Kevin Holman's System Center Blog

Posts in this blog are provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified in the Terms of UseAre you interested in having a dedicated engineer that will be your Mic

DPM 2012 R2 – QuickStart Deployment Guide

DPM 2012 R2 – QuickStart Deployment Guide

  • Comments 18
  • Likes

The following article will cover a basic install of Data Protection Manager 2012 R2.   A dedicated DPM server, and shared SQL server will be deployed.    This is to be used as a template only, for a customer to implement as their own pilot or POC, or customized deployment guide. It is intended to be general in nature and will require the customer to modify it to suit their specific data and processes.

This is not an architecture guide or intended to be a design guide in any way. This is provided "AS IS" with no warranties, and confers no rights. Use is subject to the terms specified in the Terms of Use.

Server Names\Roles:

  • DB01               SQL Database Services, Reporting Services
  • SCDPM01       Management Server, Web Console server

Windows Server 2012 R2 will be installed as the base OS for all platforms.  All servers will be a member of the AD domain.

SQL 2012 with SP1  will be the base standard for all database and SQL reporting services. 

High Level Deployment Process:

1.  In AD, create the following accounts and groups, according to your naming convention:

  • DOMAIN\DPMAdmins        DPM Administrators group
  • DOMAIN\SQLSVC               SQL service account

2.  Add the domain user accounts for yourself and your team to the “DPMAdmins” group.

3.  Install Windows Server 2012 R2 to all server role servers.

4.  Install Prerequisites and SQL 2012 with SP1.

5.  Install the DPM Server

6.  Install the DPM Central Console

6.  Deploy Agents

7.  Configure the Central Console

Prerequisites:

1.  Install Windows Server 2012 R2 to all Servers

2.  Join all servers to domain.

3.  Install all available Windows Updates.

5.  Add the “DPMAdmins” domain global group to the Local Administrators group on each server

6.  On the DPM server, .Net 3.5SP1 is required. Setup will not be able to add this feature on Windows Server 2012.  Open an elevated PowerShell session (run as an Administrator) and execute the following:

Add-WindowsFeature NET-Framework-Core

***Note – .NET 3.5 source files are removed from the WS2012 R2 operating system.  You might require supplying a source path to the installation media for Windows Server 2012 R2, such as:   Add-WindowsFeature NET-Framework-Core –source D:\sources\sxs

7.  On the SQL server, install the SQL Remote prep.  http://technet.microsoft.com/en-us/library/hh758058.aspx  Run the DPM Setup.exe, then from the screen choose “DPM Remote SQL Prep”.

8.  On the DPM server, install SQL Management studio.  This is located on the media at \SCDPM\SQLSVR2012SP1\SQLManagementStudio_x64_ENU.exe.  Execute this and walk through the wizard, Installation, New SQL installation, and accept defaults.

9. Install SQL 2012 with SP1 to the DB server role

  • Setup is fairly straightforward. This document will not go into details and best practices for SQL configuration. Consult your DBA team to ensure your SQL deployment is configured for best practices according to your corporate standards.
  • Run setup, choose Installation > New Installation…
  • When prompted for feature selection, install ALL of the following:
    • Database Engine Services
    • Full-Text and Semantic Extractions for Search
    • Reporting Services - Native
  • Optionally – consider adding the following to ease administration:
    • Management Tools – Basic and Complete (for running queries and configuring SQL services)
  • On the Instance configuration, choose a default instance, or a named instance. Default instances are fine for testing and labs. Production clustered instances of SQL will generally be a named instance. For the purposes of the POC, choose default instance to keep things simple.
  • On the Server configuration screen, set SQL Server Agent to Automatic.  You can accept the defaults for the service accounts, but I recommend using a Domain account for the service account.  Input the DOMAIN\sqlsvc account and password for Agent, Engine, and Reporting.
  • On the Collation Tab – you can use the default which is SQL_Latin1_General_CP1_CI_AS or choose another supported collation.
  • On the Account provisioning tab – add your personal domain user account or a group you already have set up for SQL admins. Alternatively, you can use the DPMAdmins global group here. This will grant more rights than is required to all DPMAdmin accounts, but is fine for testing purposes of the POC.
  • On the Data Directories tab – set your drive letters correctly for your SQL databases, logs, TempDB, and backup.
  • On the Reporting Services Configuration – choose to Install and Configure. This will install and configure SRS to be active on this server, and use the default DBengine present to house the reporting server databases. This is the simplest configuration. If you install Reporting Services on a stand-alone (no DBEngine) server, you will need to configure this manually.
  • Setup will complete.
  • You will need to disable Windows Firewall on the SQL server, or make the necessary modifications to the firewall to allow all SQL traffic.  See http://msdn.microsoft.com/en-us/library/ms175043.aspx

      Step by step deployment guide:

      1.  Install the DPM Server role on SCDPM01. You can also refer to: http://technet.microsoft.com/en-us/library/hh758153.aspx

      • Log on using your personal domain user account that is a member of the DPMAdmins group.  This use must have rights to the DPM server and the SQL server, as well as SA rights to the SQL instance.
      • Run Setup.exe
      • In the Install list, click Data Protection Manager.
      • Accept the license and click OK.
      • On the Welcome page, click Next
      • Choose to use stand alone SQL server, and input server name.  Input your credentials that has rights to this server and the SQL server and instance, and choose “Check and Install”.
      • Resolve any prerequisite issues.  Click Next.
      • Input the Product key, and click Next.
      • Choose an install path, click Next.
      • Chose to use Windows Update or not, click Next.
      • Choose to join the CEIP or not, Next.
      • Click Install.
      • Setup Completes.  Click Close.

      2.  Install the Central Console.

      • Installing the Central Console assumes you have already deployed SCOM, as DPM will use SCOM for the centralized management of multiple DPM servers.
      • First – deploy a SCOM agent to the SCDPM server.
      • On your SCOM server, run Setup.exe from the DPM media.  You might need some prerequisite software to run the install.  Correct any issues.  I needed to install the Visual C++ Redistributable from the media at \SCDPM\Redist\vcredist\vcredist2008_x64.exe
      • Install the “DPM Central Console” from the setup screen.
      • Accept the license, OK.
      • Click Next on the Welcome screen
      • Choose server-side and client-side.
      • Fix any prerequisites and click Next.
      • Choose a path, Next
      • Choose to use Windows Update or not, click Install.
      • Click OK, Close.
      • Install the client components anywhere you run the SCOM console and need to administer DPM servers.
      • Import the SCOM management packs for DPM 2012 R2.  They are located on the media at \SCDPM\ManagementPacks
      • Wait enough time for discovery to occur, and ensure that your DPM servers are discovered in the DPM Servers State View:

      image

      3.  Add DPM storage.

      • Add a disk to your VM or physical DPM server for the purposes of containing the replicas and recovery points.  This disk should not have any volumes defined.
      • Open the DPM Console, Management, Disks. 
      • Click “Add” and add any disks available that you want in the backup storage pool.

      image

      4.  Install protection agents

      • In the Console, Management, Agents.  Click “Install”
      • Select Install Agents, and select computers in your domain from the search box or list.  I select some SQL servers, my Domain Controllers, and my Hyper-V Hosts.

      image

      • Provide credentials that has local admin rights to install the agent on each computer you chose.
      • Choose No, don’t let DPM restart computers.
      • Start the agent install.  The “Task” results view will show you progress.  There “Errors” tab will display details about any that failed.  One of mine failed due to a firewall issue.  See the product documentation about ports necessary for firewalls.

      5.  Create a Protection Group

      • Console > Protection.  Click “New”
      • Choose Servers
      • Select objects to protect on your servers.  DPM automatically detects specific roles, such as SQL, Hyper-V, Exchange, SharePoint.
      • Here I have selected my domain controllers:

      image

      • Give the Protection group a name.  Choose protection to Disk.  Click Next.
      • Set retention time, synchronization, and backup times.
      • Review the Disk Allocation and ensure you have enough storage available for the protection.
      • Start the protection of computers by kicking off the replica now.
      • For a system state/bare metal backup of domain controllers, you will need to ensure the Windows Server Backup feature is installed.

      6.  Protect SQL Server

      • The most common SQL server back routines call the VSS wirter in SQL to perform an online backup of the entire database.  This flushes the transaction logs and ensures the database is consistent and restorable for that point in time.  Then, another process would backup the uncommitted transactions on a much more frequent basis.  DPM works in a very similar fashion.
      • Create a new protection group.  Choose “Servers”  Click “Next”
      • Select a SQL server that has a DPM agent, and expand it in the list.  Select a SQL Database(s).   Click Next.

      image

      • Give the protection group a name, and choose disk.  Click Next.
      • Choose a retention period that works with your backup strategy, choose the synchronization frequency (transaction log backups) and select a recovery point time for the express full backup.
      • Review the disk allocation.  Click Next.
      • Select to create the initial replica now.  Next.  Choose defaults for the consistency check.
      • Review the summary and create the protection group.

      7.  Protect Hyper-V Virtual Machines

      • Create a New Protection group.  Choose Servers
      • Expand a Hyper-V server or Cluster in the list.
      • Check the box next to virtual machines that you would like to protect.  When you see “Online” this means the backup will be performed with zero interruption to the VM.  Offline means the backup will pause the VM, take a checkpoint (snapshot) of the VM, and then backup that checkpoint.

      image

      • Give the protection group a name, and choose disk.  Click Next.
      • Choose a retention period that works with your backup strategy, choose the synchronization frequency (transaction log backups) and select a recovery point time for the express full backup.
      • Review the disk allocation.  Click Next.

      8.  Protect SharePoint

      • Ensure you have installed a protection agent on at least one Front End server in the farm, and all SQL servers that hosts databases for the SharePoint Farm.
      • On the SharePoint Web Front End server, once you have installed the DPM protection agent, you must run ConfigureSharepoint.exe –EnableSharePointProtection from an elevated powershell.  Provide a sharepoint service account that has full access to sharepoint.  This will configure permissions and the VSS writer for DPM.

      image

      • Create a protection group.  Servers.  Expand your SharePoint Front End server, expand SharePoint, and select your Farm config database.

      image

      • Give your Protection group a name, such as “SharePoint Protection Group”.  Choose Disk protection
      • Select a retention range and a recovery point schedule.  The default is one recovery point per day.  You can select multiple recovery points as frequent as every 30 minutes.
      • Configure disk allocation if needed, choose the create the Replica now, and accept defaults to run consistency checks when inconsistent.  Create the protection group.
      • The search catalog for individual items is a job that runs once per day.  You will need to wait up to 24 hours after your first replica before this catalog will be available to search individual items in the DPM console. 

      9.  Backup DPM with Windows Azure

      • This is covered at http://technet.microsoft.com/library/jj728752.aspx
      • You will want to create a new self-signed certificate using MakeCert.exe.  Details on making the cert are located here:  http://technet.microsoft.com/en-US/library/hh831761.aspx
      • In your Windows Azure account, create a New > Data Services > Recovery Services > Backup Vault
      • Upload your .CER certificate to the vault, so registered servers with the same certs private key can authenticate to this vault.
      • Download and install the Windows Azure Backup agent on the DPM server.
      • Open the DPM console AFTER the WAB agent is installed, select Management, Online.  In the ribbon, choose Register.
      • Browse for your locally installed certificate that you created with MakeCert and imported on the DPM server from a PFX file.
      • Now you will automatically connect and browse Windows Azure valuts that correspond to this certificate.  Select the vault you recently created from the drop down.
      • Choose a Proxy Server if necessary.
      • Set up throttling for your internet traffic.
      • Create a local folder on a volume that has enough space for a staging area for any recoveries.
      • Create an encryption passphrase, and copy this to a safe location.
      • Click Register.

      Validate your protection is working.  Look at protection groups, and view the monitoring jobs and alerts in the console.

      After enough time has passed, you will see new data in the Central (SCOM) Console.  Such as discovered disks, Protection groups, Protected servers, etc.

      image

      10.  Enable End User Self Service Recovery

      • A Schema Extension is required in the Domain in order to use Self Service Recovery.  There is an issue with the Schema Extension tool that ships with DPM 2012 R2, it crashes when trying to run this on my Windows Server 2012 R2 domain controllers.  The workaround is to go get the same tool from the SP1 installation, and use that.  The file is located at C:\Program Files\Microsoft System Center 2012 R2\DPM\DPM\End User Recovery\DPMADSchemaExtension.exe.  You need to deploy a DPM 2012 SP1 server, and get the file from there.  The schema extensions have not changed.  Copy this file to a domain controller and log in with an account that is a Schema Admin with rights to update the AD schema.  Execute the file. 

      **Note – if you have already updated your schema previously for DPM in the past, you don’t need to do this step again.

      image

      • Enter in the DPM server name (NetBIOS name only not FQDN)

      image

      • Next enter in the domain name of the DPM server

      image

      • Leave the third window blank, we will assume we are only using a single domain here.  Just click OK.

      image

      • The update will start when you click OK on the next screen, and will notify you when complete.

      image

      image

      • Now on your DPM server, close, and reopen the console.
      • In the ribbon at the top – click Options.
      • Select the End-user Recovery tab.
      • Now you have the option to enable End User Recovery:

      image

      • Enabling this will cause this popup:

      image

      image

      • Input the Database Server name and instance names.  For a default instance just use Servername.  You must use FQDN:

      image

      • Configure SSR to recover to alternate locations or not.
      • Complete the role creation:

      image

      image

      • Once installed, run the tool, and connect to your DPM server
      • Select “New Recovery Job”
      • The wizard will allow you to see the instances and the databases that you have rights to recover:

      image

      • You can then select a Date and Time that you want to recover from, and specify location, etc.

      image

      Comments
      • Great guide and part about SQL Studio Tools needing be on the DPM server was great since that component check fails when testing the db connection and gives no mention as to where it expected those tools to be loaded.

      • As always with your SC guides - Excellent!

      • Hi Kevin, great post, as usual. Here's my question: now that the SSRS instance can run from another machine that not the SQL where the DB is when DPM DB is clustered, do you know whether sharing an SSRS instance among a primary and a secondary DPM Server would be supported? I tested and it seems to work fine, since a new folder in the SSRS is created for each new DPM that points to it, but I wanted to be sure it is really an approved configuration.

        Thanks,

        Jose

      • Hey Kevin, I'm also having issues when picking a remote instance of SSRS. In the lab, everything works, but in production, there is a network firewall in between the servers. Port 80 is open, I can browse shares on the remote ssrs server from the DPM server, but there is something trying to use a high port that is not specified anywhere in the documentation. The doc here is not very thorough when you're using a SQL cluster, where the RPC can be a different server from the SQL server. So, when it says: "•Enable remote procedure calls (RPC) on the computer on which SQL Server is installed.", does this mean that all RPC communication needs to be in place? Then regular 1433 won't do it.

        And in the real world, getting ports open between networks can take days...

        Any help is appreciated.

      • Now that I'm past the firewall restrictions, DPM doesn't seem to like my production cluster. It says it is not clustered. I can log on to FOCM, I can connect to the DB, but DPM doesn't like it.

        No reference to the error anywhere.

        Stay tuned...

      • Mistery solved: if you don't have SQL Client tools installed, the setup program deals with the lack of it as proof that you're not running on a cluster. I figured it by looking at the DPMLog file:

        * Exception :  => System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.SqlServer.Smo, Ve

        After installing the SQL Management tools, setup went through.

        Thank you,

      • Kevin, not sure you have seen this or whether you can ask somebody. I'm trying to configure DPM for SMTP notification. Nothing easier than that...you would think. Since I have 3 DPM servers, whose DBs are in a cluster and their SSRS instances are, hence, remote, when I try to save the SMTP info, it complains it can't save the info in the SSRS server. The error message, though, tells me to go to the SQL instance server (not the SSRS) and do the config, which really seems to assume, as it was before, that both should always be together.

        One way or another, it doesn't seem to work. It is also funny that I have to have authentication set. I have tried some workarounds deleting registry keys, but it will send the notifications tests but will fail the actual notifications.

      • Thanks for this guide !!!!!!!!!!!

      • Hi There, I've been banging my head against the wall whilst trying to resolve this installation error from DPM2012 R2. My Test Lab setup: ================== 2 Servers - WS2012 R2 (VMs) 1 of them : Remote SQL Server (SQL Server 2012 Ent + sp1) Domain User account for DPM installation has Local Admin rights on both Servers + SysAdmin rights on the Remote SQL Server. I have also been able to test login in to the Remote SQL Server from the DPM Server; and I have been able to create a test table in Target DB, even though it seems that the errors are permissions related Below are the error messages that I have been receiving ======================================================= *** Error : Setup cannot grant the Test.local\SuperTech account access to the DPM database. Verify that SQL Server is properly installed and that it is running. ID: 832 More from logs ============== [17/02/2014 22:43:36] Data : instanceName = 2013-FARM-PLUS3\DPM [17/02/2014 22:43:36] Information : Grant permissions on database [17/02/2014 22:43:36] Data : Database connection string = Integrated Security=SSPI;server=2013-FARM-PLUS3\DPM;Pooling=false;database=DPMDB_2013_FARM_PLUS2;Pooling=false [17/02/2014 22:43:36] Data : Account name = LoginName: Test.local\SuperTech MakeDBAdmin: False [17/02/2014 22:43:36] *** Error : SqlException in CreateSqlLoginAndGrantDBAccess [17/02/2014 22:43:36] * Exception : => System.Data.SqlClient.SqlException (0x80131904): Windows NT user or group 'Test.local\SuperTech' not found. Check the name again. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) and more ======== [17/02/2014 22:43:36] * Exception : => Setup cannot grant the Test.local\SuperTech account access to the DPM database.Verify that SQL Server is properly installed and that it is running.Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.BackEndErrorException: exception ---> Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.DatabaseConfigurationException: exception ---> System.Data.SqlClient.SqlException: Windows NT user or group 'Test.local\SuperTech' not found. Check the name again. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) ---------------------------- I have also saved the whole of the error log and can email it if required. Any help to resolve this issue will be greatly appreciated.

      • Hi There, I've been banging my head against the wall whilst trying to resolve this installation error from DPM2012 R2. My Test Lab setup: ================== 2 Servers - WS2012 R2 (VMs) 1 of them : Remote SQL Server (SQL Server 2012 Ent + sp1) Domain User account for DPM installation has Local Admin rights on both Servers + SysAdmin rights on the Remote SQL Server. I have also been able to test login in to the Remote SQL Server from the DPM Server; and I have been able to create a test table in Target DB, even though it seems that the errors are permissions related Below are the error messages that I have been receiving ======================================================= *** Error : Setup cannot grant the Test.local\SuperTech account access to the DPM database. Verify that SQL Server is properly installed and that it is running. ID: 832 More from logs ============== [17/02/2014 22:43:36] Data : instanceName = 2013-FARM-PLUS3\DPM [17/02/2014 22:43:36] Information : Grant permissions on database [17/02/2014 22:43:36] Data : Database connection string = Integrated Security=SSPI;server=2013-FARM-PLUS3\DPM;Pooling=false;database=DPMDB_2013_FARM_PLUS2;Pooling=false [17/02/2014 22:43:36] Data : Account name = LoginName: Test.local\SuperTech MakeDBAdmin: False [17/02/2014 22:43:36] *** Error : SqlException in CreateSqlLoginAndGrantDBAccess [17/02/2014 22:43:36] * Exception : => System.Data.SqlClient.SqlException (0x80131904): Windows NT user or group 'Test.local\SuperTech' not found. Check the name again. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) and more ======== [17/02/2014 22:43:36] * Exception : => Setup cannot grant the Test.local\SuperTech account access to the DPM database.Verify that SQL Server is properly installed and that it is running.Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.BackEndErrorException: exception ---> Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.DatabaseConfigurationException: exception ---> System.Data.SqlClient.SqlException: Windows NT user or group 'Test.local\SuperTech' not found. Check the name again. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) ---------------------------- I have also saved the whole of the error log and can email it if required. Any help to resolve this issue will be greatly appreciated.

      • Hi there, Ganafri5, Have you had any success? I have the exact same issue

      • Ganafri5, I found the solution. (Well mine at least) Up in the Error log I noticed it complained that it could not find my account on the SQL server. We have completely different Pre-Windows 2000 Domain Name and FQDN. eg. Pre2000 in NETWORK and FQDN is company.com. You have to use Pre-2000 domain names everywhere in your setup/install procedures.

      • Eugene, I wasn't able to rectify the error message. I opted to go for the easier route of installing DPM on a locally installed SQL Server instance instead. I will try it again at some point.

      • Additional Info: DPM Self Service Recovery - Installation step

        I was not able to install this from the DPM2012 R2 iso on a Windows8 Pro client.

        I kept on getting the same error:

        "Windows installer - Not enough storage is available to process this command."

        This was despite having enough space at my disposal and the Windows Installer (Service) activated.

        ## Workaround: Install DPM Self Service Recovery from DPM2012 SP1 iso instead, works like a charm.



        Thanks for this guide Kevin, much appreciated.

      • "Install the Central Console" section, what if I don't have a SCOM server in the lab environment? Is this the same procedure?

      Your comment has been posted.   Close
      Thank you, your comment requires moderation so it may take a while to appear.   Close
      Leave a Comment
      Search Blogs