Deploying Microsoft Data Protection Manager 2007

Microsoft Data Protection Manager 2007 (referred to as DPM) is part of the System Center collection of products from Microsoft.

DPM is agent based, and monitors changes on servers and keeps a copy of those changes available for a restore in the case of a disaster or deleted data.

It utilises Volume Shadow Services (VSS) and you have the option of storing the snapshots to disk (on the DPM server) or to a tape library.

I’m going to be talking specifically about the disk-based backups in this article, rather than tape backups. It is important to note that a seperate dynamic disk is required for DPM, which I’ll talk more about a bit later on.

Firstly you’ll need to get a server up and running for installing DPM on – I’ve installed mine on a Windows Server 2008, but Windows Server 2003 is obviously support also.

There are a few prerequisites for installing DPM, which the installer will let you know of if your system doesn’t comply. You can read up on these prerequisites here, if you’d prefer to before starting the installation.

Installing the DPM Server software is pretty straight forward – If there are any issues, they’re usually pretty clear on what needs to be done to finish the install successfully (such as missing prerequisites, etc.), although there are two things you’ll want to do after the installation…

  • If you’ve installed DPM on Windows Server 2008, you’ll probably have issues viewing the reporting tab, because of an “IIS connectivity issue” – I did a little bit of research and found that there is a bug with x64 (as far as I can tell, it doesn’t affect x86, but this could just be a lack of information out there) where the Reporting Services virtual directory in IIS doesn’t have script permissions, so you’ll need to set that (you can see the blog where I found this, here);
  • After DPM has been installed, you should install the DPM 2007 rollup update KB949779 which contains the latest features, and updated agent versions with greater feature support

Once you have the server software installed, you’ll need to add your disk, and you’ll need to deploy your agents to the machines you want to protect.

  1. To add your disk, click on the Management button across the top ribbon, and then click on the Disks tab;
  2. In the action menu on the right hand side, click on Add…
  3. The available disks are on the right hand side – If there are no disks in this list, then you don’t have a disk which is supported (if you’re looking to trial DPM in a non-production environment, I have a workaround you might like to try which I discuss at the end of this article);
  4. Add the disk you’d like and click OK – You’ll likely get a prompt that the disk needs to be converted to a dynamic disk in order for it to be utilised by DPM (unless it was already dynamic);
  5. When your settings are saved, you should see that the disk is available.

Now you need to deploy the agents out to the machines you want to protect.

  1. Click on the Agents tab (still under the Management button);
  2. In the action menu on the right hand side, click on Install…
  3. Select the machines and volumes you’d like to protect and follow the deployment wizard – Note: You should only select ONE domain controller the first time you deploy a DPM agent, as it will create DPM groups in Active Directory (in the absense of local groups). If you add more than one domain controller, you’ll likely get duplicate groups created and all sorts of issues;
  4. When you deploy agents, a few prerequisites are checked to make sure that the agent can be installed successfully. If any hotfixes or components are missing, they generally have to be installed manually before you can go back and try to deploy the agent again;
  5. Once the agents are deployed, they’ll need a reboot. You can do this as part of the deployment, or you can do it manually, but they will not appear as “OK” until this happens;
  6. You will also need to install Microsoft Hotfix KB940349 for DPM to be able to use VSS in the way required on each of the protect machines (not required for Windows Vista or Windows Server 2008);
  7. For Windows Server 2008 server, you need to install the Windows Server Backup feature to be able to back up the system state and you’ll need to install KB949779 on the DPM servers – You can install Windows Server Backup from the command line easily by running start /w ocsetup WindowsServerBackup (it’s case sensitive!);
  8. When all of the machines are rebooted, they should appear in DPM as “OK” under Agent Status and you should then be able to add them to a Protection Group.

If you’re deploying to Domain Controllers, you may run in to some issues with deploying them remotely. The issue I had was that it reported I didn’t have access to the ADMIN$ share on the Domain Controller I tried to deploy to, which I did. This can be caused if the time is not synchronised, but I ruled that out almost immediately. Some other issues you may have is with the replication of the groups, as some groups are created by DPM for managing access to the remote servers, and if these are created on more than one DC simultaneously, the objects will conflict on next replication cycle and you’ll have a whole bunch of duplicated groups.

The steps I followed were…

  1. In Active Directory, open the “Distributed COM Users” group under the “Builtin” container;
  2. Add the DPM server’s computer account to this group;
  3. Under the “Users” container, create two domain local security groups called “DPMRADCOMTrustedMachines” and “DPMRADmTrustedMachines”;
  4. Again, add the DPM server’s computer account to these groups;
  5. Run repadmin /syncall from the DC where you created the above groups (repadmin.exe is part of the Windows 2003 Support Tools) to force AD replication between it’s partners;
  6. On the DC, map a drive to the DPM server (such as X:);
  7. Open up the command prompt, and navigate to X:\Program Files\Microsoft DPM\DPM\Agents\RA\<version>\<arch> (where version is the agent version (just do a dir to see what’s available) and where “arch” is the architecture your system is running, such as x86, x64 etc.);
  8. Run DPMAgentServer.exe <DPMServer.Domain>;
  9. This will manually install the DPM agent on the DC;
  10. Back on the DPM server, try deploying the agent to the DC where you just manually installed the agent – It should see that an agent is already installed, and configure it correctly to bring it in to your managed agents. If you get an error, try restarting the DC before trying again;
  11. If you are successful, you’ll see the DC added as an agent, and it will say that a reboot is required;
  12. Reboot the DC and then refresh the agent info when it comes back.

You only have to perform these steps on the first DC you deploy the agent to – The remaining DCs you should be able to deploy to from the DPM console, but if you have trouble with a particular DC, you can try running through steps 6 – 12 on that particular DC.

When you have your agents deployed to the servers you want to protect, you can create a “Protection Group” which is available under the Protection button in the DPM console.

When you click on this button, you can select “Create protection group” from the right hand action menu and then just follow the wizard to create your protection group. The wizard is pretty self explanatory. I’m not going in to the details of protection groups in this article, so you’re out of luck if this is why you were reading, sorry.

I mentioned earlier that DPM requires a seperate dynamic disk for storing the snapshot data on. This is because it creates multiple logical volumes to organise the data. If you don’t have a supported disk, there is a low performance way around it, which is really only suitable for evaluation rather than a production solution.

The steps are…

  1. Create a blank VHD (Virtual Hard Disk) file using a Microsoft virtual product such as Hyper-V, Virtual Server, Virtual PC or a third party tool;
  2. Copy this VHD to a location on the disk you want to use with DPM;
  3. If you are using Windows Server 2003, you can use the VHDMount tool to mount the VHD file, and it will appear as a physical disk in Computer Management, which you can format and convert to a dynamic disk. If you are using Windows Server 2008, you can use a script which you can find here.

You can even do this on a USB or Firewire disk if you wanted to, which you normally wouldn’t be able to convert to a dynamic disk. You should also be aware that on restart, the VHD will be unmounted.

EDIT: As per Bill Ives’ comments on this topic (below), it appears that at least in some circumstances when running Windows Server 2003 and using the VHDMount utility, the disk will try to initialise every time it is unmounted, and then re-mounted, causing data loss. You should ensure that you test this in your environment to determine the behaviour of your VHD, before relying on it for restore. I’ll also re-iterate that using a VHD file should not be a method that you use in a production environment.

16 thoughts on “Deploying Microsoft Data Protection Manager 2007”

  1. Hi Mat,
    This is a really useful article – thanks. I’m a DPM 2007 newbie and having a small tech problem. DPM Svr installed all OK but first agent is erroring on the server with:

    Data Protection Manager Error ID:270

    I’ve been trawling the web for help but no joy. I’ve manually installed the agent on the production svr and all OK (once I’d logged in as a domain account with admin rights on this machine). Also successfully added the production svr in the Management Shell on the DPM Svr using the “Attach-ProductionServer” powershell script. Any thoughts? I was wondering whether the fact we’re still using a W2K native domain could be a cause?


  2. Hi Rich, thanks for posting!

    It’s possible that this is a permissions issue. I’ve seen this before when using group policy to set the local Administrators group on the production servers.

    Are you using group policy to manage the local Administrators membership on your production servers? If you are, it’s possible that the DPM server doesn’t have rights, in which case you should make sure that the DPM server machine account has administrative rights over the production server(s).

    Regarding the domain functionality level, as far as I know this shouldn’t cause any problems, but I’m prepared to stand corrected. 🙂

    I’d be interested to know how you get on.

  3. Thanks Matt , I particulary interested in the external HDD, I need a temp solution and done as per your post on a USB external HDD with a vhd but on reboot it is unmounted , but if i try to remount disk managment wants to initialise disk again , if doing so of course everything gone, am I doing something wrong in the mount procedure or is this standard??

  4. It’s normal for the VHD to unmount on reboot, but maybe you could try manually unmounting it before restarting, and then manually mounting when it starts back up.

    Of course, you’d want to script this so that it happens automatically, but I’d suggest doing this manually first to make sure it works.

    If you still have problems, let me know and I’ll see if I can reproduce in my environment.

  5. Yeah thats what I have tried , a manual unmount , but when I remount and open Disk managment it asks to initialise it again , maybe its the way I have created it, I have a 2TB usb, copied a 1800GB vhd onto it, mounted it from server 2003 using vhdmount, then open Disk Mangment, its asks to initialise it, I say ok. I go into DPM add disk , set Protection group its all happy. So how should I unmount it? If I run the vhdmount command /u /c f:vhd_name.vhd is all I do, if I remount with a /m f:vhd_name.vhd, the DPM doesn’t see it , so if I open Disk Man again it asks to Initialise disk??

  6. Hey Matt, Did you try this, seems on unmount it doesn’t remember it as a Dynamic disk so on remount it wants to iniatilise it again to make it Dynamic??

  7. Hi Bill,

    Sorry I haven’t had a chance to try this yet. I’m at TechEd until the end of the week, so I will try some time this weekend and let you know.

  8. Hi Bill,

    I’ve tested it out on a spare server here, and it’s not giving me the same problems you’re having.

    To confirm, I’m creating a VHD file using Hyper-V manager, using the script from MSDN ( to mount it, online it and convert it to dynamic via the Computer Management snap in, created some data on it, unmounted it using the MSDN script ( and then repeated the process.

    I needed to online the disk again, but it didn’t require initialisation and my data was still intact.

  9. Cheers Matt , I will go thru it in the steps you stated and see if I can get it goin…Thanks again for your reply as I obviously I ‘m doin something wrong.

  10. The script you mention , is it supported on 2K3 server, it states….Minimum supported server Windows Server 2008, I am running DPM on serve 2003 ??

  11. The script makes use of the \.rootVirtualization WMI namespace, which I do not believe exists in Windows Server 2003.

    In this case, the script should operate at all, which means that you wouldn’t even be able to mount the .vhd file.

  12. This probably why I have an issue, I can mount a vhd with Virtual server VHD Mount and its works , DPM can use it etc, its the unmount , which it does, but on mounting it again it wants to iniatlise it again, so data go caput. So would I be right in assuming it appears you need your DPM on a 2008 server to really be able to utilise this trick ??

    1. That would definitely make sense.

      In that case, I will update this post to reflect that this is only valid for Windows Server 2008 and above. I’m sorry I couldn’t give you anything more useful.

Leave a Reply

Your email address will not be published. Required fields are marked *