code = 0x80004005
CustomAction
_DoMachineSpecificDPMConfiguration.88BD42D4_8EBE_4E98_B407_81775C1F7E9C
returned actual error code 1603 (note this may not be 100% accurate if
translation happened inside sandbox)
MSI (s) (08:70) [15:45:39:089]: User policy value 'DisableRollback' is 0
MSI (s) (08:70) [15:45:39:089]: Machine policy value 'DisableRollback' is 0
Action ended 15:45:39: InstallExecute. Return value 3.

I tried the step 1 suggested by Venkata Praveen of "netsh firewall set opmode
mode=disable", but that makes no difference.

I'm guessing that somehow there's a lack of privilege for being able to
alter the firewall settings on the domain controller, but I'm running this
command logged in as the domain administrator.

Suggestions?

cbf

unread,
Feb 11, 2010, 4:13:01 PM2/11/10
to
I should have mentioned in the previous message that this is using the DPM
2010 RC.

Chandraneel Chakka[MSFT]

unread,
Feb 12, 2010, 1:36:02 AM2/12/10
to
Can you please run the below commands on the PS from a command prompt and
let me know the result.

netsh advfirewall firewall set rule group="@FirewallAPI.dll,-29502" new
enable=yes
netsh advfirewall firewall set rule group="@FirewallAPI.dll,-34251" new
enable=yes
netsh advfirewall firewall add rule name=dpmra dir=in
program="%PROGRAMFILES%\Microsoft Data Protection Manager\DPM\bin\DPMRA.exe"
profile=Any action=allow

Thanks for your feedback.

--
This posting is provided “AS IS” with no warranties, and confers no rights

"cbf" <c...@discussions.microsoft.com> wrote in message
news:E4BCC415-FE38-4991...@microsoft.com...

Charles Frankston

unread,
Feb 12, 2010, 3:52:40 PM2/12/10
to
Chandraneel --

Here are the results of running the netsh commands you requested:

C:\Program Files\Microsoft Data Protection Manager>netsh advfirewall

firewall set rule group="@FirewallAPI.dll,-29502" new enable=yes

Updated 3 rule(s).
Ok.

C:\Program Files\Microsoft Data Protection Manager>netsh advfirewall

firewall set rule group="@FirewallAPI.dll,-34251" new enable=yes

No rules match the specified criteria.

C:\Program Files\Microsoft Data Protection Manager>netsh advfirewall

firewall add rule name=dpmra dir=in program="%PROGRAMFILES%\Microsoft Data
Protection Manager\DPM\bin\DPMRA.exe" profile=Any action=allow

Ok.

"Chandraneel Chakka[MSFT]" <chan...@online.microsoft.com> wrote in message
news:05882D1C-38C5-4111...@microsoft.com...

Praveen D [MSFT]

unread,
Feb 22, 2010, 8:09:44 AM2/22/10
to
Hi Charless, as per the offline discussion with Chandraneel we found
this issue to be not having the firewall exception rule for WMI component.
For this you need to use SCW(Security configuration wizard), create and
apply a security policy so that you can get this rule listed in firewall and
Remote WMI . If this is not configurable due to group policies then you
please contact your network administrator to get exception for this machine.
If its not possible to change the security configuration settings to change
on this machine due to group policies then you can protect this machine
alone using workgroup/untrusted domain feature available in DPM 2010 RC.
Please find more information about how to protect workgroup/untrusted domain
machine and its supported features at:
http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?lang=&cr=&guid=&sloc=en-us&dg=microsoft.public.dataprotectionmanager&p=1&tid=395b9f98-a3d4-4270-af9f-418078e9d5fc&mid=395b9f98-a3d4-4270-af9f-418078e9d5fc

Thanks,
Praveen D [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.

"Charles Frankston" <cbf.micros...@cimetrics.com> wrote in message
news:F2CBEA88-069F-43AF...@microsoft.com...

Chris

unread,
Feb 27, 2010, 7:44:02 PM2/27/10
to
Hi,

I am experiencing exactly the same issues attempting to install the DPM 2010
agent on Windows 2008R2 servers. In my case it is not restricted to domain
controllers.

The MSDPMAgentInstall.log file shows:

ConfigureFirewall method return hr =0x80004005
1: __MSDPMSetupError 2: -2147467259 3: 880
DoMachineSpecificDPMConfiguration return code = 0x80004005
CustomAction
_DoMachineSpecificDPMConfiguration.88BD42D4_8EBE_4E98_B407_81775C1F7E9C
returned actual error code 1603 (note this may not be 100% accurate if
translation happened inside sandbox)

The result from cmdline attempt at changing firewall rules:

"No rules match the specified criteria" when changing -34251

You mention using SCW to add a firewall rule for WMI, but this process is
unclear to me. Could you kindly elaborate on this advice so that I can
understand exactly what is required.

Kind regards

Chris.

0 new messages