Support Tip: Optimized ILR feature of DPM 2012 for SharePoint recovery fails with clustered SQL server

November 19, 2012, 3:16 pm

≫ Next: DPM Blog: Now on iPhone, Android and Windows Phone

≪ Previous: KB: SQL 2012 AlwaysOn protection in Data Protection Manager fails with Internal error code 0x80990F75

An attempt to use the new Optimized Item Level Recovery (ILR) feature of System Center 2012 Data Protection Manager (DPM) for SharePoint recovery with a clustered SQL server as the instance specified as the location to "temporarily stage content database prior to recovery" in the DPM Recovery Wizard fails with the following error:

The recovery jobs for SQL\SharePoint_Config that started at StartDateTime, with the destination of sp2010.domain.com, have completed. Most or all jobs failed to recover the requested data. (ID: 33330)
DPM was unable to export the item http://host.domain.com/Shared Documents/test.doc from the content database SQL\WSS_Content. Exception Message = Shared%20Documents/test.doc.

Additionally the following information will be logged:

The job to recover DatasourceTypeDatasourceName to TargetServerName, that started at StartDateTime, failed using optimized ILR. Another job using unoptimized ILR has been triggered.

So what causes this? If you look at the content at http://technet.microsoft.com/en-us/library/hh858899.aspx titled "Error ID: 33330" it lists the following possible reasons this error is logged as the following:

1. If the instance of SQL Server used for temporary staging is running as a Local Service.
2. If there is major version change in the SQL Server used during backed up and SQL Server used for temporary staging.
3. If SQL Server used for temporary staging is clustered.

The inability to use a clustered SQL server is a limitation with SQL Server 2008 and SQL Server 2008 R2. This problem does not exist when using a clustered Microsoft SLQ Server 2012 server so as a workaround we can use a non-clustered SQL Server 2008 or clustered SQL Server 2012 instance as the temporarily staging location.

Since DPM utilizes a non-clustered SQL instance that meets our requirements already, we can use it as the temporary staging location. However, we will need to change the account running the SQL Server (MSDPM 2012) service from the Local Service account to a domain account that is a member of the local administrators group. We will also need to allow for incoming communication from the WFE to the SQL services on the DPM server.

As mentioned in #1 from the cause section, the instance of SQL Server used for temporary staging cannot be running as a Local Service. It also cannot be running under the MICROSOFT$DPM$Acct local computer account created during the DPM setup. Change the account used to "Log On" to the SQL Server (MSDPM2012) instance to a domain user account that is also a member of the local administrators group on the DPM server.

We’re not done yet though. After making these changes you will still not be able to perform Optimized ILR. When you run through the wizard to perform Optimized ILR, now you will probably receive the following error:

Type: SharePoint export and import task
Status: Failed
Description: DPM was unable to query the unattached content database SQL\WSS_Content. Exception Message = A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified). (ID 32018 Details: Unknown error (0x80131904) (0x80131904))

A network trace taken during the restore process will show failures to establish a connection from the WFE to the DPM server using UDP port 1434 (SQL Browser service) and TCP port 1433 or an ephemeral port if SQL is configured for Dynamic Port allocation.

So our last step will be to create a firewall rule that allows UDP port 1434 (for the SQL Browser service) and TCP port 1433 or an ephemeral port if SQL is configured for Dynamic Port allocation (for the SQL Server services) from the WFE to the DPM server. Once this is done, Optimized ILR should work as expected.

Michael Vargo| Senior support Escalation Engineer | Management and Security Division

Get the latest System Center news onFacebookand Twitter:

The Forefront Server Protection blog: http://blogs.technet.com/b/fss/
The Forefront Endpoint Security blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

↧

DPM Blog: Now on iPhone, Android and Windows Phone

November 27, 2012, 10:30 am

≫ Next: KB: You receive "Unknown error (0x80040e37)" in System Center Data Protection Manager 2012 when you try to create recovery points for SQL Server or SharePoint databases

≪ Previous: Support Tip: Optimized ILR feature of DPM 2012 for SharePoint recovery fails with clustered SQL server

If you liked the original System Center Blogs app that was published last year for Windows Phone and Android, you’ll be happy to know that both apps have now been updated, plus there is a new version now available for iOS. The updates include bug fixes and feature additions as well as a current list of blogs that includes the major official Microsoft System Center related properties.

As before, these are apps I created via AppMakr (no affiliation) with the intention of simply making it easier for IT pros to keep up with all the latest news and information we publish regarding System Center, WSUS and our MDOP virtualization products. If you’re interested in more of the history and background behind this you can read about that in the original post here, but if you want to skip all that and jump straight to loading them up and checking them out you can do a simple search for System Center via your phone or you can view them on the web using the links below:

Enjoy!

J.C. Hornbeck| Knowledge Engineer | Management and Security Division

Get the latest System Center news onFacebookandTwitter:

↧

KB: You receive "Unknown error (0x80040e37)" in System Center Data Protection Manager 2012 when you try to create recovery points for SQL Server or SharePoint databases

December 5, 2012, 10:06 am

≫ Next: Download an update that adds features to Windows Azure Online Backup in System Center 2012 SP1 DPM and in Windows Server 2012

≪ Previous: DPM Blog: Now on iPhone, Android and Windows Phone

Here’s a KB for DPM 2012 that actually came out a few months ago but somehow slipped through the cracks and never got a mention here on our blog. It resolves a lot of questions we get around here so I wanted to make sure everyone was aware of it. If you get a minute give it a quick read just so you’re aware of the issue and the fix.

=====

Symptoms

After you install or upgrade to Microsoft System Center 2012 Data Protection Manager, you may receive an error message that resembles the following:

An unexpected error occurred while the job was running. (ID 104 Details: Unknown error (0x80040e37) (0x80040E37))

This problem occurs when you perform consistency checks or when you try to create recovery points for Microsoft SQL Server databases or for Microsoft SharePoint databases.

Cause

This problem may occur if the SQL server or SharePoint servers that are being protected by Data Protection Manager are configured to use case-sensitive collation.

Resolution

To resolve this issue install the following update:

Update Rollup 2 for System Center 2012 - Data Protection Manager: http://www.microsoft.com/en-us/download/details.aspx?id=30413

More Information

To help identify this problem, review the DPMRACURR.err log file in the following location:

C:\Program files\Microsoft data protection manager\dpm\temp\

When this problem occurs, text that resembles the following is logged in the DPMRACURR.err log file:

12DC 10C8 04/09 18:34:52.004 31 sqlwriterhelperplugin.cpp(1126) [0000000000C24190] NORMAL get Database Recovery model Query = SELECT RECOVERY_MODEL_DESC FROM SYS.DATABASES WHERE NAME = N'SQL_DB_NAME' for instance = INSTANCE_NAME
12DC 10C8 04/09 18:34:52.004 03 sqlqueryhelper.cpp(288) [000000000339F010] WARNING SQL - ICommandText::Execute of "SELECT RECOVERY_MODEL_DESC FROM SYS.DATABASES WHERE NAME = N'SQL_DB_NAME'" - Failed
12DC 10C8 04/09 18:34:52.004 03 sqlqueryhelper.cpp(332) [000000000339F010] WARNING SQL - Error Description "Invalid object name 'SYS.DATABASES'."
12DC 10C8 04/09 18:34:52.004 03 sqlqueryhelper.cpp(345) [000000000339F010] WARNING Failed: Hr: = [0x80040e37] SQL - sql code = 208 (Errorlevel - 0)
12DC 10C8 04/09 18:34:52.004 03 sqlqueryhelper.cpp(353) [000000000339F010] WARNING SQL - Detailed Description "Invalid object name 'SYS.DATABASES'."
12DC 10C8 04/09 18:34:52.004 31 sqlwriterhelperplugin.cpp(1133) [0000000000C24190] WARNING Failed: Hr: = [0x80040e37] Error while querying the Database SQL_DB_NAME recovery model from SQLInstance INSTANCE_NAME
12DC 10C8 04/09 18:34:52.004 31 sqlwriterhelperplugin.cpp(1135) [0000000000C24190] WARNING SQL Error Information: Invalid object name 'SYS.DATABASES'.
12DC 10C8 04/09 18:34:52.004 31 aasubtask.cpp(906) [0000000000C704F0] WARNING <?xml version="1.0"?>
12DC 10C8 04/09 18:34:52.004 31 aasubtask.cpp(906) [0000000000C704F0] WARNING <Status xmlns="http://schemas.microsoft.com/2003/dls/StatusMessages.xsd" StatusCode="-2147217865" Reason="Error" CommandID="RAPreBackup" CommandInstanceID="ddee385e-ace6-45fd-bb48-82bf5646eedb" GuidWorkItem="231de959-e1ca-4255-a47f-387186b58d43" TETaskInstanceID="8888c2d6-ec84-41f1-adb2-21b0e4368d38"><ErrorInfo xmlns="http://schemas.microsoft.com/2003/dls/GenericAgentStatus.xsd" ErrorCode="998" DetailedCode="-2147217865" DetailedSource="2"/></Status>
12DC 10C8 04/09 18:34:52.004 03 runtime.cpp(1389) [0000000000C07CE0] FATAL Subtask failure, sending status response XML=[<?xml version="1.0"?>
12DC 10C8 04/09 18:34:52.004 03 runtime.cpp(1389) [0000000000C07CE0] FATAL <Status xmlns="http://schemas.microsoft.com/2003/dls/StatusMessages.xsd" StatusCode="-2147217865" Reason="Error" CommandID="RAPreBackup" CommandInstanceID="ddee385e-ace6-45fd-bb48-82bf5646eedb" GuidWorkItem="231de959-e1ca-4255-a47f-387186b58d43" TETaskInstanceID="8888c2d6-ec84-41f1-adb2-21b0e4368d38"><ErrorInfo xmlns="http://schemas.microsoft.com/2003/dls/GenericAgentStatus.xsd" ErrorCode="998" DetailedCode="-2147217865" DetailedSource="2"/></Status>
12DC 10C8 04/09 18:34:52.004 03 runtime.cpp(1389) [0000000000C07CE0] FATAL ]
12DC 10C8 04/09 18:34:52.020 03 sqlqueryhelper.cpp(290) [000000000339F010] 8888C2D6-EC84-41F1-ADB2-21B0E4368D38 WARNING Failed: Hr: = [0x80040e37] : Encountered Failure: : lVal : hr

=====

For the most current version of this article please see the following:

2711168 - You receive "Unknown error (0x80040e37)" in System Center Data Protection Manager 2012 when you try to create recovery points for SQL Server or SharePoint databases

J.C. Hornbeck| Knowledge Engineer | Management and Security Division

Get the latest System Center news onFacebookandTwitter:

↧

Download an update that adds features to Windows Azure Online Backup in System Center 2012 SP1 DPM and in Windows Server 2012

January 7, 2013, 11:43 am

≫ Next: DPM 2012 SP1 and Azure Backup and Recovery – Steps from start to finish

≪ Previous: KB: You receive "Unknown error (0x80040e37)" in System Center Data Protection Manager 2012 when you try to create recovery points for SQL Server or SharePoint databases

We recently released an update rollup package that adds the following features to the Windows Azure Online Backup for Microsoft System Center 2012 Service Pack 1 (SP1) Data Protection Manager (DPM) and for a computer that is running Windows Server 2012:

This update improves the performance of Windows Azure Online Backup.
Windows Azure Online Backup support for a SQL Server data source in System Center 2012 SP1 DPM is available.
The retention range of Windows Azure Online Backup for System Center 2012 SP1 DPM is increased to support 120 recovery points.

You can get all the details here:

2779569 - Description of an update rollup package that adds features to Windows Azure Online Backup in System Center 2012 SP1 DPM and in Windows Server 2012 (http://support.microsoft.com/kb/2779569)

J.C. Hornbeck| Knowledge Engineer | Management and Security Division

Get the latest System Center news onFacebookandTwitter:

System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

↧

DPM 2012 SP1 and Azure Backup and Recovery – Steps from start to finish

January 9, 2013, 9:49 am

≫ Next: Issues that occur after you deploy System Center 2012 Data Protection Manager SP1

≪ Previous: Download an update that adds features to Windows Azure Online Backup in System Center 2012 SP1 DPM and in Windows Server 2012

Hi everyone, Shane Brasher here, and today I’m going to walk through configuring Data Protection Manager to perform backups and recoveries using the Azure cloud.

Note: This article assumes that you have already registered an account for use with Azure and have already installed the Azure Backup agent on the DPM server. This link should provide you with the necessary steps for both registration and access to the Azure agent: http://technet.microsoft.com/en-us/library/hh831761.aspx

We will go over the following:

1. System Center 2012 Data Protection Manager (DPM 2012) Service Pack 1 (SP1) verification
2. Azure agent installation verification
3. DPM 2012 SP1 registration with Azure
4. Protection Group creation
5. DPM 2012 SP1 recovery from Azure

DPM 2012 SP1 installation verification

First let’s verify that the DPM 2012 server has SP1 installed. This is easily done via visual GUI observation. You can look at the DPM administrative console and at the very top it will note: “System Center 2012 Service Pack 1 DPM Administrator Console”.

You can also verify by selecting the “About DPM” icon:

Once you click on that you will see the following verification:

DPM 2012 SP1 Azure Agent Installation Verification

DPM 2012 SP1 will need to have the Azure agent installed. The agent is an executable to be downloaded named OBSinstaller.exe and you can verify the presence of the agent via the following ways:

1. Add\Remove programs will show “Windows Azure Online Agent” present.

2. Services will show the process “obengine” with a description of “Windows Azure Online Agent”

3. The default install path with be “C:\Program Files\Windows Azure Online Backup Agent”

DPM 2012 SP1 Azure Registration

Once we have verified that we have SP1 installed on the DPM 2012 server, we will start off by registering our DPM server with Azure. We already have an account registered with Azure and now we will use that account to register the DPM server itself.
Within the DPM console, select “Management” on the left hand side, then select “Online”, then select “Register” at the top left of the console.

This starts the registration wizard. The first window we specify our user name and password we used when we created our Azure account.

This part in the registration wizard you can specify the proxy settings if needed. As a troubleshooting step if left blank and registration fails, the first thing you should try is to verify that no proxy settings are needed OR specify proxy settings for testing.

Once specified, or left blank, select “Next”

Here are the bandwidth throttling settings that you can specify if you choose:

a. bandwidth throttling for work hours
b. bandwidth throttling for non work hours
c. the time frame for “work hours”.
d. the days the “work hours” time frame applies to.

Once you make your settings if you choose to do so, then select Next.

Here we specify the recovery folder settings. This is a temporary staging location for the information being recovered. The amount of space needed should be at least as large as the data being recovered.

Example: If the data being recovered is at least 100GB, then the staging location will need to allow for at least 100GB.

Once you choose a location, then select “Next”.

Here you choose a secure passphrase for encryption. If you choose to use your own passphrase then you will have to make sure to meet the guidelines shown in the GUI. Of course you can always select to let the wizard “generate passphrase” for you. Either way it is critical that you save the passphrase used in a safe location should you wish to de-register and\or re-register the DPM server with Azure. Please note that we have the option to “copy to clipboard” just for this purpose. This passphrase is associated with your Azure online recovery points.

Once your passphrase is saved safely, you can select “Next”.

Creating the Protection Group for backups to Azure

Here we will create a new protection group, and during this creation we will specify to allow for backups to the cloud to take place.

We will navigate to the “Protection” on the left hand side and specify “New”

You will see the “Create Protection Group” wizard start.

Select “Next” and then select “Servers”, then “Next” again.

The next window will show you your servers with the DPM 2012 SP1 agent installed on them. From there you can select a server. In this demonstration we will select the Domain controller.

We will expand the DC to enumerate the datasources available to be backed up. In this case we will select some flat files on the DC. In this case I will select just a simple folder with flat files in it. Select “Next”.

This window gives us the option to name the protection group and to also select whether or not we want to specify “online protection” (backup to Azure) or not.

Select “Next”. This window allows us to specify a retention range and recovery point times. Go ahead and accept the defaults, then “Next” again.

We are now brought to a window to review the disk allocation as seen below:

Go ahead and accept the defaults, then select “Next”. Here we see the option for Replica Creation.

Accept the defaults then select “Next”. This brings us to the “Consistency Check Options”. Accept the defaults then choose “Next”.

We are now presented with which data sources we want to allow to be saved to our online backup storage or rather to Azure.

We will select our only option in this case, then choose “Next”.

Here is another important Azure setting for us to consider. We can choose our “Retention Range in days”, our “synchronization frequency” and the “Synchronization Schedule” itself.

Note: You can only synchronize to Azure twice per day.

In this case I will select 11AM and 9PM, then choose “Next”.

We are then taken to the Summary window. Accept our choices and then select “Create Group”.

Once the protection group is created and the initial replica is finished, we can go to the Protection group itself and verify that everything is green.

If we go to the “Monitoring” tab and select the “All Jobs in progress” during this time we will see the following:

Note the backup type is shown as “Online recovery point”.

If we choose, we can create an adhoc backup for the datasource. Just go to the “Protection” tab and select the datasource. Right click and choose “create recovery point”.

Here you will be shown the options for:

a. Short term to disk

b. Online protection

If you want the adhoc online backup to be done, just select it and away you go.

Please be mindful though that you can only choose 2 recovery points to Azure per day.

Example: During the creation of your protection group, you specify backups to Azure at 9AM and 4PM.
At 12PM you decide to create an adhoc backup to Azure. As such, the 4PM backup to Azure will not be done.

If we go to the Protection Group itself we can also note the following:

Recovery From Azure

When you go to the Recovery tab and select the datasource you wish to recover, the “cloud” icon (below) shows ONLY if you select a specified time in which a backup to the cloud was done.

The recovery process if pretty easy to perform, just right click the datasource and select “recover” to initialize the wizard. Here you will see confirmation that a restore from Azure is to be done.

Go ahead and select “Next”.

From there you can specify “recover to the original location” or “recover to an alternate location”. In this case I will choose the C: drive on the DPM server.

Note: There is no folder named “Azure Agent”. If our recovery is successful, there will be one once we are finished.

Go ahead and complete the Recovery Wizard accepting the defaults. Once the recovery starts, if we go to the monitoring tab in DPM we can see the jobs in progress showing tasks for:

a. Online recovery
b. Restore from the staging location

Going to the “Completed” jobs we can see the successful completion of both.

Just for a solid confirmation, if we go to the root of C: we can see the successful restore of the “Azure Agent” folder.

Summary

As you can see, the integration of DPM 2012 SP1 does incorporate a few steps that need to be done. Primarily the installation of the Azure agent and the registration of the DPM server with Azure. Once this is done, you can configure your backups to the cloud either during the creation of a protection group or you can modify an existing protection group to specify backups to the cloud.

Shane Brasher | Senior Support Escalation Engineer | Management and Security Division

Get the latest System Center news onFacebookandTwitter:

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

↧

Issues that occur after you deploy System Center 2012 Data Protection Manager SP1

January 15, 2013, 9:12 am

≫ Next: System Center 2012 SP1 – Data Protection Manager is Generally Available!

≪ Previous: DPM 2012 SP1 and Azure Backup and Recovery – Steps from start to finish

We have a new article out that lists a couple issues you might see after deploying DPM 2012 SP1. You can check it out here:

2801420 - Issues that occur after you deploy System Center 2012 DPM SP1 (http://support.microsoft.com/kb/2801056)

J.C. Hornbeck| Knowledge Engineer | Management and Security Division

Get the latest System Center news onFacebookandTwitter:

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

↧

System Center 2012 SP1 – Data Protection Manager is Generally Available!

January 15, 2013, 9:46 am

≫ Next: How to create a custom report in System Center 2012 Data Protection Manager

≪ Previous: Issues that occur after you deploy System Center 2012 Data Protection Manager SP1

This morning we announced the availability of System Center 2012 SP1. You can read more about the release on the System Center blog:

http://blogs.technet.com/b/systemcenter/archive/2013/01/15/system-center-2012-sp1-is-generally-available.aspx

New features for Data Protection Manager in System Center 2012 SP1:

Improved backup performance of Windows Server 2012 Hyper-V over CSV 2.0 deployments
Cluster Shared Volumes (CSVs) provide a distributed file access solution so that multiple nodes in the cluster can simultaneously access the same NTFS file system.
In System Center 2012 Service Pack 1 (SP1) DPM, CSV 2.0 support allows the following benefits:
- 900% improvement in Express Full backups.
- Parallel backups.
- No performance difference between backups from owner and non-owner nodes.
- Support for SMB shares.
For more information on deploying DPM protection for Hyper-V virtual machines, see Managing Hyper-V computers
Protect Hyper-V over remote SMB share
In Windows Server 2012, you can now use SMB file shares as remote storage for Hyper-V. With this new capability, Hyper-V can store virtual machine files, which includes configuration, virtual hard disk (VHD) files, and snapshots, on SMB file shares. This offers benefits like Ease of provisioning and management, increased flexibility, ability to take advantage of existing investment in a converged network, reduced capital expenditures, and reduced operating expenditures.
In System Center 2012 Service Pack 1 (SP1) DPM, SMB shares support allows the following benefits:
- More efficient Express Full backups.
- Continued protection even after Live Migration.
- Support for SMB shares in standalone and scaled-out deployments.
For more information on deploying DPM protection for Hyper-V virtual machines using SMB file shares, see Managing Hyper-V computers
DPM now allows you to exclude virtual machine pagefiles from incremental backups to improve usage of storage and improve backup performance.
Scale out support for Hyper-V virtual machines.
Protect Windows 8 deduplicated volumes
Data deduplication involves finding and removing duplication within data without compromising its fidelity or integrity. DPM allows optimized back of deduplicated volumes, both locally and over the network.
For more information on protecting deduplicated volumes, see Protecting deduplicated volumes
Support for Live Migration
Live migration is a Hyper-V feature in Windows Server that allows you to transparently move running virtual machines from one node of the failover cluster to another node in the same cluster or another cluster without a dropped network connection or perceived downtime.
In System Center 2012 Service Pack 1 (SP1) DPM, Live Migration support allows the following benefits:
- Uninterrupted protection for migrated virtual machines.
- Support for inter-cluster, cluster to standalone, and standalone to cluster migrations apart from intra-cluster migration.
- Support for SMB shares.
Integration with Windows Azure Online Backup
Important
Windows Azure Online Backup currently is currently on Preview and does not support production environments.
- With System Center 2012 SP1, DPM can now backup data from the DPM server to an offsite storage managed by the Windows Azure Online Backup Service.
- System Center customers can avail of this functionality by signing up for the Windows Azure Online Backup service. Customers will need to download and install the Windows Azure Online Backup agent on the DPM server which will be used to transfer the data between the DPM server(s) and Windows Azure Online Backup service.
- Up to 120 DPM recovery points can be retained in Windows Azure Online Backup.
- Support for Windows Server 2008 R2 – Online backup can be enabled on DPM servers running on Windows Server 2008 R2.
- Support for protecting SQL Server.

Support for protecting SQL Server 2012 databases that use the AlwaysOn feature.
You can use a stand-alone instance of SQL Server 2012 to host the DPM database.
Support for protecting file server using Resilient File System (ReFS).
Support for protecting SharePoint 2013.
Support for protecting Exchange Server 2013.

↧

How to create a custom report in System Center 2012 Data Protection Manager

January 22, 2013, 9:27 am

≫ Next: KB: The Data Protection Manager database grows and the console crashes after installing Update Rollup 3

≪ Previous: System Center 2012 SP1 – Data Protection Manager is Generally Available!

As you already know, there are some reports that come out of the box when you install System Center 2012 Data Protection Manager (DPM):

However, you still might need a report that includes different information or a different format. Since DPM 2012 relies upon SQL Reporting services you have the opportunity to leverage that information and create as many reports and as complicated reports as you might possibly need.

This article will guide you through creating a very simple report just to show how it is done.

The first thing you will need is to install Report Builder 3: http://www.microsoft.com/en-us/download/details.aspx?id=6116

The installation is very straight forward:

The default target server url should be your ServerName/ReportServer_MSDPM2012

If you are not sure about your url, you can check the reporting services configuration manager and get the information from there.

So let’s open Report Builder and start creating a Custom Report:

For this example I am going to be using a blank report.

I am going to insert a table to present the information:

Since this is the first time I am adding information to this report, I will create a new DataSet and embed it to my report, then use the query designer:

You can use the prebuilt Data Source that should be located on your server - just click the browse button and select it:

Verify that the connection is working and click OK.

For this example I will be using the login credentials of the current user as this user is member of the local administrators group on the DPM server. Alternately you could specify a different account as long as it has the required permissions to create reports.

You will notice that there are already some Views that you can use. In my example I will create a report that shows the server name and the current version of the installed agent.

The default fields will show the column name but you are free to change the value to whatever makes sense to you, I will change them to Protected_Server and Agent_Version

Now it is time to customize the report too include whatever information is needed, so go ahead and just drag and drop whatever you need:

I will be adding an image to my report as well as the report name, the execution time, page number and report server url:

Once everything is in place you can hit the run button and take a look of what the report will look like and adjust any detail. When ready, just save the report to the ReportServer_MSDPM2012 url:

You will now see this report available for execution:

You can take advantage of the subscription features of SQL Reporting services to automatically create and send the report as needed:

In this next screen I am showing how to change the data set to present the space used / allocated by modifying the data set and editing the properties to show the information in GB with 2 digit roundup:

I hope you find this information useful as it allows you to query the actual DB of DPM you can create any report with any information you might possible need.

Jesus Gutierrez | Support Escalation Engineer

Get the latest System Center news onFacebookandTwitter:

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

↧

KB: The Data Protection Manager database grows and the console crashes after installing Update Rollup 3

January 28, 2013, 11:42 am

≫ Next: Hotfix: Backups are unsuccessful when you use Windows Azure Online Backup

≪ Previous: How to create a custom report in System Center 2012 Data Protection Manager

We just published a new KB article that explains an issue where after installing Update Rollup 3 for System Center 2012 Data Protection Manager you notice that the DPM database grows and eventually the DPM console will crash. This is fixed in SP1 but there’s an alternate workaround here:

KB2809773 - The Data Protection Manager database grows and the console crashes after installing Update Rollup 3 (http://support.microsoft.com/kb/2809773)

J.C. Hornbeck| Knowledge Engineer | Management and Security Division

Get the latest System Center news onFacebookandTwitter:

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

↧

Hotfix: Backups are unsuccessful when you use Windows Azure Online Backup

February 19, 2013, 8:42 am

≫ Next: How to provide redundancy for End User Recovery (EUR) of Distributed File System (DFS) shared data using DPM

≪ Previous: KB: The Data Protection Manager database grows and the console crashes after installing Update Rollup 3

When you try to back up data by using Windows Azure Online Backup, is the backup process is unsuccessful? If so this hotfix may be for you.

The Windows Azure Access Control Service (ACS) certificate uses a new certification authority (CA) chain and this can prevent communication between it and the Windows Azure Online Backup Agent. This communication fails because the backup agent cannot verify the server certificate that is presented by the Azure ACS service.

For all the details and a download link for the fix please see the following:

KB2816671 - FIX: Backups are unsuccessful when you use Windows Azure Online Backup (http://support.microsoft.com/kb/2816671)

J.C. Hornbeck| Knowledge Engineer | Management and Security Division

Get the latest System Center news onFacebookandTwitter:

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

↧

How to provide redundancy for End User Recovery (EUR) of Distributed File System (DFS) shared data using DPM

February 25, 2013, 11:26 am

≫ Next: Update Rollup 2 for System Center 2012 Service Pack 1–DPM updates

≪ Previous: Hotfix: Backups are unsuccessful when you use Windows Azure Online Backup

Hi, Michael Vargo here, and I wanted to take a minute and talk about how you can provide redundancy for End User Recovery of DFS shared data using Data Protection Manager.

The environment diagram below provides a baseline for an explanation of the options that can be utilized to provide redundancy for End User Recovery (EUR) of Distributed File System (DFS) shared data. Note that Microsoft does not “officially” support EUR redundancy with DPM but it can be achieved.

The decisions that must be made regarding which redundancy plan you will implement is primarily based on what resources in the environment are most likely to fail. Are you planning for a failure of a DFS server, a DPM server or an entire site?

In the event that a fileserver#1 should fail you will not need to have a separate copy of the DFS data backed up to another DPM server for users to be able continue accessing previous versions of DFS data. The clients accessing the DFS data will be redirected to fileserver#2 and can still access the recoverable data (previous versions) from DPM#1. However, DPM #1 will no longer be backing up the DFS data if fileserver#1 is down. This problem can only be addressed by having redundant DPM servers. If fileserver#1 will only be down for a short period, you may not want to make any changes to DPM and EUR.

If you are planning for a DPM server failure, you can establish redundancy through the use of secondary DPM protection or another DPM server protecting the replica of the DFS data on fileserver#2. Secondary protection is achieved by connecting the protection agent to DPM#1 from DPM#2. You will then be presented with a “Protected Server” option when enumerating data sources under DPM#1 from DPM#2 which allows you to create a redundant copy of the DFS data on DPM#2. You can then choose to “switch disaster protection” should DPM#1 go down. However, the use of a secondary DPM server provides no benefit to DFS protection and EUR. Switching protection does not recreate the required shares on the new primary DPM server or update any Active Directory objects. We will discuss these items in more detail shortly.

The information above is provided to explain why we recommend the use of a second DPM server that has no association with DPM#1 to provide redundancy for DFS backups and EUR. DPM#1 backs up DFS data on fileserver#1 and DPM#2 backs up the replicated DFS data on fileserver#2. This will provide the ability to continue DPM backups of the DFS data and EUR access to the DFS data should fileserver#1, DPM#1 or site#1 become unavailable. DPM#1 and DPM#2 should both be configured to meet your data retention requirements. Optimally we would enable EUR for DPM#1 and DPM#2, but DPM only supports enabling EUR on one DPM server at a time in Active Directory when protecting the same DFS shares from separate DPM Servers. You will need to disable EUR for DPM#1 by deleting the AD objects that get created when enabling EUR in the event we need to implement the disaster recovery plan.

There are two categories of items that get added when enabling EUR. The first is a set of AD objects that get created with the Extension of the AD schema as a result of enabling EUR. The second is a set of shares that get created on the DPM server.

The first AD object that gets created is cn=ms-sharemapconfiguration,cn=system,dc=domain,dc=local object. This gets created as a result of running DPMADSchemaExtension.exe . It is available on the DPM server in the c:\program files\Microsoft DPM\DPM\End User Recovery directory. It is run when enabling end-user recovery from the DPM options on the End-user Recovery tab. We frequently see issues where enabling end-user recovery fails when run from DPM where it fails with a message similar to “The Active Directory could not be configured.” You can also copy DPMADSchemaExtension.exe to a domain controller and run it manually as a user who is a member of both the "Schema Admins" and "Enterprise Admins" security groups.

The additional items will not be created until you successfully synchronize the DPM server with the protected DFS data after the schema extension. After the synchronization job you will see an object created under the cn=ms-sharemapconfiguration container for each DFS name space protected by DPM. It has a name in the format CN=GUID and a class of ms-srvShareMapping. The import information in this object includes the ms-backupSrvShare attribute which points to the DPM server that is protecting the DFS data and the ms-productionSrvShare which indicates the DFS node that is being protected by DPM.

The second set of items created upon the completion of a synchronization job after the schema is update are shares on the DPM server. These are the shares that users’ access when viewing the “previous versions” tab in the properties of an object on a EUR enabled DFS share. There will be one share for each protected DFS namespace. The screen shot below shows the shares for DFS namespaces Namespace1 and public. They are associated the name space on Sharepoint01 with the location of the replica of the files in the DPM storage pool.

The AD objects under cn=ms-sharemapconfiguration,cn=system,dc=domain,dc=local will automatically be removed if you uncheck “enable end-user recovery” from the DPM options on the End-user Recovery tab. However, if the DPM server has crashed or is otherwise unavailable you must manually remove these entries. The recommended tool to access and remove these objects is ADSIedit.msc. It will allow you to drill down to the cn=ms-sharemapconfiguration,cn=system,dc=domain,dc=local container and see all of the child objects that represent each of the DFS name spaces. All of the child objects representing the failed DPM#1 server must be removed before you enable EUR on DPM#2.

You can use repadmin.exe to create a query that will list all of the AD objects associated with the DFS name space being protected by a failed DPM server.

repadmin /showattr dc01 ncobj:domain: /filter:"(&(objectclass=ms-srvsharemapping)(ms-productionsrvshare=\\sharepoint01\namespace1))" /subtree

The above command would connect to a DC named dc01 and dump all attributes for all objects with an objectclass of ms-srvsharemapping where the ms-productionsrvshare attribute contains a value of \\sharepoint01\namespace1.

You could limit the output with the /atts: option to just dump specific values from the object. For example:

repadmin /showattr dc01 ncobj:domain: /filter:"(&(objectclass=ms-srvsharemapping)(ms-productionsrvshare=\\sharepoint01\namespace1))" /subtree /atts:name > ms-productionshare.txt

Michael Vargo | Senior Support Escalation Engineer | Microsoft CTS Management and Security Division

Get the latest System Center news onFacebookandTwitter:

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

↧

Update Rollup 2 for System Center 2012 Service Pack 1–DPM updates

April 11, 2013, 11:15 am

≫ Next: Reduce backup storage consumption of private cloud deployments using System Center 2012 SP1 – DPM

≪ Previous: How to provide redundancy for End User Recovery (EUR) of Distributed File System (DFS) shared data using DPM

Update Rollup 2 for Microsoft System Center 2012 Service Pack 1 (SP1) is now available and includes the following updates for Data Protection Manager:

Issue 1: An express full backup job in System Center 2012 Service Pack 1 may stop responding on a Hyper-V cluster that has 600 or more virtual machines.

Issue 2: When a System Center 2012 Service Pack 1 item level restore operation is performed on a SharePoint host header-based site collection, the restore operation is unsuccessful.

Issue 3: When you open Data Protection Manager on a computer that is running System Center 2012 Service Pack 1, the Welcome screen does not indicate the correct version of Service Pack 1.

Issue 4: When you perform a disconnected installation of the Data Protection Manager 2012 Service Pack 1 agent, you receive the following error message: Protection agent cannot be installed on a machine where DPM is installed.

Issue 5: When you use Data Protection Manager 2012 Service Pack 1 for tape backup, you receive the following error message: The operation failed because of a protection agent failure. (ID 998 Details: The parameter is incorrect (0x80070057))

Issue 6: Backups of CSV volumes may be unsuccessful with metadata file corruption in Data Protection Manager 2012 Service Pack 1.

Issue 7: The Data Protection Manager console may require more time to open than expected when many client systems are being protected.

You can get all the details and a download link here:

KB2802159 - Description of Update Rollup 2 for System Center 2012 Service Pack 1 (http://support.microsoft.com/kb/2802159)

J.C. Hornbeck | Knowledge Engineer | Microsoft GBS Management and Security Division

Get the latest System Center news on Facebook and Twitter:

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

↧

Reduce backup storage consumption of private cloud deployments using System Center 2012 SP1 – DPM

April 18, 2013, 2:36 am

≫ Next: SC 2012 SP1 – DPM: Windows 2012 VM Mobility – Uninterrupted Data Protection

≪ Previous: Update Rollup 2 for System Center 2012 Service Pack 1–DPM updates

System Center 2012 SP1 - DPM has enabled data protection for Windows 2012 Private Cloud deployments. Customers have been looking for a way to exclude some of the VHD/VHDX that have temp data or downloads or page files which have no value @ recovery time. Based on this feedback, we have introduced a new feature called “exclude VHDX”, where customer can configure DPM to exclude some of the VHDs on their backup. All backup admin has to do is run the following command on DPM server.

PowerShell

PS C:\> Set-DPMGlobalProperty -DPMServerName TestingServer -HyperVPagefileExclusions "*Temp.vhd"

By issuing this command, DPM excludes any file name that ends with “Temp.VHD” in the Delta Replication (DR). Since these files are included in the VM configuration and Hyper-V expects these files to be there for successful VM start, DPM copies these files for the first time and excludes in subsequent DRs. At the time of recovery, DPM will recover the “excluded” files as well. This will ensure that the Hyper-V is able to run VM successfully.

This command can take wild cards and multiple names. For ex., "*_pagefile.vhd,*mynotuseful*.vhd*" excludes backup of any vhd/vhdx that has word “mynotuseful” in their names and VHD file name that ends with “_pagefile.vhd”. Note that the file name strings are case insensitive. This command applies to all VMs protected by this DPM server. If there are multiple DPM servers present in the environment, this command needs to be run on each DPM server. One important aspect to consider at the VM deployment is pagefile size increases and its impact on VHD size. While Hyper-V allows changes to VHD file size after initial creation, it is advised to plan for VHD size at initial time itself. DPM backs up VHD only in the beginning and any subsequent changes in the VHD will not be backed up and could lead to issues at the time of VM recovery.

If this feature is enabled on the DPM server that has VMs being protected already, DPM will stop backing up the “exclude VHDs” in subsequent backups.

One of the biggest disk churning that has no value for customer @ recovery time is page file. Using this “exclude VHDs” feature, customer can remove the page file changes in the DPM backups. Here are the steps involved in excluding pagefile in backup.

1) Add a new VHD say “TempVHD” to the VM

2) Start the VM

3) Format the TempVHD disk and configure it to a drive letter say “E:\”

4) Move the pagefile to E:\

5) Run Set-DPMGlobalProperty -DPMServerName TestingServer -HyperVPagefileExclusions "Temp.vhd" on DPM Server

Once these steps are done, DPM will copy whole TempVHD as part of Initial Replication (IR) and will be excluded in subsequent DRs. If DPM goes through a CC or VM file spec changes, TempVHD will be copied in full and subsequent DRs will be skipped.

Our research found that, even though VM is churning at 10% of VM size a day, only 30% to 40% of this churning is due to the actual application data that is important to customer at recovery time but rest of the churning due to pagefile changes and temp file changes that has no use for customer at recovery time. In these kinds of environments, DPM 2012 SP1 brings in huge backup storage and network bandwidth savings. While actual storage savings vary depending on the environment, consider the following Windows 2012 64 node cluster with 4,000 VMs deployment.

Here is the storage consumption comparison between DPM 2012 and DPM 2012 SP1.

While the above example refers to Hyper-V CSV cluster, this feature works with all kinds of Hyper-V deployments that are protected by DPM 2012 SP1. Here are the list of deployments that are supported by DPM 2012 SP1.

1) Windows 2012 Hyper-V standalone

2) Windows 2012 Hyper-V CSV cluster

3) Windows 2012 Hyper-V standalone with remote Windows SMB file server (standalone or cluster)

4) Windows 2012 Hyper-V cluster with remote Windows SMB file server (standalone or cluster)

5) Windows 2008 R2 standalone

6) Windows 2008 R2 CSV cluster

As described in the TechNet article, Exclude VHD names can be added, removed or extended. Following command can be used to find out the current exclusions.

PowerShell

PS C:\> Get-DPMGlobalProperty –PropertyName HyperVPagefileExclusions

Note that, this is a DPM Global Property and so the values can be “set” only. So if additions or deletions to be done, first get the global property, modify string pattern, and then set the property again.

↧

SC 2012 SP1 – DPM: Windows 2012 VM Mobility – Uninterrupted Data Protection

April 24, 2013, 12:10 am

≫ Next: SC 2012 SP1 – DPM: Efficient Protection of Windows 2012 Dedup Volume

≪ Previous: Reduce backup storage consumption of private cloud deployments using System Center 2012 SP1 – DPM

Technorati Tags: DPM 2012 SP1 VM Mobility private cloud protection

One of the important features enabled in Windows 2012 is the ability to live migrate VMs anywhere. Whether the VM migrating within a cluster, across clusters, standalone to standalone or standalone to cluster or vice versa, VM will not be paused or interrupted at the time of VM live migration. This efficiency enables fabric administrators manage their fabric and load balance the environment and ensure that their private cloud deployments are running optimally. While this provides freedom and flexibility for fabric administrators, this poses management problem for backup administrators. As the fabric administrator leveraging these capabilities to optimize the fabric performance and taking these decisions independently backup administrators will not be aware of this until backup software fails to find the VM and so failing the backups. This kind of dynamic fabric provides problems for the backup administrators.

DPM 2012 SP1’s motto is to provide flexible and yet powerful backup solutions for your private cloud deployments. As part of this target, DPM introduced intelligence where DPM can detect the VM movement and continue VM protection, all without any active involvement from backup administrator. Also, not only DPM can detect the VM migration but also can continue protection efficiently when VM migration does not involve storage migration. As the VM migrates from one host(s) to another host(s), same DPM server will continue to retain the backup responsibility for this VM.

At the time of backup, DPM detects the VM’s new host by communicating with VMM. At the time of backup, DPM interacts with VMM to find the VM’s new host. Based on the information, DPM communicates with new host(s) for taking backups. In order to achieve this, backup administrators need to connect DPM(s) to VMM server and all host(s) where VM “will” be migrated to, so that DPM can communicate with the new host(s) to backup VM when it migrates.

Enable DPM communication with VMM:

In order for DPM to interact with VMM, make DPM machine account as “ReadOnly” administrator on VMM and as discussed here. This will allow DPM to enquire about any VM which might be residing anywhere in VMM’s fabric/cloud. DPM communicates with VMM using VMM power shell. So, VMM client should be installed on DPM Server. Also, configure DPM with the VMM server name by setting DPM global property called “KnownVMMServers”. Here are the steps that need to be performed for setting up DPM server ready for VM Live Migration: Uninterrupted data protection.

1) Install VMM Console on the DPM server. Ensure that the VMM console and VMM server are of same version.

2) Install DPM protection agent on all “targeted” hosts and attach to this DPM server

3) Using elevated DPM Windows PowerShell, run Set-DPMGlobalProperty as shown below on the DPM server

Set-DMGlobalProperty –DPMServerName DPM01 –KnownVMMServers VMMTST01

Above command preps DPM server to communicate with VMM server named VMMTST01. Subsequently DPM consults VMM server for any VM backup to find its new host(s). Please note that DPM server can interact with only one VMM server and so the variable should be set with only one VMM server. DPM PowerShell can be used to verify that the global property is set properly by using Get-DPMGlobalProperty as shown below.

4) Start the DPMVMMHelper service

Also, all “potential target” hosts should be configured to connect with this particular DPM server. As mentioned previously, DPM now supports DPM scale out feature. So, same Hyper-V host(s) can be configured to communicate with multiple DPM servers. For an interrupted data protection, DPM should already be attached to all host(s) where the VMs are going to be migrated.

Windows 2012 VM live migrate “anywhere”, makes the VM migration possible in various kinds of Hyper-V deployments. There are three kinds of VM live migration at a high level.

A VM live migration where the migration involves only compute but not storage
A VM live migration where the migration involves both compute and storage
A VM live migration where migration involves only storage but not compute

Whenever there is a storage migration involved in a VM live migration, DPM will do onetime full CC of the VM (ie., read VM on both “new” Hyper-V host(s) and DPM server, compare checksum and then transfer changed content to DPM server). Normal expressfull Delta Replication (DR) backups will resume after CC. When live migration doesn’t involve storage migration, DPM do not need to go through full CC and so expressfull DR backups will continue. Here is the list of combinations that live migration can be done and DPM’s protection behavior.

As DPM is dependent on the VMM to know where the VM has been migrated to, for an effective backup, it is advised to do the VM migration using VMM Live Migration workflow as described here. In some of the scenarios, Windows 2012 VM live migration with storage migration causes VM to be “rearranged” on the destination. This leads to almost whole size of VM being backed up by DPM via CC in the next backup. DPM has a new service named DPM VMM Helper Service which will be interacting with the VMM server. This service will be running on system context.

While connecting all hosts to single DPM enable “uninterrupted VM protection” and SC 2012 SP1 – DPM enhanced its scale, a single DPM server cannot protect all VMs in the private cloud deployment. Considering this, DPM 2012 SP1 introduced a new capability called scaleout feature where multiple DPM servers can protect VMs on a single host or a single cluster. This is further discussed in the blog “SC 2012 SP1 – DPM: Leveraging DPM ScaleOut feature to protect VMs deployed on a big cluster”.

VM Recovery

With the mobility in picture, DPM recovery scenarios are changed a little bit. Any recovery points on or after the latest recovery point can do Original Location Recovery (OLR) meaning the VM can be recovered to location where the VM is currently running. For all these recovery points, DPM can do Alternate Location Recovery (ALR) and Item Level Recovery (ILR) as well. For all recovery points before last VM live migration, only ALR and ILR are possible. OLR scenario is not supported for these recovery points.

Due to various restrictions, VM mobility cannot be combined with Secondary DPM protection (or DPM DR).

↧

SC 2012 SP1 – DPM: Efficient Protection of Windows 2012 Dedup Volume

April 29, 2013, 7:17 am

≫ Next: Support Tip: Hyper-V hosts fail and log Event ID 5120 when being backed up

≪ Previous: SC 2012 SP1 – DPM: Windows 2012 VM Mobility – Uninterrupted Data Protection

Windows 2012 introduced deduplication feature that provides great savings for the file systems with lot of redundant data. File systems in general, most of the data is cold meaning most of the files are not changed. Windows 2012 deduplicates the cold file contents where all the common “chunks” in various files are stored in common area and the actual file will have links to the common chunk area. This will lead to a huge savings when there is lot of duplicate content in the files.

DPM 2012 SP1 can now protect a Windows 2012 deduplicated volume efficiently. When user chooses to protect a full volume that is deduplicated, DPM recognizes that this is a deduplicated volume and copy the content efficiently providing huge network and DPM storage savings. When a file system is deduplicated, Windows 2012 keeps all common chunks under chunk store located in sysvol. All the files will have links called reparse points that will point to chunk store. DPM initially copies the whole chunk store and all files in deduped format. In subsequent delta replications (DRs), DPM tracks changes in both chunk store as well as on the files and transfer only changed content. This means that DPM transfers the deduplicated volume in a dedup format.

Deduplication can be enabled on a volume as described here. Once this is enabled, deduplication logic will work on the “cold” files as configured by user and deduplicates data causing the storage reduction on the volume. Once the PG is created with the whole volume backup, DPM has intelligence built in that detects deduped volume and backs up data efficiently. For ex., if a volume has 100GB of files before deduplication and its storage consumption gone down to 70GB after deduplication, DPM transfer the content as part of Initial Replication (IR) as 70GB over the wire and store it as 70GB. This provides great DPM network and storage savings. Here are the steps to be followed to leverage this capability.

1) Assume that the PS1 is the production server where the file system volume (Vol1) is residing and DPM1 is DPM server.

2) Install Deduplication role on PS1

3) Enable Deduplication on Vol1

4) Install DPM server on DPM1

5) Install Deduplication role on DPM1 machine

6) Install DPM agent on PS1

7) Create Protection Group (PG) and select Vol1 on PS1 with appropriate protection settings

8) DPM will not only recognize that this is a deduplicated volume but also transfers the content efficiently

Even though DPM efficiently backups the file system, backup admin can still leverage DPM’s Item Level Recovery (ILR) capability to recover small set of files or directories instead of the whole volume. DPM is able to achieve this by leveraging Windows 2012 Dedup technology to understand the file system and recover the required items. This is the reason, DPM server should be running on Windows 2012 and Dedup role need to be installed. Note that the Dedup capability should not be enabled on the DPM storage (replica or shadow copy volumes). This efficient backup capability can be availed only when full volume is backed up and restored. Here is the table that shows various scenarios and DPM’s protection and recovery efficiency capabilities.

Internal workings of DPM Dedup Backup and Recovery:

Windows 2012 deduplicates data at a volume level and stores all “dedup” chunks in sysvol folder called chunkstore. All the files that has the “duplicate” content will point to this chunk store. By having links for duplicate content, Windows is able to reduce the storage consumption. DPM agent on the file server recognizes that the volume has dedup enabled, reads the files in “shallow” form and stores on DPM in “shallow” format. DPM also copies the whole chunk store located in sys volume folder as is. DPM expanded its “expressfull” technology to Dedup file system protection as well. This means, the DPM will continue to track the file changes and at the time of backup DPM will just copy the changed content.

There are various kinds of recovery options available with DPM. Each kind of recovery has a specific requirement to leverage the dedup efficiencies. All of these details are captured below. Note that all of the below scenarios assumes that the source volume was deduped at protection time DPM protected full volume efficiently.

Once the Dedup file system is protected to primary DPM server, the file system cannot be protected to secondary DPM server. Deduped file system protection to DPM server can be further extended to Online protection by opting-in for Windows Azure Backup. As the Windows Azure Backup supports “subset” of the protected resources, the protection to Azure will be done only for files that were selected for DPM Azure and will be done in unoptimized format. End User Recovery feature is not supported for Dedup Volume protection.

One frequently asked question is, why shouldn’t we enable dedup on DPM storage volumes (replica and shadow copy volumes). This needs understanding of how DPM stores its backup data. DPM has replica volume which reflects latest and greatest snapshot of the production server. As part of IR, Replica Volume will reflect the production server and a snapshot is created. At the time of next backup, DPM copies the new content onto replica volume which will cause a Copy On Write (COW) onto shadow copy volume as VolSnap is keeping the old snapshot intact. After backup completes, DPM creates a snapshot on Replica volume. VolSnap will do COW for any subsequent changes to this “snapshotted” volume. So, when dedup engine try to deduplicate the content, all writes on Replica Volume will lead to COW and so bloats up diff area. So, actual DPM storage consumption will go up due to this diff area increase. Another issue is that DPM’s CC logic will not work as the files on DPM side and on production side are mismatching. This makes CC think that backups are not proper and transfer all content again. So, dedup should not be enabled on DPM storage volumes.

Another interesting scenario where dedup is enabled on the volume that is already being backed up. When dedup is enabled on the volume, dedup will change almost all of files as part of dedup logic even though actual content is not changed. In the next backup, DPM sees this as file changes and will transfer all deduped files. This leads to a one time spike in DPM backup storage consumption.

↧

Support Tip: Hyper-V hosts fail and log Event ID 5120 when being backed up

April 29, 2013, 11:09 am

≫ Next: SC 2012 SP1 – DPM: Leveraging DPM ScaleOut feature to protect VMs deployed on a big cluster

≪ Previous: SC 2012 SP1 – DPM: Efficient Protection of Windows 2012 Dedup Volume

Michael Vargo| Senior Support Escalation Engineer

Some customers are experiencing failures on Windows Server 2012 Hyper-V hosts that utilize Cluster Shared Volumes (CSVs) when backing up virtual machines (VM’s) using System Center 2012 Data Protection Manager (DPM 2012) with Service Pack 1 (SP1).

When this occurs the following error is logged on the Hyper-V hosts.

Log Name: System
Source: Microsoft-Windows-FailoverClustering
Event ID: 5120
Logged: <date/time>
Details: Cluster Shared Volume 'Volume2' ('ClusterStorage Volume 2') is no longer available on this node because of 'STATUS_CLUSTER_CSV_AUTO_PAUSE_ERROR(c0130021)'. All I/O will temporarily be queued until a path to the volume is reestablished.

You will also see the VM’s pause temporarily, go in to a paused state, shut down or see memory spikes on the Hyper-V hosts. Configuring serialized backups doesn't help the problem.

It has been determined that any backup product using shadow copies results in the same errors, thus this isn't necessarily a DPM 2012 SP1 issue. The Windows Server 2012 cluster CSV team is investigating this problem.

The Windows team has released a fix to address CSV backup issues and it is available for download. This will address the known memory leak issue along with some other issues that were discover during testing. You can find the hotfix here:

KB2813630 – Virtual machine enters a paused state or a CSV volume goes offline when you try to create a backup of the virtual machine on a Windows Server 2012-based failover cluster (http://support.microsoft.com/kb/2813630)

The Windows team is also investigating other issues found during testing that not included in this release. However, they wanted to get this update published since the memory leak issue is fixed and will provide immediate relief.

The following Knowledge Base article lists KB2813630 as well as other updates recommended for Windows Server 2012-based Failover Clusters:

KB2784261 – Recommended hotfixes and updates for Windows Server 2012-based Failover Clusters (http://support.microsoft.com/kb/2784261/EN-US)

To avoid CSV failovers, you may have to make additional changes to the computer after you install the hotfix. For example, you may be experiencing the issue described in this article because of the lack of hardware support for Offloaded Data Transfer (ODX). This causes delays when the operating system queries for the hardware support during I/O requests.
In this situation, disable ODX by changing the FilterSupportedFeaturesMode value to 1 for the storage device that does not support ODX by using the following command on all nodes of the Cluster using Windows PowerShell.

Set-ItemProperty hklm:\system\currentcontrolset\control\filesystem -Name "FilterSupportedFeaturesMode" -Value 1

For more information about how to disable ODX, see the following Microsoft website:

General information about how to deploy ODX : http://technet.microsoft.com/en-us/library/jj200627

Michael Vargo| Senior Support Escalation Engineer | Microsoft GBS Management and Security Division

Get the latest System Center news onFacebookandTwitter:

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

↧

SC 2012 SP1 – DPM: Leveraging DPM ScaleOut feature to protect VMs deployed on a big cluster

May 1, 2013, 5:16 am

≫ Next: MVP Speaker Series Presentation on “Backup That Really Works”

≪ Previous: Support Tip: Hyper-V hosts fail and log Event ID 5120 when being backed up

Windows 2012 improved the CSV clustering by increased scale and performance. Windows 2012 clusters can be as big as 64 nodes and 8000 VMs. Windows 2012 clusters can now have their storage on a Cluster Storage Volume or can be a remote SMB share which in turn can be a scale out clusters. As part of DPM 2012 SP1s mission of enabling efficient backup for Windows 2012 private cloud deployments, DPM leveraged Windows 2012 CSV capabilities and improved backup performance by 900% (assuming VM had 10% churning per day). DPM 2012 SP1 can now protect 64 node clusters as opposed to 16 node clusters. Even though DPM 2012 SP1’s scale numbers have increased to 800 VMs with 100GB average VM size with 3% churning per day and once a day backup, one DPM server cannot protect 64 node clusters. Until DPM 2012 SP1, VMs on a cluster can only be protected by a single DPM server. This meant that DPM 2012 could not protect a 64 node cluster. With DPM 2012 SP1, VMs on a single cluster can be protected by multiple DPM servers. This is achieved by DPM’s architectural breakthrough implementation of DPM ScaleOut feature. By using this feature, agents running on a Hyper-V cluster can be “attached” to multiple DPM servers. Each DPM server can be configured to protect “some” VMs on a cluster. The strong affinity of a VM and its “backing up” DPM server is still maintained. So, even though the VM is migrated within a cluster or across clusters, same DPM server will continue to protect the VM even if the VM is migrated to other Hyper-V deployments. Refer to the blog article “VM Mobility: Uninterrupted data protection” blog article located here.

Enabling DPM Scale out feature is basically about agent installation on node(s) and attaching them to multiple DPM servers. This can be achieved by performing below mentioned steps.

Calculate the number of DPM servers required for protecting a cluster using DPM 2012 SP1 Hyper-V Calculator

For ex., assume that this particular deployment has 64 node cluster with 4000 VMs
100GB average VM size
Once a day backup
3% a day data churning
Per DPM 2012 SP1 Hyper-V Calculator, 5 DPM servers are required to protect this 64 node cluster. Let us name them as DPM1,… DPM5

Deploy DPM agent on all nodes via one of the DPM servers say DPM1 as mentioned here or manually as described here
Now all 64 nodes’ agent can communicate with DPM1 and DPM1 can protect any VM on 64 node cluster
Next step is to connect all 64 nodes to DPM2, … DPM5 with the following steps

On each node of 64 node cluster run the following commands to connect to all required DPM servers

SetDpmServer.exe –Add–dpmServerNameDPM2
SetDpmServer.exe –Add–dpmServerNameDPM3
SetDpmServer.exe –Add–dpmServerNameDPM4
SetDpmServer.exe –Add–dpmServerNameDPM5

On each DPM server (DPM2 to DPM5) for each cluster node

Attach-ProductionServer.ps1 DPM2 nodeN<user name> <password> <domain> as described in step5 here
Or use DPM’s administrator console, management, Agents, click “Install” and select the “attach agents” as shown below

Perform agent attach operation for all DPM servers and all 64 nodes of the cluster
By following these steps, all DPM servers are connected to all 64 nodes on the cluster

For configuring VM backup, create PG(s) with/without colocation depending on various parameters, protect VMs on each DPM sever. As mentioned above, once a VM is protected by a DPM server, that VM is managed by this particular DPM server for the rest of the VM life cycle. By following this procedure, 5 DPM servers are needed to protect 4000 VMs on a 64 node cluster (actual DPM requirements vary depending on the VM size, number of VMs, VM churning etc). To protect them one can take multiple methods to protect VMs. If this is a organically growing environment, one can start protecting with one DPM server and when it reaches its limits, deploy another DPM server to protect rest of the VMs and so on. If the deployment is already big and customers are opting-in for backup on a regular basis, one can deploy multiple DPM servers at the same time and load balance the VM protection across multiple DPM servers. Backup admin can protect VMs in a DPM server by performing following steps.

1. Opt-in for new protection and expand cluster

2. Select VM to be protected

3. Configure VM protection parameters

Due to the increased cluster sizes, the first step can take a long time for the scanning the cluster and configure the backups. Considering this, DPM 2012 SP1 dramatically improved on the time it takes to achieve first step above for clusters. DPM improved this by two ways. One expanding caching for cluster parameters and other by improving the VM enquiry performance by performing enquiry of all VMs per node in a single step. Here are the steps in achieving optimal enquiry performance when enquiring VMs in a CSV cluster. First time when DPM is started to protect VMs of a cluster, following steps are to be done to improve the backup configuration performance.

a) Click and expand each node of the cluster as shown below. Overall node level resource population should take about 3 to 5 minutes depending on the Hyper-V load running etc. So, scanning whole cluster would roughly take about 5 to 7 minutes.

b) Once the node level enquiry is complete, then expand the Cluster that will show all the VMs that can be selected for protection as shown below.

c) Follow usual protection steps after this.

Once PG is created on the cluster, DPM will cache the cluster, nodes and VM info and will update the caching as part of nightly jobs. At times, refreshed data is necessary for protecting newly deployed VMs. In that case, either backup admin can wait for next day or force fresh enquiry on the cluster manually by initiating the fresh enquiry process as described in steps #a and #b above.

Other points to consider:

Secondary DPM protection is not supported for a scale-out DPM server deployments.

In each DPM server connected to this cluster show all VMs that are present in the cluster even though a particular VM might already been protected by another DPM server. Backup admin is advised not to protect the VM on multiple DPM servers. If a VM is protected initially by DPM1 and then protected by DPM2, DPM2 will take ownership of the VM and protecting from this DPM server. Backups on DPM1 will fail. If this is done by mistake, DPM admin can follow the steps mentioned below.

· Stop protect (with retain data to keep the current recovery points that are in this server) on DPM2

· Go to DPM1 and force CC on the VM and backups would resume on DPM1 and DPM1 will now be the owner of this VM

As the scale out option enables the protection of any VM on cluster by any DPM server, AutoProtectInstance.ps1 that enables auto protection of all VMs on a cluster to a DPM server cannot work in this environment.

As scale out feature can potentially do unlimited number of backups from one node causing production server workload, we limited the number of concurrent backups to 8 per node.

If the number of concurrent backups is exceeded, the recovery point job will fail with following details and error code.

Type: Recovery point
Status: Failed
Description: DPM could not run the backup job for the data source because the number of currently running backup and recovery jobs on the Production server has reached its limits.
Data source: \Backup Using Child Partition Snapshot\Server name
Production Server: XXXXXX (ID 3185 Details: Internal error code: 0x809909E5)

Backup admin will see following Alert messages as a reason for backup failure. As this effects production deployments and is dependent on node to node, this is a node specific parameter.

DPM could not run the backup job for the data source because the number of currently running backup and recovery jobs on the Production server has reached its limits. Data source: %DatasourceName; Production Server: %ServerName; Reduce the number of backup/recovery jobs running on this production server, or wait for some backup and recovery jobs to complete and retry the operation.
DPM could not run the recovery job for the data source because the number of currently running backup and recovery jobs on the Production server has reached its limits. Data source: %DatasourceName; Production Server: %ServerName; Reduce the number of backup/recovery jobs running on this production server, or wait for some backup and recovery jobs to complete and retry the operation.

The number of concurrent backups is a configurable parameter described below error messages located in DataSoureResourceLimit.xml located in DPM agent installation folder on production server. DPMRA need to be restarted by going to services and click restart of DPMRA service to take this change effected.

<DatasourceLimits>
    <Writer writerId="66841cd4-6ded-4f4b-8f17-fd23f8ddc3de" version="0" isParallelRecoveryAllowed="true">
        <MaxLimit value="8" type="1"/>–> This represents the number of backups allowed for Hyper-V workloads. Fine tune this number based on the number of VMs, parallel backup load that can be allowed on production server etc.
        <MaxLimit value="8" type="2"/>
        <MaxLimit value="8" type="3"/>
        <MaxLimit value="8" type="4"/>–> This represents the number of recoveries allowed for Hyper-V workloads. Fine tune this number based on the number of VMs, parallel recovery load that can be allowed on the production server etc.
    </Writer>
</DatasourceLimits>

DPM Scale out feature is supported only for Windows 2012 Hyper-V CSV workloads.

↧

MVP Speaker Series Presentation on “Backup That Really Works”

May 15, 2013, 11:48 pm

≫ Next: DPM and System State Backup Explained

≪ Previous: SC 2012 SP1 – DPM: Leveraging DPM ScaleOut feature to protect VMs deployed on a big cluster

MVP Logo

Robert Hedblom, one of our Microsoft MVPs, gave a great presentation a few days ago on “Backup That Really Works” using multiple components of the System Center 2012 SP1 suite. If you would like to watch the presentation, check it out on the Partner and Customer Solutions blog!

If you would like to review the deck, you may find it located here.

Check out this post for more details on the Windows Server/System Center MVP Speaker Series.

↧

DPM and System State Backup Explained

May 16, 2013, 10:38 am

≫ Next: How to setup DPM 2012 to protect SharePoint 2010

≪ Previous: MVP Speaker Series Presentation on “Backup That Really Works”

Chris Butcher| Senior Support Escalation Engineer

Hello again folks, this is Chris Butcher and I realized it has been too long since my last blog post. I recently worked with a customer and through our conversations realized that there is a lack of information out there on how System Center 2012 Data Protection Manager (DPM) protection for System State and Bare Metal Recovery (BMR) works. While it is a short read, it seemed like a good opportunity to be sure the information is out there.

So, as we were talking about the specifics of a system state backup, I found that the documentation wasn’t quite as thorough as it should be. This will focus primarily on that piece (system state) mainly because the BMR piece is pretty basic and doesn’t need too much attention.

The process for both will be focused on Windows 2008 and forward. This is when DPM began leveraging the new Windows Server Backup (WSB) feature as NTBackup had been deprecated.

What happens when a system state backup is taken against a protected server? Well, the first thing DPM does is communicate with WSB to request a backup of the server’s system state. While this seems basic, there are some other items to be considered during this process. Behind the scenes, DPM and WSB made a determination when the agent was installed as to which drive it would use. This by default is the drive with the most available free space. That information gets saved into the PSDataSourceConfig.XML file (which we will talk about later). This is the drive WSB will use to do backups to.

WARNING: While this seems like a pretty simple calculation that will likely not affect you, there is one caveat here to be aware of. If the server you are protection is a member of a cluster, it is possible that a cluster drive will be selected in this process. If that drive ownership has been switched to another node, then next time system state for the node is done, the drive is no longer available and the backup will fail. In this situation, you will need to modify the PSDataSourceConfig.XML to point it to a local drive. This process is detailed later.

WSB will then create a folder on the root of that drive called WindowsImageBackup. As it creates the backup, all of the data will be put there. Upon completion of the backup, the file will then be transferred over to the DPM server.

As shown here, you can see that my DPM server shows a backup done at 10:23PM.

On the computer I am protecting (in this case cbutch782), you will find the WindowsImageBackup folder on my C: drive with a creation date/time that matches.

This is where there may be confusion. The following two points aren’t common knowledge:

1. This folder and its contents do not get cleaned up after the backup or transfer is done. The best way to think of this is that the space is being reserved for the next time a backup is done.

2. The folder gets created every time a backup is done. The time/date stamp will reflect the time of your last system state backup.

How does this differ from a BMR backup? Well, with BMR (which inherently captures a system state as part of the process), the backup job will be done directly to a share on the DPM server. What happens is that the DPM server shares out the replica volume for that BMR backup and when it calls WSB, it just tells it to not use the drive with the most free space, but instead use the share that it has created for this job.

So, you are probably asking yourself how you can change this behavior. You may not want DPM to use a given drive for the system state backup. Well, you are in luck. There is a way to tell DPM which drive to use.

1. On the server you are backing up, navigate to C:\Program Files\Microsoft Data Protection Manager\DPM\Datasources.

2. There you will find a file named PSDataSourceConfig.XML. Right click that file and choose to edit.

3. Find the section for <FilesToProtect> which is followed by a drive letter and WindowsImageBackup. This will be the current location WSB will put the files.

4. Modify the file to reflect the drive letter you want WSB to use. In my case, I changed it to use my E: drive.

5. Once this is done, close and save the file.

6. Go back to the DPM server and run a consistency check against the System State data source.

You can see that after running that in my case, I now have a new folder on my E: drive with the time/date that matches the consistency check (which of course also creates a recovery point).

And on the DPM server, we see the same time and date as the WindowsImageBackup folder.

Well, that’s about it for system state backups. As I said, it is primarily informational to allow our users to better understand the process and hopefully not be too surprised when the find a random folder somewhere on their protected computer. Fear not, it is expected!

Here are some other blog posts and troubleshooting steps you can walk through that deal with system state and BMR backups.

BLOG POSTS:

· http://blogs.technet.com/b/filecab/archive/2009/05/04/deciding-between-system-state-backup-and-allcritical-backup-in-windows-server-2008.aspx

· http://blogs.technet.com/b/dpm/archive/2011/10/31/troubleshooting-data-protection-manager-system-state-and-bare-metal-backup.aspx

· http://blogs.technet.com/b/dpm/archive/2010/05/12/performing-a-bare-metal-restore-with-dpm-2010.aspx

TechNet: Troubleshoot VSS issues which occur with Windows Server Backup (WBADMIN) on Windows Server 2008 and Server 2008 R2:

http://technet.microsoft.com/en-us/library/ee692290(WS.10).aspx

Chris Butcher| Senior Support Escalation Engineer | Microsoft GBS Management and Security Division

Get the latest System Center news onFacebookandTwitter:

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

↧

How to setup DPM 2012 to protect SharePoint 2010

May 22, 2013, 8:24 am

≫ Next: KB: Restoring a SharePoint default.aspx file in Data Protection Manager fails with Invalid Pointer (0x80004003) error

≪ Previous: DPM and System State Backup Explained

Microsoft’s own Chris Butcher posted a couple great videos that walk you through how to protect SharePoint 2010 using System Center 2012 Data Protection Manager. It’s a two part series which run about a half an hour each and you can check them out below.

Part 1

Part 2

J.C. Hornbeck| Knowledge Engineer | Microsoft GBS Management and Security Division

Get the latest System Center news onFacebookandTwitter:

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

↧