[Fixed] Agent Not Reachable in DPM 2012 R2, Untrused Domain, WorkGroup Backup

Here we are going to show a way to fix the error or warning message ‘Agent Not Reachable’ in DPM 2012 R2 which prevents backing up guest virtual machines on Windows 2012 R2 Hyper-V. This will be applicable for physical servers too. The backup of Windows server/computer will stop when the DPM server lose the connectivity, access or user rights to make necessary actions on the protected computer. There are few things you need to check  when you get ‘Agent Not Reachable’ warning in Data Protection Manager (DPM) 2012 R2, but this post specifically solves the problem when you have local user authentication to do backup in different domain (untrusted) or workgroup setup.

Usually when the DPM 2012 R2 console shows ‘Agent Not Reachable’ warning message and backup and synchronization do not happen, you need to check below points,

1) Network connection

2) Firewall on the protected computer

3) Power status of the computer

4) DPM Agent installation or service issue.

Microsoft basically says only two reasons for it here. If you are sure that the above 4 settings/status are fine and meeting the requirement on protected virtual or physical computer, then possibly the below reason could be the culprit.

Read Also: How to do P2V in System Center Virtual Machine Manager (SCVMM) 2012 R2

Since we are talking about the Data Protection Manager (DPM 2012 R2) protection in untrusted domain and workgroup setup scenario, the user name and password we setup during the configuration would be the issue. Mostly the password would have expired or some issues with the local user account. This is the normal warning message when DPM lost the access/connectivity.

Agent not reachable dpm error

How to Fix Agent Not Reachable in DPM 2012 R2 – In Untrusted  Domain or Workgroup

This guide will not be explaining about how to configure backup with DPM in untrusted domain or workgroup environment. Basically you need to create a local user account on DPM server and protected computer to complete this task. You can follow this guide to setup the backup of virtual or physical machine in this case.

As we said earlier, how to fix if the protected client is not reachable or not connecting to DPM server after some time?

First thing you can do is, simply update the password of the local account which used during the setup. If you have missed to setup ‘do not expire’ password option but password expiry policy is in place, then you will be facing this issue more frequently.

Under Management in DPM console, you can see the error message as below which indicates that there are some issues.

error

 

Update Password on Protected Computer

Here we can update/change the password from the protected computer. You have to know whether the computer is protected by using NetBIOS or FQDN.

This command is for NetBIOS name, (open the command prompt with administrative privilege and type the below command from the DPM-Bin folder)

SetDpmServer.exe -dpmServerName Server01 -isNonDomainServer –UpdatePassword

This is for the computer protected by FQDN name,

SetDpmServer.exe -dpmServerName Server01.corp.contoso.com -isNonDomainServer –UpdatePassword

dpm password update on the client

Enter the new password and confirm it again.

Remember- The protected server/computer should resolve the computer name to IP address, so make sure it can resolve the NetBIOS or FQDN name to IP. You may need to modify the host file for that.

On the DPM server,

Again you have to see how the protection had been setup earlier, either by FQDN or NetBIOS name. Here is the example for FQDN protection;

Update-NonDomainServerInfo –PSName Finance01.worlwideimporters.com –dpmServerName Server01.contoso.com

You should be running this command from the Data Protection Manager installation folder as shown below.

update non-domain password in dpm server

You can find more information here about setting up password for untrusted or workgroup computer/server protection by Microsoft System Center Data Protection Manager 2012 R2.

Type the same password you have entered earlier in protected computer. This user credentials will be used in future for DPM communication and backup process.

Make sure the Windows firewall is set to allow DPM communication packets by these specific ports.

Once the same password updated on both computers, refresh it under Protected computers in Management area of DPM. The connection will be fine and ‘Agent Not Reachable’ error will disappear from the DPM console. Now the backup will be working fine.

After making the communication

Important Note

You must set ‘Password never expires’ for this particular local user account on both computers, DPM server and protected computer.

Hope this guide would be helpful in solving Agent Not reachable error message in DPM 2012 R2 (and earlier versions too) when protecting untrusted domain or workgroup computers.