System Center 2012 Data Protection Manager agent installation fails with error 319
Error 319: The agent operation failed because of a communication error with the DPM Agent Coordinator service on name.domain.com.
Error details: The RPC server is unavailable (0x800706BA)
Recommended action: 1) Verify that name.domain.com is remotely accessible from the DPM server.
2) If a firewall is enabled on name.domain.com, make sure that it is not blocking requests from the DPM server. Refer to the DPM Deployment Guide for more information on configuring the firewall for DPM.
Additionally, the DPM-Alerts event log displays the following event:
Log Name: DPM Alerts
Event ID: 370
Task Category: None
Agent operation failed. (ID: 370)
The agent operation failed because of a communication error with the DPM Agent Coordinator service on name.domain.com. (ID: 319)
- Temporarily disable the Windows Firewall on the destination computer when you deploy the agent. After the installation is complete, you can re-enable the Windows Firewall.
- If you cannot disable the firewall, or if you have many servers and do not want to edit each server individually, you can add firewall rules that will enable the incoming network connections that are required for the DPM agent installation process. The main benefit of this method is that you can automate the process by using the following commands. You can script the solution and then deploy it by using GPO or another method.
These commands must be run from an elevated command prompt (Run As Administrator) and should be run on all target computers that have the firewall enabled.
Note DPM version information has to reflect your current DPM installation version. A sample path follows. (Replace <DPMVersion> with the correct DPM major version number in the form x.x.xxxx.x.)DPM 2010: version 3.0.7696.0
DPM 2012: version 4.0.1908.0
DPM 2012 SP1: version 4.1.3313.0
DPM 2012 R2: version 4.2.1205.0
The following initial command should enable the agent to be installed:Netsh advfirewall firewall add rule name = "dpmac" dir=in program="C:\Program Files\Microsoft Data Protection Manager\DPM\ProtectionAgents\AC\<DPMVersion>\dpmac.exe" action=allow
If this command does not enable the agent installation to succeed, add the following additional rules:Netsh advfirewall firewall add rule name="Microsoft System Center 2012 R2 Data Protection Manager Replication Agent" dir=in program="C:\Program files\Microsoft Data Protection Manager\DPM\bin\dpmra.exe" profile=Any action=allow
Netsh advfirewall firewall add rule name="Microsoft System Center 2012 R2 Data Protection Manager DCOM setting" dir=in action=allow protocol=TCP localport=135 profile=Any
Netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=yes
Netsh advfirewall firewall add rule name="DPMAM_WCF_SERVICE" dir=in program="C:\Microsoft Data Protection Manager\DPM\bin\AMSvcHost.exe" profile=Any action=allow
Netsh advfirewall firewall add rule name="DPMAM_WCF_PORT" dir=in action=allow protocol=TCP localport=6075 profile=Any
|Protocol||Local port||Program path|
|TCP||5719||%ProgramFiles%\Microsoft Data Protection Manager\DPMAC\bin\dpmac.exe|
|TCP||RPC Dynamic||%ProgramFiles%\Microsoft Data Protection Manager\DPMAC\bin\dpmac.exe|
|TCP||5719||%ProgramFiles%\Microsoft Data Protection Manager\DPM\ProtectionAgents\AC\3.0.7696.0\dpmac.exe|
|TCP||RPC Dynamic||%ProgramFiles%\Microsoft Data Protection Manager\DPM\ProtectionAgents\AC\3.0.7696.0\dpmac.exe|
|TCP||5718||%ProgramFiles%\Microsoft Data Protection Manager\DPM\bin\DPMRA.exe|
|TCP||RPC Dynamic||%ProgramFiles%\Microsoft Data Protection Manager\DPM\bin\DPMRA.exe|
Enabling Windows Firewall logging (default location: %windir%\System32\LogFiles\Firewall) may list no blocked packets. However, you will notice the following event:
The Microsoft Windows Firewall event logs contains the following event.
Log Name: Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
Source: Microsoft-Windows-Windows Firewall With Advanced Security
Event ID: 2011
Task Category: None
User: LOCAL SERVICE
Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
Reason: Inbound notifications are not enabled
Application Path: C:\windows\microsoft data protection manager\dpm\protectionagents\ac\4.0.1617.0\dpmac.exe
IP Version: IPv6
Process Id: 3740
Note In some instances, the initial attempt to push the agent to the protected server will fail with the following error, and successive installations will fail with the 319 error:
Error 347: An error occurred when the agent operation attempted to create the DPM Agent Coordinator service on name.domain.com.
Error details: Security must be initialized before any interfaces are marshalled or unmarshalled. It cannot be changed one initialized.
Recommended action: Verify that the Agent Coordinator service on name.domain.com is responding, if it is present. Review the error details, take the appropriate action, and then retry the agent operation.
Article ID: 2981833 - Last Review: 07/07/2014 16:07:00 - Revision: 1.0