Manage protected computers
Updated: May 13, 2016
Applies To: System Center 2012 SP1 - Data Protection Manager, System Center 2012 - Data Protection Manager, System Center 2012 R2 Data Protection Manager
The topics in this section provide information about performing common maintenance tasks and managing protected computers.
In general, you can continue maintenance on file servers and workstations protected by System Center 2012 – Data Protection Manager (DPM) using your regular maintenance schedule and the maintenance tools provided in the operating system. Those tools and any impact on data protection are listed in the following table.
|Disk Cleanup: Use to remove temporary files, Internet cache files, and unnecessary program files.||Running Disk Cleanup should have no adverse affect on performance or data protection.|
|Disk Defragmenter: Use to analyze volumes for the amount of fragmentation and to defragment volumes.||Before adding a volume to a protection group, check the volume for fragmentation, and if necessary, defragment the volume by using Disk Defragmenter. When protection is applied to extremely fragmented volumes, boot times on the protected computer might be slowed down and protection jobs might fail.
It is recommended that you run Disk Cleanup before running Disk Defragmenter.
|Chkdsk.exe: Use to check the file system and file system metadata for errors and to display a status report of its findings.||Before you run chkdsk /f on a protected volume, verify that a consistency check of that volume is not being performed. Running chkdsk /f on a protected volume while a consistency check is being performed on that volume can cause 100% CPU utilization.
Run synchronization with consistency check after running Chkdsk.exe on the protected computer.
Applying updates on protected computers
An important part of computer maintenance is ensuring that operating systems and software are up to date. Updates—known as fixes, patches, service packs and security rollup packages—help to protect computers and data.
You can use your preferred method for deploying software updates, such as Automatic Updates or Windows Server Update Services, on System Center 2012 – Data Protection Manager (DPM) protected computers. Because some software updates require a computer restart, you should schedule or perform the updates at times that have the least impact on protection operations.
Running antivirus software on protected computers
To prevent data corruption of replicas and shadow copies, configure the antivirus software to delete infected files rather than automatically cleaning or quarantining them. Automatic cleaning and quarantining can result in data corruption because these processes cause the antivirus software to modify files, making changes that System Center 2012 – Data Protection Manager (DPM) cannot detect. For information about configuring your antivirus software to delete infected files, see the documentation for your antivirus software.
For information about configuring firewalls on computers when installing protection agents, see Installing Protection Agents.
Changing DPM ports on protected computers
System Center 2012 – Data Protection Manager (DPM) requires ports 5718 and 5719. If these ports are already used by another program, the backup jobs will run, but the recoveries will fail. If it is possible, reassign the ports to DPM. Otherwise, complete the following procedure to change the ports for DPM.
Locate the SetAgentcfg.exe file on the DPM server. By default, the file is located at the following path: %PROGRAMFILES%\Microsoft DPM\DPM\Setup\SetAgentCfg.exe.
Copy the file to the protected computer that is experiencing the problem. Copy the file to the agent DPM\Bin directory. By default, the file is located at the following path: %PROGRAMFILES%\Microsoft Data Protection Manager\DPM\bin.
On the protected computer, open an elevated command prompt, change the directory to where the SetAgentCfg.exe file was copied. For example, %PROGRAMFILES%\Microsoft Data Protection Manager\DPM\bin.
Run the following command to change the ports that are used by the DPM Agent:
SetAgentCfg e dpmra <port number> <alternate port number>.
Restart the DPM RA service.
Manage automatic discovery
Once each day, System Center 2012 – Data Protection Manager (DPM) queries Active Directory Domain Services to discover new computers. This process is referred to as auto discovery. Auto discovery is limited to a DPM server's domain.
DPM lists the new computers next time when you open either the Protection Agent Installation Wizard or the Create New Protection Group Wizard for client computers. To start protecting data on a new computer, install a protection agent on the computer and then add the data sources to a new or existing protection group.
By default, auto discovery runs at 1:00 A.M. each day. You can modify the auto discovery schedule to better accommodate your network traffic flow or other requirements, as follows:
In DPM Administrator Console, click Options.
In the Options dialog box, on the Auto Discovery tab, select the time of day when you want auto discovery to run.Then click OK.
Manage replication across time zones
In an Active Directory domain, the system times on servers are synchronized according to the time zone configuration of each server. However, when a DPM server is protecting computers that are in a different time zone from the DPM server, you must consider the time differences when scheduling jobs, reviewing reports, managing alerts, and performing data recovery.
DPM automatically schedules synchronization and recovery point jobs in the time zone of the protected computer. In all other areas of DPM Administrator Console, system times are displayed in the time zone of the DPM server. Although you schedule jobs to run in the time zone of the protected computer, the start times and recovery point times of the jobs are displayed in the time zone of the DPM server.
For example, suppose that your DPM server is located in Berlin and a protected file server is located in Reykjavik, which is two hours earlier than Berlin. When you schedule synchronization and the recovery point for 6:00 P.M., the jobs run at 6:00 P.M. in Reykjavik time, the time on the file server. However, if a user in Reykjavik requests to have data recovered to its state as of 6:00 P.M. yesterday, you must search for the recovery point that represents 8:00 P.M. Berlin time, because the DPM recovery user interface represents recovery point times in the time zone of the DPM server.
In DPM Administrator Console, in the Recovery task area, the Last Modified column displays the date and time of the most recent changes to the file, which could be either changes to the contents or changes to the metadata.
Work hours for network bandwidth usage throttling use the time zone of the protected computer.
Schedule initial replica creation
Initial replica creation jobs are scheduled by using the time of the DPM server; you cannot schedule a job to run at a time that is already in the past for the DPM server, even if that time is still in the future for the protected computer. In our example of a DPM server in Berlin that is protecting a file server in Reykjavik, there is a two hour difference between the times of the two servers. At 9:00 P.M. Berlin time, you cannot schedule an initial replica creation job for the file server in Reykjavik at 8:00 P.M. on the same day, even though it is not yet 8:00 P.M. in Reykjavik, because that time is in the past for the DPM server in Berlin.
Initial replica creation jobs occur by using the time of the protected computer. This means that if you schedule an initial replica creation job for the file server in Reykjavik to occur at 9:00 P.M. on a set date, the job will run at 9:00 P.M. Reykjavik time on that day.
Suppose the DPM server in Berlin is also protecting a file server in Sofia, which is an hour later than Berlin. At 8:00 P.M. in Berlin, you schedule an initial replica creation job for the file server in Sofia to begin at 8:30 P.M. You can schedule it for 8:30 P.M. because that time is in the future for the DPM server. However, because it is already past 8:30 P.M. in Sofia, the initial replica creation will begin immediately.
DPM automatically identifies the time zone of a protected computer during installation of the protection agent. Providing that both the DPM server and the protected computer reside in time zones that observe the same rules for daylight saving, DPM also automatically adjusts to accommodate the start and end of daylight saving time. However, if the DPM server and the protected computer reside in locations that observe different rules for daylight saving time—for example, if the DPM server resides in a location that observes daylight saving time and the protected server resides in a location that does not—the start of daylight saving time disrupts the time zone offsets between DPM and the protected computer.
To resolve this problem, you can force the DPM server to reset the time zone offset by removing the data sources from protection and then adding the data sources back to protection groups.
Run scripts after jobs on protected computers
A pre-backup script is a script that resides on the protected computer, is executed before each DPM backup job, and prepares the protected data source for backup.
A post-backup script is a script that runs after a DPM backup job to do any post-backup processing, such as bringing a virtual machine back online.
When you install a protection agent on a computer, a ScriptingConfig.xml file is added to the install path\Microsoft Data Protection Manager\DPM\Scripting folder on the protected computer. For each protected data source on the computer, you can specify a pre-backup script and a post-backup script in ScriptingConfig.xml.
The pre-backup and post-backup scripts cannot be VBScripts. Instead, you must user a wrapper command around your script containing cscript myscript.vbs.
When DPM runs a protection job, ScriptingConfig.xml on the protected computer is checked. If a pre-backup script is specified, DPM runs the script and then completes the job. If a post-backup script is specified, DPM completes the job and then runs the script.
Protection jobs include replica creation, express full backup, synchronization, and consistency check.
DPM runs the pre-backup and post-backup scripts by using the local system account. As a best practice, you should ensure that the scripts have Read and Execute permissions for the administrator and local system accounts only. This level of permissions helps to prevent unauthorized users from modifying the scripts.
<?xml version="1.0" encoding="utf-8"?> <ScriptConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/2003/dls/ScriptingConfig.xsd"> <DatasourceScriptConfig DataSourceName="Data source"> <PreBackupScript>”Path\Script Parameters” </PreBackupScript> <PostBackupScript>"Path\Script Parameters” </PostBackupScript> <TimeOut>30</TimeOut> </DatasourceScriptConfig> </ScriptConfiguration>
To specify pre-backup and post-backup scripts
On the protected computer, open the ScriptingConfig.xml file in an XML or text editor.
The DataSourceName attribute must be provided as Drive: (for example, D: if the data source is on the D drive).
For each data source, complete the DatasourceScriptConfig element as follows:
For the DataSourceName attribute, enter the data source volume (for file data sources) or name (for all other data sources). The data source name for application data should be in the form of Instance\Database for SQL, Storage group name for Exchange, Logical Path\Component Name for Virtual Server, and SharePoint Farm\SQL Server Name\SQL Instance Name\SharePoint Config DB for Windows SharePoint Services.
In the PreBackupScript tag, enter the path and script name.
In the PreBackupCommandLine tag, enter command-line parameters to be passed to the scripts, separated by spaces.
In the PostBackupScript tag, enter the path and script name.
In the PostBackupCommandLine tag, enter command-line parameters to be passed to the scripts, separated by spaces.
In the TimeOut tag, enter the amount of time in minutes that DPM should wait after invoking a script before timing out and marking the script as failed.
Save the ScriptingConfig.xml file.
DPM will suffix an additional Boolean (true/false) parameter to the post-backup script command, indicating the status of the DPM backup job.
Stop protecting a computer
If you don’t want to continue protection of a protected computer, you can remove the protected computer from DPM by using the Remove-ProductionServer.ps1. This will not uninstall the DPM protection agent from the protected computer. You must uninstall the agent manually.
Running this script will remove the protected computer from the DPM database (DPMDB) and from the trusted groups DCOMTrustedMachines and DPMRADMTrustedMachines.
Remove-ProductionServer.ps1 -DPMServername [DPMServerName] -PSName [ProtectedComputerName]
|-DPMServername||Name of the DPM server.|
|-PSName||Name of the protected computer that must be removed.
If the computer was protected using an FQDN or NETBIOS name, you must use that name here.
There should be no actively protected data sources on the computer you are trying to remove.
Synchronize a replica
System Center 2012 – Data Protection Manager (DPM) provides two methods for synchronizing a replica: incremental synchronization and synchronization with consistency check. Incremental synchronization (also referred to as synchronization) transfers the changes to protected data from the protected computer to the DPM server and then applies the changes to the replica. Synchronization with consistency check transfers the data changes from the protected computer to the DPM server but also performs block-by-block verification to ensure that all the data on the replica is consistent with the protected data.
You might need to manually synchronize a replica in the following situations:
You can manually synchronize a replica before you create a recovery point to ensure that you are getting the latest possible recovery point. For this purpose, choose incremental synchronization.
You must perform a manual consistency check when a replica becomes inconsistent due to an overflow of the change journal or an unexpected shutdown of the protected computer. All synchronization and recovery point jobs will fail until the replica is made consistent by performing a consistency check.
When you manually create a replica from tape or other removable media rather than over the network, you must perform a consistency check before data protection can begin.
You should manually synchronize a replica when you make configuration changes to a protected computer, such as the following:
Adding items to or removing items from a storage group
Changing the file location of protected items on a protected computer
For more information about synchronization methods, see Synchronization [DPM2012_New]
To manually synchronize a replica
In DPM Administrator Console, click Protection on the navigation bar.
In the display pane, select the replica that you want to synchronize.
In the Actions pane, click Create recovery point - disk.
In the Create Recovery Point dialog box, select either Create a recovery point after synchronizing or Only synchronize. If you select Only synchronize, changes since the last synchronization are transferred and applied to the replica.
Delete a replica
You can delete a replica when you no longer need to be able to recover data for the associated protection group member. The method you use to delete the replica depends on whether the replica is active or inactive. An active replica is one for which the source data is currently being protected.
To delete an active replica
In DPM Administrator Console, click Protection on the navigation bar.
In the display pane, select the protection group member that you want to delete.
In the Actions pane, click Stop protection of member.
In the Remove from Group dialog box, select whether you want to delete the replica on disk. If recovery points are on tape, select whether you want to expire the recovery points on tape.
When you delete an active replica, you are also deleting all recovery points for the previously protected data and removing the associated member from the protection group. For more information, see Remove protection group members [DPM2012_Web].
To delete an inactive replica
In DPM Administrator Console, click Protection on the navigation bar.
In the display pane, select the inactive replica that you want to delete.
In the Actions pane, click Remove inactive protection.
In the Delete Inactive Protection dialog box, choose to delete the replica on disk. If recovery points are on tape, select whether or not you want to expire the recovery points on tape.
Data for the selected inactive protection members is marked for expiration. The tapes are not marked free until all other data marked for expiration has expired.
Click OK. After you click OK, you cannot cancel this action.
When you delete an inactive replica, you are also deleting recovery points for the previously protected data.
For co-located data sources, see Colocate data from different protection groups on disk.