System Center 2012 Data Protection Manager agent installation fails with error 319

Symptoms
When you install the Microsoft System Center 2012 Data Protection Manager (DPM 2012) agent on a destination computer, the installation fails and you receive the following error message: 

Install protection agent on name.domain.com failed:
Error 319: The agent operation failed because of a communication error with the DPM Agent Coordinator service on name.domain.com.
Error details: The RPC server is unavailable (0x800706BA)
Recommended action: 1) Verify that name.domain.com is remotely accessible from the DPM server.
2) If a firewall is enabled on name.domain.com, make sure that it is not blocking requests from the DPM server. Refer to the DPM Deployment Guide for more information on configuring the firewall for DPM.

Additionally, the DPM-Alerts event log displays the following event:

Log Name: DPM Alerts
Source: DPM-EM
Date: <date>
Event ID: 370
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: name.domain.com
Description:

Agent operation failed. (ID: 370)
The agent operation failed because of a communication error with the DPM Agent Coordinator service on name.domain.com. (ID: 319)

Cause
This issue occurs because the Windows Firewall on the destination computer blocks Dpmac.exe from accepting incoming network connections.
Resolution
To resolve this issue use one of the following methods: 
  1. Temporarily disable the Windows Firewall on the destination computer when you deploy the agent. After the installation is complete, you can re-enable the Windows Firewall.
  2. If you cannot disable the firewall, or if you have many servers and do not want to edit each server individually, you can add firewall rules that will enable the incoming network connections that are required for the DPM agent installation process. The main benefit of this method is that you can automate the process by using the following commands. You can script the solution and then deploy it by using GPO or another method.

    These commands must be run from an elevated command prompt (Run As Administrator) and should be run on all target computers that have the firewall enabled.

    Note DPM version information has to reflect your current DPM installation version. A sample path follows. (Replace <DPMVersion> with the correct DPM major version number in the form x.x.xxxx.x.)
    DPM 2010: version 3.0.7696.0
    DPM 2012: version 4.0.1908.0
    DPM 2012 SP1: version 4.1.3313.0
    DPM 2012 R2: version 4.2.1205.0

    The following initial command should enable the agent to be installed: 
    Netsh advfirewall firewall add rule name = "dpmac" dir=in program="C:\Program Files\Microsoft Data Protection Manager\DPM\ProtectionAgents\AC\<DPMVersion>\dpmac.exe" action=allow

    If this command does not enable the agent installation to succeed, add the following additional rules:
    Netsh advfirewall firewall add rule name="Microsoft System Center 2012 R2 Data Protection Manager Replication Agent" dir=in program="C:\Program files\Microsoft Data Protection Manager\DPM\bin\dpmra.exe" profile=Any action=allow

    Netsh advfirewall firewall add rule name="Microsoft System Center 2012 R2 Data Protection Manager DCOM setting" dir=in action=allow protocol=TCP localport=135 profile=Any

    Netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=yes

    Netsh advfirewall firewall add rule name="DPMAM_WCF_SERVICE" dir=in program="C:\Microsoft Data Protection Manager\DPM\bin\AMSvcHost.exe" profile=Any action=allow

    Netsh advfirewall firewall add rule name="DPMAM_WCF_PORT" dir=in action=allow protocol=TCP localport=6075 profile=Any
More information
The following ports are required for the DPM agent installation. Again, be aware that the version may change.
ProtocolLocal portProgram path
TCP 5719 %ProgramFiles%\Microsoft Data Protection Manager\DPMAC\bin\dpmac.exe
TCP RPC Dynamic %ProgramFiles%\Microsoft Data Protection Manager\DPMAC\bin\dpmac.exe
TCP 5719 %ProgramFiles%\Microsoft Data Protection Manager\DPM\ProtectionAgents\AC\3.0.7696.0\dpmac.exe
TCP RPC Dynamic %ProgramFiles%\Microsoft Data Protection Manager\DPM\ProtectionAgents\AC\3.0.7696.0\dpmac.exe
TCP 5718 %ProgramFiles%\Microsoft Data Protection Manager\DPM\bin\DPMRA.exe
TCP RPC Dynamic %ProgramFiles%\Microsoft Data Protection Manager\DPM\bin\DPMRA.exe
For a list of all required ports that are used for DPM, go to the following Microsoft website: See also the following Microsoft blog post:
Enabling Windows Firewall logging (default location: %windir%\System32\LogFiles\Firewall) may list no blocked packets. However, you will notice the following event:

The Microsoft Windows Firewall event logs contains the following event.
Log Name: Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
Source: Microsoft-Windows-Windows Firewall With Advanced Security
Date: <date>
Event ID: 2011
Task Category: None
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: name.domain.com
Description:
Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Reason: Inbound notifications are not enabled
Application Path: C:\windows\microsoft data protection manager\dpm\protectionagents\ac\4.0.1617.0\dpmac.exe
IP Version: IPv6
Protocol: TCP
Port: 5719
Process Id: 3740
User: SYSTEM


Note In some instances, the initial attempt to push the agent to the protected server will fail with the following error, and successive installations will fail with the 319 error:

Install protection agent on name.domain.com failed:
Error 347: An error occurred when the agent operation attempted to create the DPM Agent Coordinator service on name.domain.com.
Error details: Security must be initialized before any interfaces are marshalled or unmarshalled. It cannot be changed one initialized.
Recommended action: Verify that the Agent Coordinator service on name.domain.com is responding, if it is present. Review the error details, take the appropriate action, and then retry the agent operation.
DPM 2012 R2
Properties

Article ID: 2981833 - Last Review: 07/07/2014 16:07:00 - Revision: 1.0

Microsoft System Center 2012 Data Protection Manager

  • KB2981833
Feedback