Update Rollup 2 for System Center 2012 is now available for download

July 24, 2012, 3:40 pm

≫ Next: DPM Certificate Troubleshooting–Part 3: Certificates

≪ Previous: DPM Certificate Troubleshooting–Part 2: Registry

This rollup includes updates for App Controller, Data Protection Manager (DPM), Operations Manager (OpsMgr), Orchestrator, Service Manager (SCSM) and Virtual Machine Manager (VMM). Download links, installation instructions and the list of issues fixed for each component are documented in the following KB:

KB2706783 - Description of Update Rollup 2 for System Center 2012 (http://support.microsoft.com/kb/2706783)

J.C. Hornbeck | System Center & Security Knowledge Engineer

Get the latest System Center news on Facebook and Twitter:

The Forefront Server Protection blog: http://blogs.technet.com/b/fss/
The Forefront Endpoint Security blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

↧

DPM Certificate Troubleshooting–Part 3: Certificates

July 25, 2012, 10:45 am

≫ Next: Support Tip: Moving a DPM protected machine using Certificate Based Authentication from a domain to workgroup causes Consistency Checks to fail

≪ Previous: Update Rollup 2 for System Center 2012 is now available for download

Hello, Shane Brasher here once again, following up DPM Certificate Troubleshooting–Part 1: General Troubleshooting and DPM Certificate Troubleshooting–Part 2: Registry with Part 3 of “DPM Certificate Authentication Troubleshooting”.

In this session we will go over some common symptoms you may see if the certificate is missing or is invalid. This is assuming that after you have installed the certificate, run all the proper commands and even have protection group set up, then later something has happened to the certificate itself.

Member Server with its certificate missing
This error is what you will likely see if AFTER cert protection is setup is done and then the cert is missing or corrupt.

DPM Management Tab-Agent status

MemberServer Application Alerts—Event ID 85

MemberServer DPMRACurr.errlog
****************************

5BD3AD20-B2AF-4D1F-95B6-B73212768440 WARNING Failed: Hr: = [0x80092004] : Error locating certificate with thumbprint 2ba53e0056bdde64a7fca789c62abd72a3f57610

5BD3AD20-B2AF-4D1F-95B6-B73212768440 WARNING Failed: Hr: = [0x80092004] : Encountered Failure: : lVal : CertificateUtil::GetCertificateContext(hCertStore, ssThumbprint, &pCertContext)

WARNING Failed: Hr: = [0x80092004] : Error locating certificate with thumbprint 2ba53e0056bdde64a7fca789c62abd72a3f57610

WARNING Failed: Hr: = [0x80092004] : Encountered Failure: : lVal : CertificateUtil::GetCertificateContext(hCertStore, ssThumbprint, &pCertContext)

WARNING OuterException of type System.InvalidOperationException from Method = GetCertificateFromStoreCore

WARNING Exception Message = Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindByThumbprint', FindValue '2ba53e0056bdde64a7fca789c62abd72a3f57610'.

Note: The highlighted portion shows that there is an issue with finding the thumbprint for the certificate.

Member Server DPM CPWrapper Log—Cert is missing and the CP Wrapper Service restarted.
******************************

WARNING Exception Message = Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindByThumbprint', FindValue '2ba53e0056bdde64a7fca789c62abd72a3f57610'.

WARNING Exception Stack = at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target, Boolean throwIfMultipleOrNoMatch)

WARNING Caught unhandled exception : System.InvalidOperationException: Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindByThumbprint', FindValue '2ba53e0056bdde64a7fca789c62abd72a3f57610'.

CRITICAL Exception Message = Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindByThumbprint', FindValue '2ba53e0056bdde64a7fca789c62abd72a3f57610'. of type System.InvalidOperationException, process will terminate after generating dump

Also if the Protected server cert if removed upon a reboot or the restart of the DPM CPWrapper service you may see the following error.

Solution: If the member server has it’s certificate missing then the following will need to be done.

1.) If the cert is backed up to a safe location, import the certificate into the proper computer\personal store and restart the DPMCPWrapper service. If you do not have a backup of the certificate then proceed to the next step.

2.) Request a new certificate making sure to specify the correct cert attributes and that it is placed into the computer\personal store.

3.) Re-run the SetDPMServer commands to recreate the memberserver bin file. Copy the bin file to the DPM server. Once done re-run the Attach-ProductionServerWithCertificate.ps1 on the DPM server. Please reference the resource link below.

Resource: http://blogs.technet.com/b/dpm/archive/2012/04/23/how-to-use-certificates-to-authenticate-computers-in-workgroups-or-untrusted-domains-with-data-protection-manager.aspx

Important: There may be times to where you may still have to reboot both the member server and the DPM server.

DPM Server With Missing Cert
This scenario will go over symptoms when the DPM server certificate is missing.
If the DPM server is missing its certificate then you will see this in the DPM gui on the agent refresh.

DPM Monitoring tab
******************

Note the 3301 error which means the certificate is invalid.

DPM Alerts Event Log
******************

Note: The 33301 equates to the certificate is invalid.

MSDPMCurr.errlog snippet
***********************
cmdprocforcertificate.cpp(331) [000000001A7F4F50] WARNING CCommandProcessor::SendOutboundCommandUsingCertificate failed for Server: MemberServer.Contoso.com

WARNING ConfigureProtection.OnFailure.AADeactivationBlock.RAForRead.PT : RADeleteWorkItem, StatusReason = Timeout (StatusCode = -2146233079, ErrorCode = WCFClientCertificateInvalid, workitem = a1e5773c-a587-4788-a7fb-622f6bf7341e)

5A0AC966-C3A0-4D24-95FF-E96FD0DE04DA WARNING CheckTimeoutMessage: code[0x00008215], detailedCode[0x80131509], errMgs[Unknown error (0x80131509) (0x80131509)]

5A0AC966-C3A0-4D24-95FF-E96FD0DE04DA WARNING <ErrorInfo ErrorCode="33301" DetailedCode="-2146233079" DetailedSource="2" ExceptionDetails="" xmlns="http://schemas.microsoft.com/2003/dls/GenericAgentStatus.xsd">

5A0AC966-C3A0-4D24-95FF-E96FD0DE04DA WARNING <Parameter Name="machinename" Value="DPM2012Backup.Contoso.com" />

5A0AC966-C3A0-4D24-95FF-E96FD0DE04DA WARNING <Parameter Name="exceptionmessage" Value="Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindByThumbprint', FindValue '994b424d93fc08e4fe88c787298c7617ee095cda'." />

DPMCPWrapperServiceCurr.errlog
=============================
This may be seen upon restarting the DPMCPWrapper service if the cert is missing.

everettexception.cpp(761) CRITICAL Exception Message = Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindByThumbprint', FindValue 'c8ccf847ae8d319691feea1d6f796f0d67fdc7c4'. of type System.InvalidOperationException, process will terminate after generating dump

Note the message in regards to generating a dump. This dump (crash log) will be located in the following directory: %Program Files%\Microsoft System Center 2012\DPM\DPM\Temp. The dump file will have a name of “DPMCPWrapperServiceCurr.errlog.2012-07-11_18_06_16.Crash

Solution: If the DPM Certificate is missing, then please follow the steps below.

1.)If the cert is backed up to a safe location, import the certificate into the proper computer\personal store and restart the DPMCPWrapper service. If you do not have a backup of the certificate then proceed to the next step.

2.)Request a new certificate for the DPM server making sure to specify the correct cert attributes and that it is placed into the computer\personal store.

3.) Re-run the SetDPMCredentils commands to recreate the DPM bin file. Copy the bin file to the member server. Once done re-run the SetDPMServer command on the member server to generate this bin file. Copy the member server bin file to the DPMserver.

4.) On the DPM server re-run the Attach-ProductionServerWithCertificate.ps1 command.

Please reference the resource link below.

Resource: http://blogs.technet.com/b/dpm/archive/2012/04/23/how-to-use-certificates-to-authenticate-computers-in-workgroups-or-untrusted-domains-with-data-protection-manager.aspx

Important: This is considered a very bad situation. As if you have many servers you are protecting via certificate based authentication and the DPM cert is missing, it will be like starting all over again. You will have to:

a.) Generate the DPM bin file
b.) Copy it to each server that you were protecting via cert authentication.
c.) run the setdpmserver command
d.) take each server bin file to the DPM server.
e.) on that DPM server run the attach command.

This will have to be done for each server that you are protecting with certificate authentication. Naturally if you are protecting 100 servers via cert then this can be very labor intensive.

As a precautionary measure I strongly suggest that you export your DPM and member server certificates and save them in a safe location.

Expired Certificate

MemberServer Cert Expired

If the certificate has expired on the protected server then you will see the following errors.

DPM Management Tab-Agent Status

DPM Monitoring Tab
=================

DPMRACurr.errlog
================

415BF1BD-04EF-486C-A8D0-0C6A8E8E0BBD FATAL <Status xmlns="http://schemas.microsoft.com/2003/dls/StatusMessages.xsd" StatusCode="-2146893016" Reason="Error" CommandID="RAReadDatasetDelta" CommandInstanceID="80b85883-9822-4a64-bea0-1c661101dbe5" GuidWorkItem="856c0da1-fad7-46ba-a215-db95b90de630" TETaskInstanceID="415bf1bd-04ef-486c-a8d0-0c6a8e8e0bbd"><ErrorInfo xmlns="http://schemas.microsoft.com/2003/dls/GenericAgentStatus.xsd" ErrorCode="536872925" DetailedCode="-2146893016" DetailedSource="2"><Parameter Name="AgentTargetServer" Value="MemberServer.Contoso.com"/></ErrorInfo><RAStatus><RAReadDatasetDelta xmlns="http://schemas.microsoft.com/2003/dls/ArchiveAgent/StatusMessages.xsd" BytesTransferred="0" NumberOfFilesTransferred="0" NumberOfFilesFailed="0" DataCorruptionDetected="false"/></RAStatus></Status>

415BF1BD-04EF-486C-A8D0-0C6A8E8E0BBD WARNING Failed: Hr: = [0x80090328] : Encountered Failure: : lVal : hr

415BF1BD-04EF-486C-A8D0-0C6A8E8E0BBD WARNING Logging event for error: 33302, detailed: 0xa61590

415BF1BD-04EF-486C-A8D0-0C6A8E8E0BBD WARNING Failed: Hr: = [0x00008216] CCmdProcEvent::GetEventId: unexpected errorCode: detailed hr: 0x00a61540

Note: The error codes -2146893016 and 0x80090328 basically translates to
SEC_E_CERT_EXPIRED
# The received certificate has expired.

The error code 33302 is the service authentication failed.

DPM SERVER with Cert Expired

If the certificate has expired on the DPM server the you will see an error like this.

DPMRCurr.errlog

ExceptionPolicy.cs(169) WARNING InnerException of type System.IdentityModel.Tokens.SecurityTokenValidationException from Method = Build

02F8 094C 05/02 17:32:29.282 04 ExceptionPolicy.cs(174) WARNING Exception Message = The X.509 certificate CN=DPM2012.Contoso.com chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

02F8 094C 05/02 17:32:29.282 04 ExceptionPolicy.cs(174) WARNING Exception Stack = at System.IdentityModel.Selectors.X509CertificateChain.Build(X509Certificate2 certificate)

02F8 094C 05/02 17:32:29.282 04 cmdprocforcertificate.cpp(232) [0000000000B6FB90] 415BF1BD-04EF-486C-A8D0-0C6A8E8E0BBD WARNING Failed: Hr: = [0x80990941] pDpmCmdProcObject->SubmitResponse failed on server DPM2012.Contoso.com, hrOriginal = 0x80131501, No further retry

02F8 094C 05/02 17:32:29.282 04 cmdprocforcertificate.cpp(331) [0000000000B6FB90] 415BF1BD-04EF-486C-A8D0-0C6A8E8E0BBD WARNING CCommandProcessor::SendOutboundCommandUsingCertificate failed for Server: DPM2012.Contoso.com

02F8 094C 05/02 17:32:29.282 04 cmdproc.cpp(2631) [0000000000B6FB90] 415BF1BD-04EF-486C-A8D0-0C6A8E8E0BBD WARNING Logging event for error: 33302, detailed: 0xa61590

02F8 094C 05/02 17:32:29.282 04 events.cpp(89) [0000000000A2FF90] 415BF1BD-04EF-486C-A8D0-0C6A8E8E0BBD WARNING Failed: Hr: = [0x00008216] CCmdProcEvent::GetEventId: unexpected errorCode: detailed hr: 0x00a61540

DPM DPMCPWrapperServiceCurr.errlog

CertificatesHelper.cs(498) NORMAL Certificate with subject: CN=DPM2012.Contoso.com and thumbprint: 02E436145567778DED5E95138343AE1F19163ED1 is not valid

0AD0 0C3C 05/02 18:07:28.110 09 CertificatesHelper.cs(503) WARNING Flags = NotTimeValid, Info = A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

0AD0 0C3C 05/02 18:07:28.110 09 CertificatesHelper.cs(166) WARNING The certificate with subject: CN=DPM2012.Contoso.com is not trusted

DPM CPWrarpper Error logs codes

For Client related errors (33300 – 33302) refer to dpmra*.errlog or msdpm*.errlog.

For service side errors (33303 – 33304) look up failures in dpmcpwrapperservice*.errlog

For PKI related issues, the Crypto API Event log is a very useful way to figure out what went wrong during certificate validation. This event log is available from Windows Vista onwards.

Configuration Step Errors
33231 : Certificate not found in Personal Store of “LocalMachine” StoreLocation.
33232 : Exception trying to locate a certificate.
33233 : Exception encountered trying to validate certificate.
33234 : The certificate is invalid.
33235 : Error trying to add a firewall rule.
33236 : Error trying to configure DpmCPWrapperService.
33237 : The generic fall back error.
33241 : No .NET 3.5 SP1 detected on the machine (seen only by SetDpmServer.exe).

Errors during business continuity
33300: Configuration errors in the WCF Client config file. (dpmra.exe.config or msdpm.exe.config).
33301: Client certificate is invalid.
33302: The service authentication failed.
33303: The client was not authorized by the service.
33304: The WCF Service is in a bad state. Some possible reasons can be:
a.) Service not running on the remote peer.
b.) Crash in the WCF Service.
c.) WCF unresponsive to client requests leading to Timeouts.
d.) Generic communication failures.
e.) Authentication failure of the client on the service side.
f.) Missing Registry keys

Conclusion: It is imperative that your Certificate infrastructure is extremely solid with a good connection to the CRL for both the DPM server and the member server. In addition there needs to be a stable link between the DPM server and the member server. Once the certs are in place they should be left alone and not need to be altered in any manner. Of course its best to be prepared with a contingency plan should things go awry. As mentioned earlier, its suggested to export your certificates for safe keeping should you have to recover from a missing certificate.

Appendix A

CAPI2 Event Logging

If you are facing repeated authentication failures, refer CAPI2 event viewer logs on both DPM and protected computer. This is not enabled by default. To enable it navigate to:
Event Viewer\Applications and Service Logs\Microsoft\CAPI2
Then right click on “Operational” and select “Enable Log”.

Once done reproduce the problem.

Example:

Going into the details of the properties we can see:

This tells us the CRL server cannot be reached.

4.) Make sure the DPM CPWrapper Service is started and set to “Automatic”. If it is not, then restart the service and test your Attach then OR your connectivity via cert usage.

Additional Resources

Microsoft Root Certificate Program : http://technet.microsoft.com/en-us/library/cc751157.aspx

How to use certificates to authenticate computers in workgroups or untrusted domains with Data Protection Manager : http://blogs.technet.com/b/dpm/archive/2012/04/23/how-to-use-certificates-to-authenticate-computers-in-workgroups-or-untrusted-domains-with-data-protection-manager.aspx

Shane Brasher | Senior Support Escalation Engineer

Get the latest System Center news on Facebook and Twitter:

↧

Support Tip: Moving a DPM protected machine using Certificate Based Authentication from a domain to workgroup causes Consistency Checks to fail

July 26, 2012, 9:47 am

≫ Next: Cloud and Datacenter Management System Center Update Rollup Improvements

≪ Previous: DPM Certificate Troubleshooting–Part 3: Certificates

Consider the following scenario:

In your environment you have a Windows domain controller, a computer running System Center 2012 Data Protection Manager (DPM) and one member server. You are using Certificate Based Authentication (CBA) for the domain member and the domain member name is MemberServer.Contoso.Com.

Note: The proper steps are followed to setup CBA as per the following:

http://blogs.technet.com/b/dpm/archive/2012/04/23/how-to-use-certificates-to-authenticate-computers-in-workgroups-or-untrusted-domains-with-data-protection-manager.aspx

You have successfully created a PG with successful backup.

You later move the server from the domain as a member and place it into a workgroup. The server name changes from "MemberServer.Contoso.com" to just "MemberServer". This is important to note.

From this point forward, a Consistency Check (CC) will fail with the following error:

DPM Alert Event: (ID: 3170) DPM failed to communicate with the protection agent on MemberServer.Contoso.com because the computer is unreachable.

If you perform an attach-productionserverwithcertificate.ps1 command you will see the following error:

DPM Alert Event: (3122) The DPM protection agent on memberserver could not be contacted. Subsequent protection activities for this computer may fail if the connection is not established. The attempted contact failed for the following reason: (ID:3122) The DPM CPWrapper Service authorization failed on the MemberServer computer. Exception Message= Access is denied. (ID: 33303)

Cause

The general thought is that if you have the certificate in place and it's valid and it can resolve the CRL then all should work if you move the server into a workgroup. This is actually incorrect. The thumbprint in use by the memberserver is used to create a bin file and to make registry entries on both the protected server and the DPM server.

Registry Key created on both DPM server and Protected server is MemberServer.Contoso.com.
Bin file used to create the registry entries is: CertificateConfiguration_MemberServer.Contoso.com.bin.

When DPM performs an authorization check, it checks the registry for MemberServer.Contoso.com, notes that its there and makes a CC attempt. The problem is that this server does not exist anymore. Remember, we removed it from the domain. As such, any CC attempts for that server will fail.
When you attempt to perform an attach-productionserverwithcertificate.ps1 command, this also fails because we do not have a new bin file created for MemberServer. Remember that since we removed the server from the domain the server name has changed. The DPM server has no associated bin file or registry entry for "MemberServer" but rather "MemberServer.Contoso.com".

Resolution

1.) Re-run the SetDPMserver command on the protected server. This will create:

a.) A bin file named CertificateConfiguration_MemberServer.bin
b.) The associated registry keys on the protected server.

2.) Take the CertificateConfiguration_MemberServer.bin file to the DPM server and re-run Attach-ProductionServerWithCertificate.ps1, specifying the newly created bin file from the protected server. This will create:

a.) The associated registry key on the DPM server for MemberServer.

You can now create a new Protection Group (PG) for "MemberServer" and continue with your backups.

NOTE: For the old PG, you will not be able to associate it with this server. You can delete the PG and retain data to disk. See the following for more information.

http://blogs.technet.com/b/dpm/archive/2012/04/23/how-to-use-certificates-to-authenticate-computers-in-workgroups-or-untrusted-domains-with-data-protection-manager.aspx

Shane Brasher | Senior Support Escalation Engineer

Get the latest System Center news on Facebook and Twitter:

↧

Cloud and Datacenter Management System Center Update Rollup Improvements

July 26, 2012, 2:19 pm

≫ Next: Important note on DPM 2012 and the Windows Server 2012 Hyper-V replica role

≪ Previous: Support Tip: Moving a DPM protected machine using Certificate Based Authentication from a domain to workgroup causes Consistency Checks to fail

Greetings,

Hi, Carmen Summers here from the Cloud and Data Center Management System Center team. Yesterday System Center released Update Rollup 2 for System Center 2012 posted on all System Center Blogs. This is the second Update Rollup System Center 2012 has released since General Availability. In the past year System Center has developed a new model for Sustained Engineering that centralized Virtual Machine Manager, App Controller, Orchestrator, Service Manager, Operations Manager, and Data Protection Manager into a single operational model. This new operating model will deliver consistency for release of Update Rollups for Cloud and Data Center Management System Center components.

The words above accurately describe the efficiency we want to achieve, but at the end of the day we are doing this for you, our customers, based upon feedback that we needed to make update delivery for System Center more discoverable, more accessible, and more consistent. Some of the new operational efficiencies that will benefit you, our customers, are:

Quarterly Update Rollup releases
Update Rollups are the primary way CDM System Center will release updates publicly
Each Update Rollup will supersede the last making is easier track if you have everything you need installed
Update delivery on Microsoft Update to enable ease of detection and installation via MU or WSUS (Please note, that this is a work in progress)
A single master KB article that describes all fixes to enable ease of finding all information in a single location

We are always striving to make our operating model more efficient. If you have any suggestions or feedback I would love to hear it.

Carmen Summers
Senior Program Manager | Cloud & Datacenter Management System Center

↧

Important note on DPM 2012 and the Windows Server 2012 Hyper-V replica role

August 27, 2012, 11:50 am

≫ Next: System Center 2012 Service Pack 1 Beta Now Available for Download

≪ Previous: Cloud and Datacenter Management System Center Update Rollup Improvements

Hello, Shane Brasher here, and I wanted to take a minute today to talk to you about a Windows Server 2012 Hyper-V / System Center 2012 Data Protection Manager (DPM) SP1 supportability issue. First let’s briefly discuss an exciting new feature of Windows Server 2012 Hyper-V. There is a new functionality added to the Hyper-V role that enables you to implement Business Continuity and Disaster Recovery. This functionality is called Hyper-V replication or Hyper-V Replica. This new feature allows you to have a Hyper-V Primary server that replicates it’s virtual machines to another server hosting the Hyper-V replica role. Any changes made on the Primary Hyper-V are replicated over to the Hyper-V Replica server every 5 minutes, thus if the Primary Hyper-V server should fail then the Hyper-V Replica can take over the workload. More information can be found at the link below:

Hyper-V Replica Overview : http://technet.microsoft.com/en-us/library/jj134172.aspx

The important thing to note about this is that while the DPM agent can be installed on both servers with no issues and you can backup the Primary DPM server as usual with no problems, on the Hyper-V Replica server you can enumerate the virtual machines and “may” even be able to back them up successfully, however backing up or restoring the Hyper-V replica is not supported.

Due to the inner workings of the Hyper-V replication architecture which may be in progress during the time of a DPM backup, there can be no guarantees of a successful backup or restore of virtual machines that reside on the Hyper-V Replica server. You will still be able to backup other types of data on the Hyper-V Replica such as flat files and system state for example.

A common question that is often asked is “if the Replica is a complete backup of the Primary Hyper-V server virtual machines, then why would I want to back that up again with DPM if redundancy is already built-in.” Well, then answer is you wouldn’t need to backup the Hyper-V Replica but you still may want to backup the Primary Hyper-V server for many reasons.

First, you may have a mandatory retention range set via service level agreement that you may want to adhere to. Second, you may choose to perform a restore from a previous point in time for example 2 weeks ago. Third, you may choose to perform a restore from a previous point in time to another Hyper-V server for testing without interrupting productivity. Forth, it’s possible there may be some catastrophic corruption on one of the virtual machines. For example, perhaps you have a virtual machine that has a virus and the virtual machine along with the virus is replicated over to the Hyper-V Replica.

In conclusion the key points are this:

Backing up or restoring virtual machines from a Windows Server 2012 Hyper-V Replica is not supported. If you need an extra layer of redundancy for your Windows Server 2012 Hyper-V virtual machines, you can achieve this by backing up the Hyper-V Primary server.

Shane Brasher | Senior Support Escalation Engineer | Management and Security Division

Get the latest System Center news on Facebook and Twitter:

↧

System Center 2012 Service Pack 1 Beta Now Available for Download

September 11, 2012, 9:25 am

≫ Next: Help Documentation for Using Windows Azure Online Backup with System Center 2012 SP1 – Data Protection Manager

≪ Previous: Important note on DPM 2012 and the Windows Server 2012 Hyper-V replica role

The Beta of System Center 2012 Service Pack 1 (“SP1”) enables System Center customers to jointly evaluate System Center 2012 with Windows Server 2012 and Windows 8. The Beta is for evaluation purposes only and not to be used in production as described in the EULAs associated with the product. No license keys are required to do this evaluation. The Beta includes updates and enhancements to the following System Center 2012 components:

Virtual Machine Manager
- Improved Support for Network Virtualization
- Extend the VMM console with Add-ins
- Support for Windows Standards-Based Storage Management Service, thin provisioning of logical units and discovery of SAS storage
- Ability to convert VHD to VHDX, use VHDX as base Operating System image
Configuration Manager
- Deployment and management of Windows 8 and Windows Server 2012
- Distribution point for Windows Azure to help reduce infrastructure costs
- Automation of administrative tasks through PowerShell support
- Management of Mac OS X clients and Linux and UNIX servers
- Real-time administrative actions for Endpoint Protection related tasks
Data Protection Manager
- Improved backup performance of Hyper-V over CSV 2.0
- Online Backup support with Windows Azure Online Backup service
- Protection for Hyper-V over remote SMB share
- Protection for Windows Server 2012 de-duplicated volumes
- Uninterrupted protection for VM live migration
App Controller
- Service Provider Foundation API to create and operate Virtual Machines
- Support for Azure VM; migrate VHDs from VMM to Windows Azure, manage from on-premise System Center
Operations Manager
- Support for IIS 8
- Monitoring of WCF, MVC and .NET NT services
- Azure SDK support
Orchestrator
- Support for Integration Packs, including 3rd party
- Manage VMM self-service User Roles
- Manage multiple VMM ‘stamps’ (scale units), aggregate results from multiple stamps
- Integration with App Controller to consume Hosted clouds
Service Manager
- Apply price sheets to VMM clouds
- Create chargeback reports
- Pivot by cost center, VMM clouds, Pricesheets
Server App-V
- Support for applications that create scheduled tasks during packaging
- Create virtual application packages from applications installed remotely on native server

For all the details and a download link please see the following: http://www.microsoft.com/en-us/download/details.aspx?id=34607

J.C. Hornbeck | Knowledge Engineer | Management and Security Division

Get the latest System Center news on Facebook and Twitter:

The Forefront Server Protection blog: http://blogs.technet.com/b/fss/
The Forefront Endpoint Security blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity- support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

↧

Help Documentation for Using Windows Azure Online Backup with System Center 2012 SP1 – Data Protection Manager

September 18, 2012, 11:04 am

≫ Next: Support Tip: Scheduled backup to tape runs on a wrong date on DPM 2007, 2010 and 2012

≪ Previous: System Center 2012 Service Pack 1 Beta Now Available for Download

System Center 2012 SP1 Data Protection Manager leverages Windows Azure Online Backup to allow users to store their data online. This document includes documentation to assist users with deploying and using this feature of System Center 2012 SP1 Beta DPM.

This Document will describe how to deploy and use System Center 2012 SP1 Data Protection Manager (DPM) to store backup data in the cloud using the Windows Azure Online Backup service. With System Center 2012 SP1, DPM can now support online backup using the Windows Azure Online Backup service. To use this functionality, customers will need to subscribe to the Windows Azure Online Backup service. Following are the key benefits of the new online backup capabilities in DPM:

Reduced TCO: This service with Azure based public cloud storage will reduce total TCO for customers by providing scalability, elasticity and simplified storage management.
Peace of mind: Windows Azure based backup service helps provide a reliable, secure, robust offsite backup & restore solution that is highly available.
Simplicity: The online backup workflows are seamlessly integrated into the existing DPM backup, recovery and monitoring workflows

For all the details please see the following:

http://www.microsoft.com/en-us/download/details.aspx?id=34608

J.C. Hornbeck | Knowledge Engineer | Management and Security Division

Get the latest System Center news on Facebook and Twitter:

↧

Support Tip: Scheduled backup to tape runs on a wrong date on DPM 2007, 2010 and 2012

September 24, 2012, 11:46 am

≫ Next: MMS 2013 Dates Announced!

≪ Previous: Help Documentation for Using Windows Azure Online Backup with System Center 2012 SP1 – Data Protection Manager

Hi there DPM administrators, Wilson Souza here from DPM Support team. As you know, Data Protection Manager offers many ways to protect server workloads such as Exchange, SQL, SharePoint, Hyper-V, System State, Bare metal, Files, Shares etc. Protection can be done in the following ways:

Disk to Disk (D-D) – When the protected data goes from a disk on the protected server to a volume that sits on your DPM Server

Disk to Tape (D-T)– When the protected data goes from a disk on the protected server to a tape device managed by the DPM server.

Disk to Disk to Tape (D-D-T) – The combination of the two options above where protected data goes from a disk on the protected server to volume that sits on the DPM server and then we copy that data from the DPM volume to a tape device.

When using tapes, we have a range of options available as to when we want the backup to go to tape. This can be daily, weekly, monthly, quarterly, yearly or any other combination that you see fit to your SLA.

DPM delegates the schedule backup control to SQL agent and when it is time for the tape backup to run, SQL agent triggers a DPM engine job to start the backup.

So let’s say that one day you get into the office in the morning to check how backups are being created and notice that a backup that was supposed to run 2 months from now just got completed last night, and you didn’t get a warning stating that DPM would run that backup on an unexpected date. The purposes of this blog is to explain the issue and provide a workaround.

NOTE: This issue does not affect daily, weekly, or monthly tape backup schedules, it primarily affects tape backups that are in multiples of months, like quarterly, semi-annually, yearly etc. This issue is presented on DPM 2007, 2010 and 2012 but this workaround is not applicable to DPM 2007.

EXPLAINING THE ISSUE

Assume that today is 10/07/2011 and we created a new protection group and set long term protection (weekly, quarterly and yearly). At the end of the new protection group wizard, DPM will create the necessary scheduled jobs and send them over to SQL Agent.

As illustrated, this is the quarterly backup as seem from SQL Agent.

Note: Quarterly backups should run only on Jan/Apr/Jul/Oct

SQL Agent shows that this job should run two days after the job was created

On the 10/09/11, the backup to tape ran as expected. For the quarterly schedule definition we are now expecting this backup to run on 01/09/2012.

Almost every action done on a Protection Group (manually: add/remove protected members, modify disk allocation or simply completing a modify protection group wizard without making any change or automatically: SQL and SharePoint auto protection, Disk auto grow) will cause all scheduled jobs from that group to be deleted and recreated. This is where scheduled jobs have a potential of running on a wrong date.

By deleting/creating new schedules, DPM will use the original XML to generate the new scheduled job. The ScheduleXml will use the original Start Date which could now be in the past. Below is the snipped of ScheduleXML.

<?xml version="1.0" encoding="utf-16"?>

</Recurrence>

</Schedule>

Now we fast forward to November the 6^th and the protection group was modified to add a new data source. The original scheduled job above will be removed and a new one created in its place.

Note that the start date below is unchanged.

Highlighted are the new schedules created by the modify protection group operation (one for weekly, quarterly and yearly). The quarterly new scheduled job is the second from the last line (Next Run = 11/09/2011 8:00:00 PM)

SQL agent sees that this schedule was set to run for the first time on 10/09/2011. Now it is almost a month later and Last Run column shows that this job never ran. To resolve that, SQL Agent will set the Next run time for this new job for the first available date. As we are on the 6^th, and the 9^th is three days from now, SQL Agent will schedule this job to run on the 9^th.

So instead of the quarterly backup being run in January as expected, it will now run 2 months earlier. In addition, this job won’t show up as scheduled in the DPM UI (there is an explanation for that but we will cover it on another blog). You will only see a reference to this job when it is running, completed or failed.

WORKAROUND

To work around this issue, copy the script below to SQL Server Management Studio and execute it. This new stored procedure will check if the start date is in the past, and if it is it will calculate the next run time and set it accordingly. From the SQL Agent standpoint, the wrong schedule can only happen when the scheduled start date is set to be in the past which will always be the case once the original schedule day is past.

Script:

=====

USE [DPMDB]

/****** Object: StoredProcedure [dbo].[prc_IM_UserSchedule_Update] Script Date: 11/10/2011 19:11:01 ******

******* Edited by........: Wilson Souza

******* Version..........: 2.2

******* Date Created.....: 11/10/11

******* Date Last Change.: 04/04/11

******* THIS SCRIPT IS FOR DPM 2010/2012 RTM

******* Change Log for V 2.2

******* Addressed issue if selected DAY instead any day of the week.

******* Change log for V 2.0

******* Now using XML variable to retrieve data instead of searching string on schedule variable

******* Now addresses issues for Weekly schedules. Not only Months

******* Now addresses issues when user select First, Second, Third, Four or Last day of the month.

SET ANSI_NULLS ON

SET QUOTED_IDENTIFIER ON

-- Update one row in UserSchedule table by ScheduleID.

-- If this ScheduleID doesn't exist,

-- add a new row with this ScheduleID.

ALTER PROCEDURE [dbo].[prc_IM_UserSchedule_Update]

(

@ScheduleID GUID,

@ProtectedGroupID GUID,

@JobType tinyint,

--------------- Change Start ---------------

-- @Schedule ntext,

@Schedule nvarchar(max),

--------------- Change end ---------------

@Immediacy bit,

@TimeOffset int,

@MaxDuration bigint,

@ScheduleListId GUID

)

DECLARE @error int,

@rowcount int,

--------------- Change Start ---------------

@xml xml,

@CurrentDate date,

@ForLOfTheMonth date, -- First or Last Day of the Month

@count int,

@count1 int,

@Monthly_StartDt date,

@Monthly_Interval int,

@Monthly_MonthDayList int, -- This might not be needed

@MonthlyRelative_StartDt date,

@MonthlyRelative_Interval int,

@MonthlyRelative_RelativeWeekDay nvarchar(3),

@MonthlyRelative_RelativeInterval nvarchar(6),

@Weekly_StartDt date,

@Weekly_Interval int,

@Weekly_WeekDayList nvarchar(20) -- This might not be needed

set @xml = CONVERT(xml,SUBSTRING(@schedule,42,LEN(@schedule)-41))

set @CurrentDate = GETDATE()

select @Weekly_StartDt = @xml.value ('(//*[local-name()="Weekly"]/@StartDt)[1]', 'date')

select @Weekly_Interval = @xml.value ('(//*[local-name()="Weekly"]/@Interval)[1]', 'int')

select @Weekly_WeekDayList = @xml.value ('(//*[local-name()="Weekly"]/@WeekDayList)[1]', 'nvarchar(20)') -- This might not be needed

select @Monthly_StartDt = @xml.value ('(//*[local-name()="Monthly"]/@StartDt)[1]', 'date')

select @Monthly_Interval = @xml.value ('(//*[local-name()="Monthly"]/@Interval)[1]', 'int')

select @Monthly_MonthDayList = @xml.value ('(//*[local-name()="Monthly"]/@MonthDayList)[1]', 'int') -- This might not be needed

select @MonthlyRelative_StartDt = @xml.value ('(//*[local-name()="MonthlyRelative"]/@StartDt)[1]', 'date')

select @MonthlyRelative_Interval = @xml.value ('(//*[local-name()="MonthlyRelative"]/@Interval)[1]', 'int')

select @MonthlyRelative_RelativeWeekDay = @xml.value ('(//*[local-name()="MonthlyRelative"]/@RelativeWeekDay)[1]', 'nvarchar(3)')

select @MonthlyRelative_RelativeInterval = @xml.value ('(//*[local-name()="MonthlyRelative"]/@RelativeInterval)[1]', 'nvarchar(6)')

If @Monthly_StartDt is NOT NULL

while @Monthly_StartDt < @Currentdate

Set @Monthly_StartDt = DATEADD(MONTH,@Monthly_Interval,@Monthly_StartDt)

if @Weekly_StartDt is NOT NULL

if @Weekly_Interval > 1

while @Weekly_StartDt < @CurrentDate

set @Weekly_StartDt = DATEADD(DAY,@Weekly_Interval * 7,@Weekly_StartDt)

If @MonthlyRelative_StartDt is NOT NULL

Begin

set @ForLOfTheMonth = DATEADD(dd,-(DAY(DATEADD(mm,1,@Currentdate))-1)-(DAY(@Currentdate)-DAY(DATEADD(mm,1,@Currentdate))),@Currentdate)

if @MonthlyRelative_RelativeInterval = 'Last'

begin

set @ForLOfTheMonth = DATEADD(Month,1,@ForLOfTheMonth)

set @ForLOfTheMonth = DATEADD(dd,-(DAY(DATEADD(mm,1,@ForLOfTheMonth))-1)-(DAY(@ForLOfTheMonth)-DAY(DATEADD(mm,1,@ForLOfTheMonth))),@ForLOfTheMonth)

set @ForLOfTheMonth = DATEADD(day,-1,@ForLOfTheMonth)

end

while @MonthlyRelative_StartDt < @CurrentDate

begin

while @MonthlyRelative_StartDt < @ForLOfTheMonth

Set @MonthlyRelative_StartDt = DATEADD(MONTH,@MonthlyRelative_Interval,@MonthlyRelative_StartDt)

if @MonthlyRelative_RelativeInterval = 'Last'

Begin

set @MonthlyRelative_StartDt = DATEADD(Month,1,@ForLOfTheMonth)

set @MonthlyRelative_StartDt = DATEADD(dd,-(DAY(DATEADD(mm,1,@MonthlyRelative_StartDt))-1)-(DAY(@MonthlyRelative_StartDt)-DAY(DATEADD(mm,1,@MonthlyRelative_StartDt))),@MonthlyRelative_StartDt)

set @MonthlyRelative_StartDt = DATEADD(day,-1,@MonthlyRelative_StartDt)

End

else

set @MonthlyRelative_StartDt = DATEADD(dd,-(DAY(DATEADD(mm,1,@MonthlyRelative_StartDt))-1)-(DAY(@MonthlyRelative_StartDt)-DAY(DATEADD(mm,1,@MonthlyRelative_StartDt))),@MonthlyRelative_StartDt)

if @MonthlyRelative_RelativeInterval = 'First' or @MonthlyRelative_RelativeInterval = 'Last'

set @count = 1

if @MonthlyRelative_RelativeInterval = 'Second'

set @count = 2

if @MonthlyRelative_RelativeInterval = 'Third'

set @count = 3

if @MonthlyRelative_RelativeInterval = 'Fourth'

set @count = 4

set @count1 = @count

if @MonthlyRelative_RelativeWeekDay = 'Day'

if @count <> 1

Begin

set @MonthlyRelative_StartDt = DATEADD(dd,@count-1,@MonthlyRelative_StartDt)

set @count = 0

End

Else

set @count = 0

while @count <> 0

begin

if substring(DATENAME(dw,@MonthlyRelative_StartDt),1,2) = @MonthlyRelative_RelativeWeekDay

set @count = @count - 1

if @count <> 0

if @MonthlyRelative_RelativeInterval <> 'Last'

set @MonthlyRelative_StartDt = DATEADD(day,1,@MonthlyRelative_StartDt)

else

set @MonthlyRelative_StartDt = DATEADD(day,-1,@MonthlyRelative_StartDt)

end

if @MonthlyRelative_StartDt < @CurrentDate

begin

set @MonthlyRelative_StartDt = DATEADD(MONTH,@MonthlyRelative_Interval,@MonthlyRelative_StartDt)

set @MonthlyRelative_StartDt = DATEADD(dd,-(DAY(DATEADD(mm,1,@MonthlyRelative_StartDt))-1)-(DAY(@MonthlyRelative_StartDt)-DAY(DATEADD(mm,1,@MonthlyRelative_StartDt))),@MonthlyRelative_StartDt)

if @MonthlyRelative_RelativeInterval = 'Last'

begin

set @MonthlyRelative_StartDt = DATEADD(Month,1,@MonthlyRelative_StartDt)

set @MonthlyRelative_StartDt = DATEADD(dd,-(DAY(DATEADD(mm,1,@MonthlyRelative_StartDt))-1)-(DAY(@MonthlyRelative_StartDt)-DAY(DATEADD(mm,1,@MonthlyRelative_StartDt))),@MonthlyRelative_StartDt)

set @MonthlyRelative_StartDt = DATEADD(day,-1,@MonthlyRelative_StartDt)

end

set @count = @count1

if @MonthlyRelative_RelativeWeekDay = 'Day'

if @count <> 1

Begin

set @MonthlyRelative_StartDt = DATEADD(dd,@count-1,@MonthlyRelative_StartDt)

set @count = 0

End

Else

set @count = 0

while @count <> 0

begin

if substring(DATENAME(dw,@MonthlyRelative_StartDt),1,2) = @MonthlyRelative_RelativeWeekDay

set @count = @count - 1

if @count <> 0

if @MonthlyRelative_RelativeInterval <> 'Last'

set @MonthlyRelative_StartDt = DATEADD(day,1,@MonthlyRelative_StartDt)

else

set @MonthlyRelative_StartDt = DATEADD(day,-1,@MonthlyRelative_StartDt)

end

End

if @Monthly_StartDt is NOT NULL

set @xml.modify ('replace value of (//*[local-name()="Monthly"]/@StartDt)[1] with sql:variable("@Monthly_StartDt")')

If @MonthlyRelative_StartDt is NOT NULL

set @xml.modify ('replace value of (//*[local-name()="MonthlyRelative"]/@StartDt)[1] with sql:variable("@MonthlyRelative_StartDt")')

if @Weekly_StartDt is NOT NULL

set @xml.modify ('replace value of (//*[local-name()="Weekly"]/@StartDt)[1] with sql:variable("@Weekly_StartDt")')

set @Schedule = '<?xml version="1.0" encoding="utf-16"?> ' + CONVERT(nvarchar(max),@xml)

--------------- Change end ---------------

SET @rowcount = 0

SET @error = 0

SET NOCOUNT ON

UPDATE dbo.tbl_IM_UserSchedule

SET ProtectedGroupID = @ProtectedGroupID,

JobType = @JobType,

Schedule = @Schedule,

Immediacy = @Immediacy,

TimeOffset = @TimeOffset,

MaxDuration = @MaxDuration,

ScheduleListId = @ScheduleListId

WHERE ScheduleID = @ScheduleID

SELECT @error = @@ERROR, @rowcount = @@ROWCOUNT

IF (@error = 0 AND @rowcount = 0)

BEGIN

INSERT INTO dbo.tbl_IM_UserSchedule

(

ScheduleID,

ProtectedGroupID,

JobType,

Schedule,

Immediacy,

TimeOffset,

MaxDuration,

ScheduleListId

)

values

(

@ScheduleID,

@ProtectedGroupID,

@JobType,

@Schedule,

@Immediacy,

@TimeOffset,

@MaxDuration,

@ScheduleListId

)

SET @error = @@ERROR

END

SET NOCOUNT OFF

RETURN @error

=====

Wilson Souza | Senior Support Escalation Engineer | Management and Security Division

Get the latest System Center news on Facebook and Twitter:

↧

MMS 2013 Dates Announced!

October 8, 2012, 6:55 pm

≫ Next: System Center 2012 Update Rollup 3 (UR3) Released!

≪ Previous: Support Tip: Scheduled backup to tape runs on a wrong date on DPM 2007, 2010 and 2012

We're happy to announce that MMS will return to Las Vegas, NV, April 8-12, 2013!
In order to be one of the first to know about the opening of MMS 2013 registration, send mail to mmsnotfy@microsoft.com to subscribe to MMS News & Updates.

http://www.mms-2012.com/headlines/details/34ddda43-7b11-e211-84a1-001ec953730b

↧

System Center 2012 Update Rollup 3 (UR3) Released!

October 9, 2012, 10:16 pm

≫ Next: KB: MSDPM.EXE crashes during Garbage Collection causing DPMDB growth in Data Protection Manager 2007

≪ Previous: MMS 2013 Dates Announced!

We are pleased to announce that System Center 2012 Update Rollup 3 (UR3) has been released. Keeping with our currently schedule of releasing update rollups quarterly, Update Rollup 3 provides updates for issues that have been reported to Microsoft.

This update contains updates for Service Manager, Data Protection Manager, and Operations Manager. This also marks the first time that Data Protection Manager and Operations Manager updates have been released via Microsoft Update (MU).

Issues that are fixed in Update Rollup 3 for System Center 2012

Update Rollup 3 for System Center Data Protection Manager 2012 (KB2751230)
Issue 1
After you upgrade System Center Data Protection Manager 2010 to System Center Data Protection Manager 2012, the tape management report does not display overdue tapes.
Issue 2
System Center Data Protection Manager 2012 Client Protection does not scale to the limits that are expected.
Issue 3
When you try to specify a client computer name in the DPMServerName attribute by using Windows PowerShell, Windows PowerShell crashes.
Issue 4
When the name of a Microsoft SharePoint site collection contains a space, and you perform a SharePoint item-level recovery operation in System Center Data Protection Manager 2012, the operation fails.
Issue 5
After you rename a SharePoint site in System Center Data Protection Manager 2012, you cannot restore the site.
Issue 6
The SharePoint Recovery Point Status Report displays incorrect data in System Center Data Protection Manager 2012.
Issue 7
A bare metal recovery fails in certain situations.

Update Rollup 3 for System Center Operations Manager 2012 (KB2750631)

Issue 1
When you use the 32-bit version of Windows Internet Explorer to start a web console, the Microsoft.EnterpriseManagement.Presentation.Controls.SpeedometerGaugeUIController controller does not work correctly.
Issue 2
When you run a Windows PowerShell cmdlet, you receive the following error message:

Get-BPAModel is not recognized as the name of a cmdlet.

Issue 3
When you try to change a URL in the "web application availability monitoring" template instance, the change is not applied.

Update Rollup 3 for System Center Service Manager 2012 (KB2750615)

Issue 1
When you open or close the Incident form in the System Center Service Manager 2012 console, a memory leak occurs.
Issue 2
When form control objects are rooted in the Garbage-Collected (GC) Heap, the System Center Service Manager 2012 console crashes, and you receive an OutOfMemoryException exception.
Issue 3
After you change the SharePoint site language to Turkish in the System Center Service Manager 2012 portal, the display strings are displayed in English unexpectedly.
Issue 4
When you open the System Center Service Manager 2012 console by using a Citrix application, and then you open the Incident form, you experience slow performance.

You can find more details and instructions for obtaining and installing the update rollup on the associated KB article here:

http://support.microsoft.com/kb/2756127

Thank you all for your feedback on these issues. Please continue to create support cases for issues that you encounter so they can be triaged for inclusion in future cumulative updates or service packs.

↧

KB: MSDPM.EXE crashes during Garbage Collection causing DPMDB growth in Data Protection Manager 2007

October 10, 2012, 11:15 am

≫ Next: KB: Creating protection for Hyper-V VMs on Windows Server 2012 fails with Internal error code 0x809909E2

≪ Previous: System Center 2012 Update Rollup 3 (UR3) Released!

Here’s a new Knowledge Base article we published. This one talks about an issue where MSDPM.EXE crashes during Garbage Collection causing DPMDB growth in DPM 2007.

=====

Symptoms

Every day at midnight, System Center Data Protection Manager 2007 (DPM) starts a couple of maintenance tasks which are referred to as Garbage Collection. During Garbage Collection, a couple things happen such as:

Expired Recovery Points are removed
Entries from the DPMDB database that are older than 33 days are removed

A problem that can occur is that during Garbage Collection, the DPM service (MSDPM.EXE) crashes and the Garbage Collection job never completes. As result, stale data within DPMDB is never completely removed and you end up with a large and ever growing DPMDB database.

Cause

This can occur if SQL encounters a deadlock and in order to resolve it, one of the store procedures involved in the deadlock is killed by the SQL Engine.

You can find something similar to the following in MSDPMCurr.errlog if this is occurring:

NOTE If DPM was installed in its default location, this file will be in C:\Program Files\Microsoft DPM\DPM

Attempt 1 failed with exception Microsoft.Internal.EnterpriseStorage.Dls.DB.NonFatalDbException: exception ---> System.Data.SqlClient.SqlException: Transaction (Process ID 63) was deadlocked on lock | communication buffer resources with another process and has been chosen as the deadlock victim. Rerun the transaction.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe)
at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
at Microsoft.Internal.EnterpriseStorage.Dls.DB.SqlRetryCommand.ExecuteNonQuery()
--- End of inner exception stack trace ---
*** Mojito error was: DatabaseNonFatalError; 0; None
--- SqlException details -----------------
System.Data.SqlClient.SqlException: Transaction (Process ID 63) was deadlocked on lock | communication buffer resources with another process and has been chosen as the deadlock victim. Rerun the transaction.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe)
at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
at Microsoft.Internal.EnterpriseStorage.Dls.DB.SqlRetryCommand.ExecuteNonQuery()
Error = 1205
Index #0
Source: .Net SqlClient Data Provider
Number: 1205
State: 52
Class: 13
Server: <Server_Name>
Message: Transaction (Process ID 63) was deadlocked on lock | communication buffer resources with another process and has been chosen as the deadlock victim. Rerun the transaction.
Procedure: prc_PRM_GarbageCollect
Line: 714
--- Original Command -----------------
dbo.prc_DLS_GarbageCollect
--- Caller StackTrace -----------------
FileName:; Method:ExecuteNonQuery(); lineNo:0; ilOffset:8.
FileName:; Method:CleanupDlsDatabase(); lineNo:0; ilOffset:119.
FileName:; Method:OnStart(); lineNo:0; ilOffset:260.
FileName:; Method:Start(); lineNo:0; ilOffset:2.
FileName:; Method:Execute(); lineNo:0; ilOffset:8.
FileName:; Method:ChangeState(); lineNo:0; ilOffset:62.
FileName:; Method:Process(); lineNo:0; ilOffset:338.
FileName:; Method:Function(); lineNo:0; ilOffset:16.
FileName:; Method:Run(); lineNo:0; ilOffset:95.
FileName:; Method:PerformWaitCallbackInternal(); lineNo:0; ilOffset:28.
FileName:; Method:PerformWaitCallback(); lineNo:0; ilOffset:40.

Resolution

This is a known issue in System Center Data Protection Manager 2007. To have this issue addressed, please contact Microsoft Support (http://support.microsoft.com/contactus/).

More Information

This issue is addressed in System Center Data Protection Manager 2010 and later.

=====

For the most current version of this article please see the following:

2758637 - MSDPM.EXE crashes during Garbage Collection causing DPMDB growth in Data Protection Manager 2007

J.C. Hornbeck | Knowledge Engineer | Management and Security Division

Get the latest System Center news on Facebook and Twitter:

↧

KB: Creating protection for Hyper-V VMs on Windows Server 2012 fails with Internal error code 0x809909E2

October 11, 2012, 9:13 am

≫ Next: DPM Support Tip: Reporting fails with "implementation is not part of FIPS validated cryptographic algorithms"

≪ Previous: KB: MSDPM.EXE crashes during Garbage Collection causing DPMDB growth in Data Protection Manager 2007

Here’s a new Knowledge Base article we published. This one talks about an issue where using DPM 2012 SP1 to create a protection group for a Hyper-V workload that is running on Windows Server 2012 fails to complete.

=====

Symptoms

When using System Center 2012 Data Protection Manager (DPM) SP1 to create a protection group for a Hyper-V workload that is running on Windows Server 2012, the protection will not complete. The symptoms vary based on the configuration of the Hyper-V server.

For stand-alone Hyper-V server

In DPM, creation of the protection group will fail with the error:
Type: Replica creation
Status: Failed
Description: Failure occurred while adding one or more of the volumes involved in backup operation to snapshot set. Please check the event log on %HypervServer%.lab to troubleshoot the issue. (ID 30290 Details: Internal error code: 0x809909E2)
More information
End time:
Start time:
Time elapsed: 00:00:05
Data transferred: 0 MB
Cluster node -
Source details: \Backup Using Child Partition Snapshot\Server1
Protection group: Protection Group 1

For both stand-alone and CSV Hyper-V

On the Hyper-V server, the application event log will show Event IDs 12292 and 13 from VSS:

Log Name: Application
Source: VSS
Date:
Event ID: 12292
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {463948d2-035d-4d1d-9bfc-473fece07dab} [0x80070005, Access is denied.].
Log Name: Application
Source: VSS
Date:
Event ID: 13
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
Volume Shadow Copy Service information: The COM Server with CLSID {463948d2-035d-4d1d-9bfc-473fece07dab} and name HWPRV cannot be started. [0x80070005, Access is denied.]

Cause

This is caused by the iSCSI Target Storage Provider returning an unexpected state.

Resolution

There are two options to workaround this issue.

Option One:

Create a registry key to force DPM to skip trying any hardware providers:

HKLM\Software\Microsoft\Microsoft Data Protection Manager\Agent\UseSystemSoftwareProvider

NOTES:

Presence of this key will force DPM to use the software provider, so if you have and want to use a hardware provider do not use this key. Likewise, if you add a hardware provider in the future you will need to remove it.
This is a key under Agent and not a value.
This must be added to each node of the CSV cluster that DPM is using (has an agent on).
This does not require a reboot of the nodes.

Option Two:

One the Hyper-V server(s) involved, remove the iSCSI Target Storage Provider (VSD and VSS) by using the Add Roles and Features Wizard. It is a Role under the File And Storage Services/File and iSCSI Services area.

More Information

The Hyper-V servers will also have the following logged in the Program Files\Microsoft Data Protection Manager\DPM\Temp

DPMRA*.errlog

146C 1140 09/25 04:00:54.578 31 vsssessioncontext.cpp(143) [0000000001D8EEC0] WARNING </VSS_CONTEXT>
146C 1384 09/25 04:01:24.581 31 vsssnapshotrequestor.cpp(645) [0000000001D86690] WARNING Failed: Hr: = [0x80042316] : CSV2 Snapshot failed with UnexpectedProviderError (0x8004230F), Mapping it to SnapshotSetInProgress error, Volume: \\?\Volume{e1b5c403-3d99-4c5c-a521-840f1b61bb75}\
146C 1384 09/25 04:01:24.581 31 createsnapshotsubtask.cpp(1780) [0000000001D87FB0] WARNING Failed: Hr: = [0x80042316] : Encountered Failure: : lVal : pSnapshotRequestor->StartPrepareForBackup(snapshotSetId, m_fUseSystemSoftwareProviderOnly)
146C 1384 09/25 04:01:24.581 05 fsmstate.cpp(167) [0000000001D8CE70] WARNING Failed: Hr: = [0x80042316] : Encountered Failure: : lVal : pTransition->Execute(pEvent)
146C 1384 09/25 04:01:24.581 05 genericfsm.cpp(225) [0000000001D8D3F0] WARNING Failed: Hr: = [0x80042316] : Encountered Failure: : lVal : m_pCurrentState->SendEvent(pEvent, pNextState)
146C 1438 09/25 04:01:24.581 31 hypervwriterhelperplugin.cpp(535) [0000000001D8C1D0] NORMAL Component 80DC3791-5605-4EC3-AE14-1D742C8A6AF5 is a VM
146C 1438 09/25 04:01:24.607 31 vsssnapshotrequestor.cpp(544) [0000000001D86690] NORMAL CVssSnapshotRequestor::StartPrepareForBackup [0000000001D86690]
146C 1438 09/25 04:01:24.612 31 vsssnapshotrequestor.cpp(593) [0000000001D86690] NORMAL CVssSnapshotRequestor: Using provider {00000000-0000-0000-0000-000000000000} for volume \\?\Volume{e1b5c403-3d99-4c5c-a521-840f1b61bb75}\
146C 1438 09/25 04:01:24.643 31 vsssessioncontext.cpp(143) [0000000001D8EEC0] WARNING <VSS_CONTEXT><COMPONENTS><COMPONENT><WriterId>{66841CD4-6DED-4F4B-8F17-FD23F8DDC3DE}</WriterId><WriterName></WriterName><LogicalPath></LogicalPath><ComponentName>80DC3791-5605-4EC3-AE14-1D742C8A6AF5</ComponentName><ComponentType>2</ComponentType></COMPONENT></COMPONENTS><SNAPSHOT_CONTEXT> SelectComponent = 1, PartialFileSupport = 0, BootableState = 0, BackupType = 1, SnapshotContext = 0, SnapshotAttributes = VSS_CTX_BACKUP </SNAPSHOT_CONTEXT><SnapShotVolumes><Volume> <Name>\\?\Volume{e1b5c403-3d99-4c5c-a521-840f1b61bb75}\</Name> <SnapshotPath>(null)</SnapshotPath> <MountPoint>C:\ClusterStorage\volume2\</MountPoint> <MountPointArray></MountPointArray> <SnapshotId>{00000000-0000-0000-0000-000000000000}</SnapshotId> <ProviderId>{00000000-0000-0000-0000-000000000000}</ProviderId> <IsHardwareProvider>0</IsHardwareProvider> </Volume></SnapShotVolumes>

=====

For the most current version of this article please see the following:

2761897 - Creating protection for Hyper-V VMs on Windows Server 2012 fails with Internal error code 0x809909E2

J.C. Hornbeck | Knowledge Engineer | Management and Security Division

Get the latest System Center news on Facebook and Twitter:

↧

DPM Support Tip: Reporting fails with "implementation is not part of FIPS validated cryptographic algorithms"

October 11, 2012, 10:10 am

≫ Next: DPM Support Tip: ID 41 Details: No connection could be made because the target machine actively refused it (0x8007274D)

≪ Previous: KB: Creating protection for Hyper-V VMs on Windows Server 2012 fails with Internal error code 0x809909E2

When opening Reporting Services Configuration Manager, the Web Service URL and Report Manager URL fails with the following error:

Reporting Services Error
An internal error occurred on the report server. See the error log for more details. (rsInternalError) Get Online Help
Exception of type 'System.Web.HttpUnhandledException' was thrown.
This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

Stack info:
[InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.]
System.Security.Cryptography.RijndaelManaged..ctor() +200 System.Web.Configuration.MachineKeySection.ConfigureEncryptionObject() +2088
System.Web.Configuration.MachineKeySection.EnsureConfig() +904
System.Web.Configuration.MachineKeySection.GetEncodedData(Byte[] buf, Byte[] modifier, Int32 start, Int32& length) +88
System.Web.UI.ObjectStateFormatter.Serialize(Object stateGraph) +1320
System.Web.UI.Util.SerializeWithAssert(IStateFormatter formatter, Object stateGraph) +248
System.Web.UI.HiddenFieldPageStatePersister.Save() +280
System.Web.UI.Page.SaveAllState() +6488
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +17240

Cause

This can occur if FIPS is enabled and using the RijndaelManaged AES which is not been certified by the National Institute of Standards and Technology (NIST) as compliant with the Federal Information Processing Standard (FIPS). Because of this, the AES algorithm is not part of the Windows Platform FIPS validated cryptographic algorithms.

See http://support.microsoft.com/kb/911722 for more information.

Resolution

Edit the web.config file of directories below per article - http://support.microsoft.com/kb/911722

%DPMInstall%\Program Files\Microsoft DPM\SQL\MSRS.10.MSDPM2010\Reporting Services\ReportManager

%DPMInstall%\Program Files\Microsoft DPM\SQL\MSRS.10.MSDPM2010\Reporting Services\ReportServer

Add the following section to the system.web section

1. In a text editor such as Notepad, open the application-level Web.config file.

2. In the Web.config file, locate the <system.web> section.

3. Add the following <machineKey> section to in the <system.web> section:

4. Save the Web.config file.

More Information

If the SSRS log file(%DPMInstall%\Program Files\Microsoft DPM\SQL\MSRS.10.MSDPM2010\Reporting Services\LogFiles) is showing the error below, the SSRS data source does not have the "Allow log on locally" privilege defined for it in the Local Security Policy:

<ERROR>
library!ReportServer_0-2!704!09/27/2012-15:37:05:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.LogonFailedException: Log on failed., ;
Info: Microsoft.ReportingServices.Diagnostics.Utilities.LogonFailedException: Log on failed. ---> System.Runtime.InteropServices.COMException (0x80070569): Logon failure: the user has not been granted the requested logon type at this computer.(Exception from HRESULT: 0x80070569)
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at RSRemoteRpcClient.RemoteLogon.GetRemoteImpToken(String pRPCEndpointName, Int32 type, Guid dataSourceId, String pUserName, String pDomain, String pPassword)
at Microsoft.ReportingServices.Diagnostics.ImpersonationContext.Login(CredentialsType credType, Guid dataSourceId, String userName, String userPwd, String domain)
--- End of inner exception stack trace ---
</ERROR>

To resolve, add the account being used to the "Allow log on locally" security policy.

Andy Nadarewistsch | Senior Support Escalation Engineer | Management and Security Division

Get the latest System Center news on Facebook and Twitter:

↧

DPM Support Tip: ID 41 Details: No connection could be made because the target machine actively refused it (0x8007274D)

October 15, 2012, 11:12 am

≫ Next: System Center 2012 SP1 Beta downloadable evaluation VHDs Now Available

≪ Previous: DPM Support Tip: Reporting fails with "implementation is not part of FIPS validated cryptographic algorithms"

When trying to restore to a Recovery Database (RDB) you may get an agent timeout with the following error message:

ID 41 Details: No connection could be made because the target machine actively refused it (0x8007274D)

You may also see errors in the Exchange Application event log for VSS like this one:

Log Name: Application
Source: MSExchangeIS
Date:
Event ID: 9619
Task Category: Exchange VSS Writer
Level: Error
Keywords: Classic
User: N/A
Computer: <Server name>
Description:
Exchange VSS Writer failed with error code -543 when processing the post-restore event.

If any databases were restored, they are likely in a dirty-shutdown state.

Cause

Exchange is using ports 5718 and 5719 which are the same ports that DPM agent communication uses.

Resolution 1

To verify that Exchange is the process using the ports:

1. Open a Command Prompt window. Run the following commands at the command prompt:

netstat -ano > netstat.txt
tasklist > tasklist.txt
tasklist /svc >svclist.txt

Note In this step, the command outputs of the netstat command and the tasklist command are written to text files so that you can check the outputs more easily. Run the tasklist command together with the /svc switch because the process that is using the required ports may be running as a service.

2. Open the text files that were generated in step 1. To do this, run the following commands at the command prompt:

notepad netstat.txt
notepad tasklist.txt
notepad svclist.txt

3. In the Netstat.txt file, find any entries that correspond to TCP port 5718 and to TCP port 5719. Note the process identifier (PID) for each entry.

4. In the Tasklist.txt file, locate the PIDs that you found in step 3 to determine which processes are using the required ports. If you do not find the PIDs in the Tasklist.txt file, try to find the PIDs in the Svclist.txt file.

5. After you find out which process is using the required ports, configure the corresponding program to use other available ports. If you cannot change the program's ports, or if the program uses ports dynamically, you must stop the program.

Note If another application is using the port or ports (5718 and 5719), the ports cannot be changed. In this case, you can, instead, use the SetAgentcfg.exe tool. This tool provides the ability to change the default ports that the DPM agent uses.

To change the ports that are used by the DPM agent, follow these steps on the protected computer that is experiencing the problem. Make sure that the ports that you reassign will not used by any other applications.

1. Locate the SetAgentcfg.exe file from the DPM server. By default, the file is located at the following path:

%PROGRAMFILES%\Microsoft DPM\DPM\Setup\SetAgentCfg.exe

2. Copy the file to the protected computer that is experiencing the problem. Copy the file to the agent DPM\Bin directory. By default, the file is located at the following path:

%PROGRAMFILES%\Microsoft Data Protection Manager\DPM\bin

3. On the protected computer that is experiencing the problem, open an administrative Command Prompt window.

4. In the Command Prompt window, change to the directory to which the SetAgentCfg.exe file was copied. For example, change to the following directory:

%PROGRAMFILES%\Microsoft Data Protection Manager\DPM\bin

5. Run the following command to change the ports that are used by the DPM Agent:

SetAgentCfg e dpmra <port number> <alternate port number>

6. Restart the DPMRA service.

Resolution 2

NOTE It depends on what version of the OS is running on the Exchange server exhibiting the behavior, however the goal is to ensure that ports 5718 and 5719 are not being used by Exchange.

For Windows Server 2000\2003:

The DPM protection agent service cannot start in System Center Data Protection Manager 2007 http://support.microsoft.com/default.aspx?scid=kb;EN-US;947682

How to reserve a range of ephemeral ports on a computer that is running Windows Server 2003 or Windows 2000 Server
http://support.microsoft.com/kb/812873

For Windows Server 2008 and 2008 R2:

You cannot exclude ports by using the ReservedPorts registry key in Windows Server 2008 or in Windows Server 2008 R2
http://support.microsoft.com/kb/2665809

More Information

You can use the command below to reserve these ports using the command line:

netsh int ipv4 Add excludedportrange protocol=tcp startport=5719 numberofports=2

Once those ports are freed up for DPM, the recovery should complete successfully.

Andy Nadarewistsch | Senior Support Escalation Engineer | Management and Security Division

Get the latest System Center news on Facebook and Twitter:

↧

System Center 2012 SP1 Beta downloadable evaluation VHDs Now Available

October 15, 2012, 9:49 pm

≫ Next: Things you can do to help Data Protection Manager utilize your tapes full capacity

≪ Previous: DPM Support Tip: ID 41 Details: No connection could be made because the target machine actively refused it (0x8007274D)

System Center 2012 Service Pack 1 Beta - Installable Bits (if you want to do that instead of VMs)

http://www.microsoft.com/en-us/download/details.aspx?id=34607

App Controller – Service Pack 1 Beta

http://www.microsoft.com/en-us/download/details.aspx?id=34781

Operations Manager – Service Pack 1 Beta

http://www.microsoft.com/en-us/download/details.aspx?id=34780

Orchestrator – Service Pack 1 Beta

http://www.microsoft.com/en-us/download/details.aspx?id=34778

Service Manager – Service Pack 1 Beta

http://www.microsoft.com/en-us/download/details.aspx?id=34777

Virtual Machine Manager – Service Pack 1 Beta

http://www.microsoft.com/en-us/download/details.aspx?id=34803

Data Protection Manager – Service Pack 1 Beta

http://www.microsoft.com/en-us/download/details.aspx?id=34779

↧

Things you can do to help Data Protection Manager utilize your tapes full capacity

May 14, 2012, 10:42 am

≫ Next: Data Protection Manager Support for End User Recovery on Mountpoint Shares

≪ Previous: System Center 2012 SP1 Beta downloadable evaluation VHDs Now Available

Hello, Mike Jacquet here, and today I would like to discuss things you can do to help Data Protection Manager (DPM) utilize your tapes to full capacity. Many customers have reported that DPM tape backups use more tapes than necessary when backing up large data sources or many small data sources across protection groups. For an example, the tape may have a Native capacity of 800GB, but DPM never seems to fill the tape and may even stop using the tape after writing only a few gigabytes. Other customers report that they have no problem filling tapes when the backups are large enough to fill the tape during a single backup session, however if the tape is not filled or marked offsite ready, the tape will still not be used for subsequent backup jobs scheduled on a later day or week.

These appear to be related problems, but in reality, there are several underlying causes that need to be explored and DPM settings explained / configured before optimal tape usage can be achieved.

Tape drive / Library hardware and device drivers.

Data Protection Manager does not ship with or use Microsoft proprietary device drivers for tape drives and libraries; instead, DPM relies on Windows 2008 X64 compatible device drivers from the OEM vendor of the hardware. The guidance we are giving customers is if the library is listed on the Windows server catalog under the hardware / storage section and shows as being compatible with Windows 2008 X64 and Windows 2008 R2, then it should work fine with Data Protection Manager.

Windows Server Catalog: http://www.windowsservercatalog.com

One problem that the DPM product group discovered is that some tape drives did not properly report or process end of media EOM correctly when the end of tape was reached and instead reported an IO_DEVICE_ERROR 0x8007045D error. This problem would cause DPM tape backup jobs to fail anytime a tape filled. Another problem that was discovered is some tape drives did not handle multiple buffers very well and would also result in IO errors being reported. To mitigate both of those problems, some logic was added to the DPM agent to handle these types of problems that were outside of our control.

Today, If the tape driver returns an IO_DEVICE_ERROR, DPM will auto convert IO_DEVICE_ERROR to an END_OF_TAPE_REACHED and span to next media without any issues. However, that brings us to our first reported problem that DPM will not fill tapes and grabs another tape after only writing a few gigabytes.

Now you ask, how can I tell if the tape drive / driver / firmware combination in use is having these behind the scenes / hidden device I/O error 0x8007045D ?

To see if the tape drive is reporting IO error 0x8007045D that equals "The request could not be performed because of an I/O device error", you can run the following commands on the DPM server.

Open an Administrative command prompt.
CD C:\Program file\Microsoft DPM\DPM\Temp
Find /I "0x8007045D" MSDPM*.Errlog >C:\temp\MSDPM0x8007045D.TXT
Notepad C:\temp\MSDPM0x8007045D.TXT
See if there are any entries in the file, if not look in the DPMRA logs
Find /I "0x8007045D" DPMRA*.Errlog >C:\temp\DPMRA0x8007045D.TXT
Notepad C:\temp\DPMRA0x8007045D.TXT

Also search for "-2147023779" which is the decimal equivalent.

NOTE The DPMLA*.errlog may contain that 0x8007045D errors and that is OK, so do not look in that file.

How do I fix this I/O 0x8007045D error problem?

1. If your tape library has a feature to auto-clean a dirty tape drive, you must disable that feature. DPM does not support auto-clean feature being enabled during normal operation.

Example: Uncheck the option in your library management software or library control panel.

Consider the following…

A) DPM starts and finishes some backup jobs writing possibly several small data sources on to a tape.
B) During the next backup to that same tape, the tape drive reports dirty status in the middle of a data source backup.
C) The library auto-clean feature yanks the tape away from DPM to clean the drive.
D) DPM fails the backup job because the drive no longer contains media.
D) That leaves the tape partially full of only successful recovery point created earlier and DPM then marks the tape offsite ready since we experienced an IO error 0x8007045D under the covers.
E) It now appears that DPM is not utilizing the tape to full capacity like you expect.

You can specifically configure DPM that a particular slot contains a cleaning tape, you must run a tape cleaning job manually when a drive becomes dirty.

For DPM 2010: How to Clean a Tape Drive: http://technet.microsoft.com/en-us/library/ff399452.aspx
For DPM 2007: How to Clean a Tape Drive: http://technet.microsoft.com/en-us/library/bb795736.aspx

2. Check with the Tape Drive / Library OEM vendor to see if there are any new firmware or driver updates available, and if so, update them to the latest revision. Check your controller settings and scsi or fiber connections including termination.

3. By Default, DPM will use 10 tape buffers when writing to the tape drive. The below BufferQueueSize registry setting will reduce the number of buffers to three. Most of the time, that is enough to reduce or eliminate the IO error and does not negatively affect tape backup performance. However, you may need to reduce it further if the value of 3 does not help.

NOTE If you need to reduce the setting below 3, it is very possible that backups will succeed without errors, however tape restores or tape library inventory jobs may hang. Should that occur, you will need to increase the BufferQueueSize entry back up to three or more to do the restore, then reduce it again for normal backups.

Copy and Save the below in notepad then save as BufferQ.REG on the DPM server.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\Agent]
"BufferQueueSize"=dword:00000003

Right-click BufferQ.REG and choose the "merge" or "open with registry editor" option to add it to the registry. Stop and restart the DPMRA service.

Another solution that also seems to help resolve the above issue is to add the following Storport key and BusyRetryCount value to each of the tape devices.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\SCSI\<DEVICEID>\<INSTANCE>\DeviceParameters\Storport\
Value - BusyRetryCount
Type - DWORD
Data - 250 Decimal or (0xFA hex)

To get a list of all the tape devices in your DPM Server that needs the registry key added to, run the following command from an administrative command prompt. That will return a list of tape drive Scsi\DeviceID\Instance that you can use to make the above change.

C:\Windows\system32>wmic tapedrive list brief

Below would be the registry keys to add to the DPM server based on the above output from wmic command.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SCSI\Sequential&Ven_IBM&Prod_ULTRIUM-TD3\5&31cf2afa&0&000001\Device Parameters\StorpPort]
"BusyRetryCount"=dword:000000fa

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SCSI\Sequential&Ven_IBM&Prod_ULTRIUM-TD3\5&31cf2afa&0&000002\Device Parameters\StorpPort]
"BusyRetryCount"=dword:000000fa

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SCSI\Sequential&Ven_IBM&Prod_ULTRIUM-TD3\5&31cf2afa&0&000003\Device Parameters\StorpPort]
"BusyRetryCount"=dword:000000fa

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SCSI\Sequential&Ven_IBM&Prod_ULTRIUM-TD3\5&31cf2afa&0&000004\Device Parameters\StorpPort]
"BusyRetryCount"=dword:000000fa

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SCSI\Sequential&Ven_IBM&Prod_ULTRIUM-TD3\5&31cf2afa&0&000005\Device Parameters\StorpPort]
"BusyRetryCount"=dword:000000fa

Data Protection Manager 2007 / 2010 Specific Configuration Settings

Let us explore some Data Protection Manager specific configuration settings that have a large impact on how long a tape can used for backup jobs.

TAPE CO-LOCATION - This feature allows data sources from different protection groups that share the same recovery goals to be written to the same tape. This helps utilize the tapes by filling it with backups across protection groups. Only protection groups that share the exact same tape recovery goals and encryption settings can be co-located together on the same tape.

NOTE DPM 2012 has an enhanced option that allows you to choose which protection groups can be co-located regardless of retention goals.

The below LT-Goals.PS1 DPM powershell script can be ran on a DPM 2007 / 2010 server to analyze all your protection groups and list which protection groups can be co-located together based in common goals and encryption settings across protection groups.

Copy / Paste the below into notepad and save as LT-Goals.PS1 - then run it in the DPM power shell window.

cls
$confirmpreference='none'
$dpmversion = ((get-process | where {$_.name -eq "msdpm" }).fileversion)
write-host "DPM Version - " $dpmversion "`nCollecting Long Term protection Information. Please wait..." -foreground yellow
$dpmserver = (&hostname)
out-file longterm.txt
$pg = @(get-protectiongroup $dpmserver | where { $_.ProtectionMethod -like "*Long-term using tape*"})
write-host "We have" $pg.count "groups with tape protection"
foreach ($longterm in $pg)
{
    "-----------------------------------------------------------`n" | out-file longterm.txt -append
    "" | out-file longterm.txt -append
    "Protection Group " + $longterm.friendlyname | out-file longterm.txt -append
    "" | out-file longterm.txt -append
    switch ($dpmversion.substring(0,1))
    {
        2 { $policySchedule = @(Get-PolicySchedule -ProtectionGroup $longterm -longterm)}
        3 { $policySchedule = @(Get-PolicySchedule -ProtectionGroup $longterm -longterm tape)}
        default { write-host "NOT TESTED ON THIS DPM VERSION. Exiting script" -foreground red;exit }

    }

    $tb = Get-TapeBackupOption $longterm;
    "Is encryption enabled? " + $tb.OffsiteEncryption | out-file longterm.txt -append
    "" | out-file longterm.txt -append
        $tb.RetentionPolicy | out-file longterm.txt -append
#    $tb = $tb.labelinfo
    $label = @($tb.label);
    $count = $policySchedule.count -1
    while ( $count -ne -1)
    {
        if ($label[$count].length -eq 0 -or $label[$count].length -eq $null)
        {
            "Default Label Name" | out-file longterm.txt -append
        }
        else
        {
            "Tape Label: " + $label[$count] | out-file longterm.txt -append
        }
        $policyschedule[$count] | fl *              | out-file longterm.txt -append
#              (Get-TapeBackupOption $longterm).RetentionPolicy | out-file longterm.txt -append

        $count--
    }
}
#exit
if ($pg.count -gt 1)
{
    $pgcount=0
    while ($pgcount -ne ($pg.count-1))
    {
        $collocation = @($pg[$pgcount].friendlyname)
        write-host $pgcount -background green
                (Get-TapeBackupOption $pg[$pgcount]).RetentionPolicy   | out-file policyretention.txt
        (Get-TapeBackupOption $pg[$pgcount]).OffsiteEncryption | out-file policyretention.txt -append
        write-host "policyretention.txt" -foreground green
        type policyretention.txt
        $pgcountinnerloop = 0
        while ($pgcountinnerloop -ne $pg.count)
        {
            write-host $pgcountinnerloop -background yellow
            if ($pgcount -eq $pgcountinnerloop) {$pgcountinnerloop++}
                    (Get-TapeBackupOption $pg[$pgcountinnerloop]).RetentionPolicy   | out-file policyretention1.txt
            (Get-TapeBackupOption $pg[$pgcountinnerloop]).OffsiteEncryption | out-file policyretention1.txt -append
            write-host "policyretention1.txt" -foreground green
            type policyretention1.txt

            $compare = Compare-Object -ReferenceObject $(get-content policyretention.txt) -DifferenceObject $(Get-content policyretention1.txt)
            if ($compare.length -eq $null)
            {
                if ($pgcountinnerloop -lt $pgcount)
                {
                    Break
                }
                else
                {
                    $collocation = $collocation + $pg[$pgcountinnerloop].friendlyname
                    $collocation
                    write-host "done"
                    $collocationcount++
                }
            }
            $pgcountinnerloop++
        }
        if ($collocation.count -gt 1)
        {
            "-----------------------------------------------------------" | out-file longterm.txt -append
            "Protection Groups that can share the same tape based on recovery goals/Encryption:" | out-file longterm.txt -append
            " " | out-file longterm.txt -append
            write-host $collocation
            foreach ($collocation1 in $collocation)
            {
                $collocation1 | out-file longterm.txt -append
            }
        }
        $pgcount++

}
}

"-----------------------------------------------------------" | out-file longterm.txt -append
$dir = dir longterm.txt; write-host "`nDONE`n`nOutput file Created:" $dir.fullname -foreground yellow
del policyretention*.txt
notepad longterm.txt

Referencing the below Technet articles, after you enable tape co-location, DPM has two configurable options [TapeWritePeriodRatio and TapeExpiryTolerance ] that impact when a tape gets marked offsite ready and if a tape will be used for another backup job if not yet marked offsite ready.

Enabling tape Co-Location:

DPM 2007 - http://technet.microsoft.com/en-us/library/cc964296.aspx
DPM 2010 - http://technet.microsoft.com/en-us/library/ff399230.aspx

When tape colocation is enabled, a tape will be shown as Offsite Ready when any one of the following conditions is met:

- The tape is full or is marked full. (This includes the I/O 0x8007045D error problem described above.)
- One of the datasets has expired.
- Write-period ratio has been crossed.

(By default, this is the first backup time + 15 percent of the retention range.)

When a tape is marked offsite ready, no additional data sets will be written to that tape until ALL recovery points expire. Once a tape is marked as expired, DPM will show the tape as expired in the DPM console and can overwrite the tape during subsequent backups. DPM will always favor a free tape over an expired tape when it searches for a tape to use if a new tape is required.

NOTE If DPM library sharing is enabled, by default only the DPM server that initially wrote to that tape can re-use it unless you manually free the expired tape. Once the tape is marked as free, then any DPM server sharing the library will be able to use that free tape.

TapeWritePeriodRatio - This is a DPM Global property that can be set only when colocation is enabled and indicates the number of days for which data can be written on to a tape as a percentage of the retention period of the first data set written to the tape. This is a global setting and affects all protection groups.

TapeWritePeriodRatio value can be between 0.0 to 1.0 the default value is 0.15 (i.e. 15%)

NOTE DPM 2012 does not have this global property and instead has additional configuration options in the GUI to allow different write periods for different protection groups. This adds greater flexibility in determining how long you want to use a tape at the protection group(s) level.

As an example on the impact of the TapeWritePeriodRatio setting having a default of 15% - if you have a protection group doing daily backups, with a retention period of 2 weeks (14 days), the tape will be marked offsite ready after only 2.1 days regardless of how much / little data was written to the tape. If you desire DPM to write to the tape for a week, you would need to change the TapeWritePeriodRatio to 50% using the DPM power shell command below.

Set-DPMGlobalProperty –DPMServerName <dpm server name> -TapeWritePeriodRatio .5

TapeExpiryTolerance - This is a registry setting and indicates the time window within which the expiry date of the next dataset to be written to the tape must fall. It is expressed as a percentage. The default value is 17 percent if the registry is not present.

This is a DWORD type registry value located under HKLM\Software\Microsoft\Microsoft Data Protection Manager\1.0\Colocation. DPM does not create the CoLocation key automatically. You must manually create the Colocation key then make a new ExpiryToleranceRange value to set it.

There is a misconception that the tape co-location feature will only co-locate data sets for the same recovery goals onto the same tape. IE: A weekly backup will never co-locate on a tape that has Monthly backups already written. That is not correct as DPM will evaluate each tape that is not marked offsite ready and see if the data set about to be written will meet the following check. It does this to help meet the goal of fully utilizing tapes without preventing the tape from expiring on time. If you adjust the ExpiryToleranceRange too high (make it 100%) then you run the risk of placing shorter retention data sets on tapes with a longer retention goal and risk having the tape marked offsite ready prematurely, which defeats the goal fully utilizing tapes. Generally speaking, setting this to 60 will provide a good benefit and should not cause any problems.

Let, Furthest expiry date among the expiry dates of all the Datasets already on the tape = FurthExpDate

Time Window =

FurthExpDate - TapeExpiryTolerance * (FurthExpDate –today’s date) (Lower Bound)
FurthExpDate + TapeExpiryTolerance * (FurthExpDate –today’s date) (Upper Bound)

So, the current dataset will be co-located on the given tape only if its expiry date falls within Time Window (both bounds inclusive)

Using the same example we used before, you have a protection group doing daily backups, with a retention period of 2 weeks (14 days), and you set the TapeWritePeriodRatio to .5 (50%) because you want DPM to use the tape for 1 week. But with the default TapeExpiryTolerance of 17%, you may not achieve that if one backup fails for any reason and you miss a day's backup.

In the below example, I have set the TapeWritePeriodRatio to .50 and the first backup set was written to the tape on 5/7. Notice offsite ready will not be set until after the 7 days as desired based on the 50% TapeWritePeriodRatio setting. The last backup set was written on 5/9 and the next backup set to be written is 5/11 due to a server problem on 5/10 that prevented that day's backup from occurring. With the default 17% TapeExpiryTolerance window, the next dataset expiry date does not fall between the lower and upper bounds. This would result in DPM picking a new tape for the next backup set and since the TapeExpiryPeriodRatio has not been crossed and no recovery point is expired, however that tape would not be marked offsite ready. This is an example of why a tape will not be used for any additional backups, yet there is no visual indication, so it makes you question why DPM is using more tapes than necessary.

Now, changing nothing more than the TapeExpiryTolerance from 17% to 60%, notice how that time window has expanded and allows the next data set on 5/11 to be written on that tape.

I have shared this Excel spreadsheet to help you calculate offsite ready at the following site: http://cid-885774776d4f197a.office.live.com/self.aspx/Public/tape-offsite-ready-calculator.zip

In conclusion, I hope this explains what you may have experienced and helps you configure your DPM server so it can fully utilize your tapes during future backups.

Mike Jacquet | Senior Support Escalation Engineer

Get the latest System Center news on Facebook and Twitter:

↧

Data Protection Manager Support for End User Recovery on Mountpoint Shares

May 21, 2012, 8:06 am

≫ Next: HOTFIX: Hotfix rollup package 7 for System Center Data Protection Manager 2010

≪ Previous: Things you can do to help Data Protection Manager utilize your tapes full capacity

Hello, Mike Jacquet here, and today I would like to discuss a fix that has been included in the released version of System Center 2012 Data Protection Manager (DPM) that enables End User Recovery (EUR) for file shares on the root of mountpoints to work properly.

In previous versions of DPM, if you protected a volume or share on a file server, and the share was on the root of a mounted volume, when clients tried looking for previous versions of files and folder located in the root of the target volume it would fail to show any.

To illustrate this, Figure-1 below shows a clustered protected file server called MJLC-ClusterFS with two Volumes. The H: drive labeled HOSTVOL is the HOST volume for a NTFS mountpoint. The folder H:\MountVol is the mountpoint for another volume labeled TARGET. The H:\MountVol folder is shared as MountVol, and client's access data located on the TARGET volume via the network share \\MJLC-ClusterFS\Mountvol path.

MJLC-ClusterFS
           H:\Mountvol --> Target
                                              User Files…
                                              User Folders

Figure-1

In figure-2 below, I show a Windows client mapped to a network drive X: which points to the \\mjlc-clusterfs\Mountvol share. When the user attempts to view Previous Versions of the file called targetfile.txt.txt located in the root of the mountpoint (TARGET), no previous versions are enumerated and instead you see "There are no previous versions available" message.

Figure-2

The root cause for this problem is due to the way that DPM creates the shares on the DPM Server when end user recovery is enabled. To overcome a possible path limitation, DPM creates all shares using a \\?\ prefix. Unfortunately, that prefix prevents vss shadow copies from being enumerated under mounted volumes.

Figure-3 details the shares on the DPM server. Looking specifically at the ones created by DPM for end user recovery, you will see they are prefixed with the \\?\ for the folder path. I have highlighted the problematic MountVol share. If you were to manually re-create the share without the \\?\ prefix DPM would overwrite it when the next synchronization job ran and it will put the \\?\ prefix back on the folder path and would result in the same problem.

Figure-3

SOLUTION

System Center 2012 Date Protection Manager supports a new registry key that you can add to prevent DPM from adding the \\?\ prefix when the end user recovery shares are created.

To allow previous versions to be listed for files located under shared mountpoints perform the following steps:

NOTE: Only shares that are created (re-created) after the registry key is added will no longer be prefixed.

1) On DPM 2012 RTM server make a new registry KEY called DiscardUNCPrefix under the following location:

HKLM\SOFTWARE\Microsoft\Microsoft Data Protection Manager\Configuration

Figure-4

2) On the DPM Server, open Computer Management. Under System Tools – Shared Folder – Shares – locate the share representing the mountpoint and “Stop Sharing” to delete it.

Figure-5

3) In the DPM Console, locate the volume or share that is being protected that represents the mountpoint and make a new recovery point. You can choose either the "Only Synchronize" , or the "Create a recovery point after synchronizing" option, but a synchronization job must be ran and complete successfully before the share will be re-made on the DPM Server.

Figure-6

4) After the new recovery point job completes, verify the share got re-created in Computer Management and no longer has the folder path that starts with the \\?\ prefix.

Figure-7

5) Test end user recovery on the client – it should now list previous versions for the files located under the shared mountpoint.

Figure-8

Now that the prefix was removed from the MountVol share on the DPM 2012 server, figure-8 confirms that previous versions are now working.

As of this writing, it is unclear if this fix will be back-ported for DPM 2010, however if it is I will update this post.

Mike Jacquet | Senior Support Escalation Engineer

Get the latest System Center news on Facebook and Twitter:

↧

HOTFIX: Hotfix rollup package 7 for System Center Data Protection Manager 2010

November 6, 2012, 1:04 pm

≫ Next: KB: SharePoint item-level recovery fails when the site collection name contains a space in System Center Data Protection Manager 2010

≪ Previous: Data Protection Manager Support for End User Recovery on Mountpoint Shares

This article describes the issues in Microsoft System Center Data Protection Manager (DPM) 2010 that are fixed in hotfix rollup package 7 for System Center DPM 2010.

This hotfix rollup resolves the following issues:

When a Microsoft SharePoint site collection name contains a space, SharePoint item-level recovery fails in System Center Data Protection Manager 2010.
For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
2755678 (http://support.microsoft.com/kb/2755678/) SharePoint item-level recovery fails when the site collection name contains a space in System Center Data Protection Manager 2010

After you rename a SharePoint site in System Center Data Protection Manager 2010, you cannot restore the site.
For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
2763004 (http://support.microsoft.com/kb/2763004/) System Center Data Protection Manager 2010 is unable to restore SharePoint after renaming a site

In System Center Data Protection Manager 2010, the SharePoint Recovery Point Status report displays incorrect data.
For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
2763010 - (http://support.microsoft.com/kb/2763010/) System Center Data Protection Manager 2010 SharePoint Recovery Point Status Report shows stale data

For the latest version of this article as well as a link to the hotfix, please see the following:

2751231 - Description of hotfix rollup package 7 for System Center Data Protection Manager 2010 (http://support.microsoft.com/kb/2751231)

J.C. Hornbeck| Knowledge Engineer | Management and Security Division

Get the latest System Center news onFacebookandTwitter:

↧

KB: SharePoint item-level recovery fails when the site collection name contains a space in System Center Data Protection Manager 2010

November 7, 2012, 7:29 am

≫ Next: KB: SQL 2012 AlwaysOn protection in Data Protection Manager fails with Internal error code 0x80990F75

≪ Previous: HOTFIX: Hotfix rollup package 7 for System Center Data Protection Manager 2010

Here’s a new Knowledge Base article we published. This one talks about an issue where SharePoint item-level recovery fails when the site collection name contains a space.

=====

Symptoms

Assume that you perform an item-level recovery on a Microsoft SharePoint site in System Center Data Protection Manager (DPM) 2010. Additionally, assume that the site collection name contains a space. In this situation, the item-level recovery fails.

Cause

The WssCmdletsWrapper process (WssCmdletsWrapper.exe) uses a string comparison to identify the site collection. However, the process compares the site collection name in the database to a URL-encoded version of the string. In the URL-encoded version, a space is replaced with "%20." Therefore, the string comparison does not find a match.

Resolution

To resolve this issue, install hotfix rollup package 7 for System Center Data Protection Manager 2010.
For more information about hotfix rollup package 7 for System Center Data Protection Manager 2010, click the following article number to view the article in the Microsoft Knowledge Base:

2751231 (http://support.microsoft.com/kb/2751231/) Description of hotfix rollup package 7 for System Center Data Protection Manager 2010

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More information

When this issue occurs, messages that resemble the following are logged in the WssCmdletsWrapperCurr.errlog file:

0AB8 1B6C 04/23 20:52:47.151 31 WssExportHelper.cs(309) NORMAL Triggering Export of Site = http://servername:6677/sites/site collection/site/
0AB8 1B6C 04/23 20:52:47.604 09 AppAssert.cs(114) WARNING ASSERT: (FileName:WssExportHelper.cs; LineNumber:567)
0AB8 1B6C 04/23 20:52:47.604 09 AppAssert.cs(114) WARNING The parameter 'spWeb' is null.
0AB8 1B6C 04/23 20:52:47.604 09 AppAssert.cs(114) WARNING ASSERT: (FileName:WssExportHelper.cs; LineNumber:349)
0AB8 1B6C 04/23 20:52:47.604 09 AppAssert.cs(114) WARNING The parameter 'spWeb' is null.
0AB8 1B6C 04/23 20:52:47.604 31 WSSCmdlets.cs(450) WARNING Caught Exception while trying to export Url [http://servername:6677/sites/site collection/site/] to File [C:\Temp\DPM_7bd6ef2f_ef43_4ef6_8d8c_e284efc4c053\cmp\].
0AB8 1B6C 04/23 20:52:47.604 31 WSSCmdlets.cs(1294) WARNING --------------------------------------------------
0AB8 1B6C 04/23 20:52:47.604 31 WSSCmdlets.cs(1295) WARNING Exception Message =
0AB8 1B6C 04/23 20:52:47.604 31 WSSCmdlets.cs(1295) WARNING Object reference not set to an instance of an object.
0AB8 1B6C 04/23 20:52:47.604 31 WSSCmdlets.cs(1296) WARNING Exception Stack =
0AB8 1B6C 04/23 20:52:47.604 31 WSSCmdlets.cs(1296) WARNING at WSSCmdlets.CWssExportHelper.AddExportObjectsForSite(SPExportSettings spExportSettings, String sourceUrl)
0AB8 1B6C 04/23 20:52:47.604 31 WSSCmdlets.cs(1296) WARNING at WSSCmdlets.CWssExportHelper.SpecifyExportObjectsIfRequired(SPExportSettings spExportSettings, String sourceUrl, ComponentTypeType roType)
0AB8 1B6C 04/23 20:52:47.604 31 WSSCmdlets.cs(1296) WARNING at WSSCmdlets.CWssExportHelper.GetExportSettings(String sourceUrl, String exportPath, String exportFileName, ComponentTypeType roType, SPContentDatabase spUnAttachedContentDatabase)
0AB8 1B6C 04/23 20:52:47.604 31 WSSCmdlets.cs(1296) WARNING at WSSCmdlets.CWssExportHelper.ExportUrlDelegate()
0AB8 1B6C 04/23 20:52:47.604 31 WSSCmdlets.cs(1296) WARNING at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass4.<RunWithElevatedPrivileges>b__2()
0AB8 1B6C 04/23 20:52:47.604 31 WSSCmdlets.cs(1296) WARNING at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)
0AB8 1B6C 04/23 20:52:47.604 31 WSSCmdlets.cs(1296) WARNING at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param)
0AB8 1B6C 04/23 20:52:47.604 31 WSSCmdlets.cs(1296) WARNING at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated secureCode)0AB8 1B6C 04/23 20:52:47.604 31 WSSCmdlets.cs(1296) WARNING at WSSCmdlets.CWSSCmdlets.ExportUrl(String sourceUrl, String exportPath, String exportFileName, String roType, Int32& hr, String& exceptionMessage)

=====

For the most current version of this article please see the following:

2755678 - SharePoint item-level recovery fails when the site collection name contains a space in System Center Data Protection Manager 2010

J.C. Hornbeck| Knowledge Engineer | Management and Security Division

Get the latest System Center news onFacebookandTwitter:

↧

KB: SQL 2012 AlwaysOn protection in Data Protection Manager fails with Internal error code 0x80990F75

November 19, 2012, 2:27 pm

≫ Next: Support Tip: Optimized ILR feature of DPM 2012 for SharePoint recovery fails with clustered SQL server

≪ Previous: KB: SharePoint item-level recovery fails when the site collection name contains a space in System Center Data Protection Manager 2010

This Knowledge Base article talks about an issue where attempting to protect a SQL Server AlwaysOn AG using DPM 2012 fails with error 0x80990F75:

Symptoms

When attempting to protect a SQL Server AlwaysOn Availability Group (AG) using System Center 2012 Data Protection Manager (DPM), the job fails with the following error:

The DPM job failed for SQL Server 2012 database <DBname> on <serverName> because the SQL Server instance refused a connection to the protection agent. (ID 30172 Details: Internal error code: 0x80990F75)

In SQL, AlwaysOn is configured as follows:

Availability Mode: Synchronous Commit
Failover Mode: Automatic
Connections in Primary Role: Allow all connections
Readable Secondary: No

Backup Preferences:
Perfer Secondary
Priority: 50 (for each node)
Exclude Replica: False (for each node)

In general: Prefer Secondary - Backups should occur on a secondary replica except when the primary replica is the only replica online. If there are multiple secondary replicas available then the node with the highest backup priority will be selected for backup. In the case that only primary replica is available then backup should occur on the primary replica.

Cause

This occurs due to incorrect SQL AlwaysOn settings for DPM backups where Make Readable Secondary is set to No.

Resolution

Set Make Readable Secondary to Yes on all the nodes.

More Information

If setting Make Readable Secondary to Yes on all the nodes does not resolve the issue, verify on the SQL server that the DPMRA service is running under the Local System account AND that the NT Authority\System has the sysadmin selected for the server role in SQL studio.

Steps
****
a.) On the SQL side the DPMRA service should run under Local system. You can verify this via services in computer management.

b.) Connect to the SQL 2012 instance with the help of SQL2012 Management Studio > select and expand Security> select and expand Logins > right click on the NT AUTHORITY\SYSTEM and select Properties > click on Serverroles > check the sysadmin checkbox> click OK
after this, In certain cases it may also be necessary to reinstall the DPM Agent on the SQL server OR manually run the SetDPMServer command on the SQL server specifying the DPM server.

=====

For the most current version of this article please see the following:

2769094 - SQL 2012 AlwaysOn protection in Data Protection Manager fails with Internal error code 0x80990F75

J.C. Hornbeck| Knowledge Engineer | Management and Security Division

Get the latest System Center news onFacebookand Twitter:

↧