When you install the Microsoft System Center 2012 Data Protection Manager (DPM 2012) agent on a destination computer, the installation fails and you receive the following error message:
Install protection agent on name.domain.com failed: Error 319: The agent operation failed because of a communication error with the DPM Agent Coordinator service on name.domain.com. Error details: The RPC server is unavailable (0x800706BA) Recommended action: 1) Verify that name.domain.com is remotely accessible from the DPM server. 2) If a firewall is enabled on name.domain.com, make sure that it is not blocking requests from the DPM server. Refer to the DPM Deployment Guide for more information on configuring the firewall for DPM.
Additionally, the DPM-Alerts event log displays the following event:
Agent operation failed. (ID: 370) The agent operation failed because of a communication error with the DPM Agent Coordinator service on name.domain.com. (ID: 319)
This issue occurs because the Windows Firewall on the destination computer blocks Dpmac.exe from accepting incoming network connections.
To resolve this issue use one of the following methods:
Temporarily disable the Windows Firewall on the destination computer when you deploy the agent. After the installation is complete, you can re-enable the Windows Firewall.
If you cannot disable the firewall, or if you have many servers and do not want to edit each server individually, you can add firewall rules that will enable the incoming network connections that are required for the DPM agent installation process. The main benefit of this method is that you can automate the process by using the following commands. You can script the solution and then deploy it by using GPO or another method.
These commands must be run from an elevated command prompt (Run As Administrator) and should be run on all target computers that have the firewall enabled.
Note DPM version information has to reflect your current DPM installation version. A sample path follows. (Replace <DPMVersion> with the correct DPM major version number in the form x.x.xxxx.x.)
DPM 2010: version 3.0.7696.0 DPM 2012: version 4.0.1908.0 DPM 2012 SP1: version 4.1.3313.0 DPM 2012 R2: version 4.2.1205.0
The following initial command should enable the agent to be installed:
Netsh advfirewall firewall add rule name = "dpmac" dir=in program="C:\Program Files\Microsoft Data Protection Manager\DPM\ProtectionAgents\AC\<DPMVersion>\dpmac.exe" action=allow
If this command does not enable the agent installation to succeed, add the following additional rules:
Netsh advfirewall firewall add rule name="Microsoft System Center 2012 R2 Data Protection Manager Replication Agent" dir=in program="C:\Program files\Microsoft Data Protection Manager\DPM\bin\dpmra.exe" profile=Any action=allow
Netsh advfirewall firewall add rule name="Microsoft System Center 2012 R2 Data Protection Manager DCOM setting" dir=in action=allow protocol=TCP localport=135 profile=Any
Netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=yes
Enabling Windows Firewall logging (default location: %windir%\System32\LogFiles\Firewall) may list no blocked packets. However, you will notice the following event:
The Microsoft Windows Firewall event logs contains the following event. Log Name: Microsoft-Windows-Windows Firewall With Advanced Security/Firewall Source: Microsoft-Windows-Windows Firewall With Advanced Security Date: <date> Event ID: 2011 Task Category: None Level: Information Keywords: User: LOCAL SERVICE Computer: name.domain.com Description: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
Reason: Inbound notifications are not enabled Application Path: C:\windows\microsoft data protection manager\dpm\protectionagents\ac\4.0.1617.0\dpmac.exe IP Version: IPv6 Protocol: TCP Port: 5719 Process Id: 3740 User: SYSTEM
Note In some instances, the initial attempt to push the agent to the protected server will fail with the following error, and successive installations will fail with the 319 error:
Install protection agent on name.domain.com failed: Error 347: An error occurred when the agent operation attempted to create the DPM Agent Coordinator service on name.domain.com. Error details: Security must be initialized before any interfaces are marshalled or unmarshalled. It cannot be changed one initialized. Recommended action: Verify that the Agent Coordinator service on name.domain.com is responding, if it is present. Review the error details, take the appropriate action, and then retry the agent operation.