How to troubleshoot Data Protection Manager 2007 Protection Agent installation failures (Error ID: 370)
Agent operation failed.
- Error ID: 7:Unable to connect to the Active Directory Domain Services database. Make sure that the DPM server is a member of a domain and that a domain controller is running. Also verify that there is network connectivity between the DPM server and the domain controller
Details: The specified directory service attribute or value does not exist (0x8007200A)
- Error ID: 277: Could not connect to the service control manager on FQDN_Server_Name. (ID: 277)
1) Make sure that FQDN_Server_Name is online and remotely available from the DPM server.
2) If a firewall is enabled on FQDN_Server_Name, make sure that it is not blocking requests from the DPM server.
- Error ID: 302: The protection agent operation failed because it could not access the protection agent on server %FQDN_of_Production_Server%. The server %FQDN_of_Production_Server% may be running DPM, or the DPM protection agent may have been installed by another DPM computer. (ID: 302)
- Error ID: 313: DPM 2007 can successfully deploy agents to member servers in a Windows Server 2003 domain. However, you cannot deploy an agent to any other domain controller. Installation reaches 90% and then fails with this error: Install protection agent on computername failed. Error 313: The agent operation failed because an error occurred while running the installation program on computername. Error details: Fatal error during installation [0x80070643].
- Error ID: 326: The protection agent operation failed because access was denied to the Servername DPM server. (ID: 326)
- Error ID: 337: Data Protection Manager Error ID: 337
You cannot install the protection agent on targetserver because access to the computer has been denied.
- Error ID: 7: This error occurs when the target server is in a different organizational unit in Active Directory, and authenticated users do not have read access to this organizational unit. Therefore, the DPM service account cannot find the server in Active Directory.
- Error ID: 277: This error occurs when Network DTC access is disabled.
- Error ID: 302 and Error ID: 337: These errors occur when the Service Principal Names (SPNs) for the server are not consistent in Active Directory. The agent installation may use the incorrect information to complete the installation and connection. This problem can cause many symptoms.
- Error ID: 313: This error occurs when the DPM agent setup wizard does not have sufficient permissions to write files to a directory or to a registry subkey. You may also receive this error when there was a failed DPM agent installation on this or other domain controllers within the domain.
- Error ID: 326: This error occurs when a dialog box appears on the destination server where you are installing the DPM agent. This dialog box is only visible from the console of that server. This dialog box requires manual interaction to acknowledge and close the dialog box. This dialog box is only visible from the console of that server. Until this dialog box is closed, you cannot deploy the DPM agent to this server.
Resolution for Error ID: 7To resolve this error, change the Authenticated Users group so that it has read permissions for the organizational unit that the target server is a member of. To do this, follow these steps:
- On the domain controller, open the Active Directory Users and Computers MMC.
- Right-click the organizational unit that contains the target server, and then click Properties.
- On the Security tab, add the Authenticated Users group and give them READ permissions.
- Redeploy the DPM protection agent to the protected server.
Resolution for Error ID: 277To resolve this issue, follow the steps in Microsoft Knowledge Base article 817064, and then redeploy the DPM agent to both cluster nodes.
Resolution for Error ID: 302 and Error ID: 337To resolve this issue, run the SetSPN tool and check the Service Principal Names for the server that you cannot push the agent to.
NoteFor more information about how to obtain the latest version of the SetSPN tool, click the following article number to view the article in the Microsoft Knowledge Base:
- Log on as a Domain Administrator.
- At a command prompt, type the following command, and then press ENTER:setspn -L ServernameNote In this command, the placeholder Servername represents the target server that you cannot deploy the DPM agent to.
The resulting output should resemble the following:
~~~~~~~~~~~~~~~~~~~~~~~~~Registered ServicePrincipalNames for CN=TARGETSERVER,OU=Member Servers,DC=<Servername>,DC=com:SMTPSVC/targetserver.<Servername>NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/targetserver.<Servername>HOST/targetserver.www.<Incorrect_Servername>/Incorrect_ServernameHOST/targetserver.www.<Incorrect_Servername>exchangeMDB/targetserver.www.<Incorrect_Servername>SMTPSVC/targetserver.www.<Incorrect_Servername>HOST/targetserver.www.<Incorrect_Servername> /www.<Incorrect_Servername>exchangeRFR/targetserver.www.<Incorrect_Servername>exchangeRFR/targetserver.<Servername>exchangeMDB/targetserver.<Servername>exchangeRFR/TARGETSERVERexchangeMDB/TARGETSERVERSMTPSVC/TARGETSERVERHOST/TARGETSERVER~~~~~~~~~~~~~~~~~~~~~~~~~~Notice that all the "HOST/" SPNs entries that are listed in the output indicate that the primary DNS is set to Incorrect_Servername, not Servername. When the agent is being deployed, the DPM server is resolving the name TARGETSERVER.SERVERNAME, and this is what is being used to build the SPN that it is being requested at the time of agent deployment. However, because the SPNs that are registered for targetserver are for www.Incorrect_Servername, the Kerberos connection attempt fails, and an attempt is made to establish an anonymous connection. This may results in an event ID 6033 logged on the Exchange server.
- Verify that there are no duplicate SPNs of the target server. At a command prompt, type the following command, and then press ENTER:setspn -XExamine the output for any duplicates of the desired SPN for the target server.
- To make sure that the Host SPNs are registered correctly, type the following commands at a command prompt. Press ENTER after each command.setspn -a HOST/targetserver.Servername targetserver
setspn -a HOST/targetserver targetserver
- Replicate the changes throughout Active Directory.
- Redeploy the DPM protection agent to the affected servers.
Resolution for Error ID: 313To resolve this issue, use one of the following methods.
Method 1To troubleshoot the permissions issue, examine the Msdpm installation log file that is located on the client computer in the following folder:
Method 2If there was a previous failed attempt to install the agent to this domain controller or to another domain controller, please verify and delete any entries in the Users container of the Active Directory Users and Computers tool that resemble the following:
Resolution for Error ID: 326To resolve this issue, log on to a console session on the destination server and then manually acknowledge the dialog box after you retry to install the DPM agent.
Article ID: 978900 - Last Review: 03/10/2010 20:07:02 - Revision: 1.0
- kbdeployment kbinstallation kbtshoot kbexpertiseadvanced kbsurveynew kbprb KB978900