Get DPM installed
Here's what you need to do to set up System Center Data Protection Manager (DPM):
- Read the Setup prerequisites
- Verify the DPM operating system is compatible.
- Set up a SQL Server database to store DPM settings and configuration information.
- Set up DPM. You can Install DPM from the user interface, or Run an unattended install. Follow these instructions if you want to Install DPM on a domain controller
|Environment||Details or specifics for the installation|
|Basic DPM installation prerequisites||A number of components are needed on the DPM server. These are installed automatically during setup:
- .NET Framework 4.0 or 4.5 (DPM 2016/2019); .NET Framework 3.5 required for SQL installation (Before SQL 2016); .NET Framework 4.6 required for SQL installation (SQL 2016 onwards) . Install with Add Features in Server Manager if it doesn't install automatically.
- Windows Installer 4.5 (or later). Installed as part of the operating system but can also be installed as an administrator from
- Microsoft Visual C++ 2012 Redistributable; Microsoft Visual C++ 2010 Redistributable; Microsoft Visual C++ 2008 Redistributable.
- PowerShell 3.0 (included with Windows Server 2012 R2 or 2012)
||- Verify supported SQL Server versions for the DPM database. - You can install SQL Server on the DPM server or on a remote server.
- If you install the database remotely the machine running the remote instance must be in the same domain and time zone as the DPM server. - If you're running a remote database, have it ready before you install DPM
- You can't run SQL Server on a domain controller.
- If you're running a remote database, have it ready before you install DPM. Make sure to run SQL Prep tool on remote SQL computer.
- SQL Server can be standalone or running in a cluster.
- You can't use a SQL Server Always-On deployment.
- If you deploy DPM as an Azure virtual machine (VM) use an Azure VM running SQL Server as a remote SQL Server instance. You can't use an on-premises SQL Server in this deployment, and using an Azure SQL Database isn't currently supported.
- If SQL Server is clustered, Reporting Server and SQL Server should be on different machines.
|DPM installed as Hyper-V VM||If you're installing DPM as a Hyper-V virtual machine note that:
|DPM as an Azure virtual machine||
|VM size||Max protected workloads||Avg workload size||Avg workload churn (daily)|
|A2V2||20||100 GB||Net 5% churn|
|A4V2||40||150 GB||Net 10% churn|
|A8V2||60||200 GB||Net 15% churn|
Set up a SQL Server database
You'll need to set up a SQL Server database if:
- You're running DPM 2019, 2016
To set up a SQL Server database:
Run SQL Server setup on the local server on which you'll install DPM, or on a remote server.
On the Installation tab, click New SQL Server stand-alone installation or add features to an existing installation.
On the Product Key tab enter a valid license key. On the Setup Support Rules tab, correct any failures before proceeding. On the Setup Role tab select SQL Server Feature Installation
On the Feature Selection tab select Database Engine Services. In Instance Features, select Reporting Service - Native. On the Installation Rules tab review the rules.
On the Instance Configuration tab specify the name of SQL Server instance you'll use for DPM. Don't use an underscore or localized characters in the name. In Disk Space Requirements review the information.
In Server Configuration -> Service Accounts specify the domain accounts under which the SQL Server services should run:
We recommend you use a single, dedicated domain user account to run SQL Server services, SQL Server agent, SQL Server Database Engine, and SQL Server Reporting services.
If you're installing DPM on an RODC then use the DPMSQLSvcsAcctaccount you created there. Note that the user account must be a member of the local Administrators group on the domain controller where the remote instance is installed. After setup is complete, you can remove the user account from the local Administrators group. In addition for installation on an RODC you'll need to enter the password you selected when you set up RODC for DPM and crated the DPMR$MACHINENAME account.
When you create a domain user account give it the lowest possible privileges, assign it a strong password that does not expire, and give it a name that's easily identifiable. You'll add this account to the local Administrators group and to the SQL Server Sysadmin fixed server role later in the wizard.
All services except the SQL Full-text Filter Daemon Launcher should be set to Automatic.
On the Database Engine Configuration tab, accept the Windows authentication mode setting. DPM admins need SQL Server administrator permissions. In Specify SQL Server administrators, add DPM Admins. You can add additional accounts if you need to. Complete the rest of the wizard with the default settings and click Ready to Install -> Install.
If you're installing SQL Server on a remote computer do the following:
Install the DPM support files (SQLPrep). To do this, on the SQL Server computer insert the DPM DVD and start setup.exe. Follow the wizard to install the Microsoft Visual C++ 2012 redistributable. The DPM support files will be installed automatically.
Set up firewall rules so that the DPM server can communicate with the SQL Server computer:
Make sure TCP/IP is enabled with default failure audit and enable password policy checking.
To allow TCP on port 80, configure an incoming exception for sqlservr.exe for the DPM instance of SQL Server. The report server listens for HTTP requests on port 80.
Enable RPC on the remote SQL Server.
The default instance of the database engine listens on TCP port 1443. This setting can be modified. To use the SQL Server Browser service to connect to instances that don't listen on the default 1433 port, you'll need UDP port 1434.
Named instance of SQL Server uses Dynamic ports by default. This setting can be modified.
You can see the current port number used by the database engine in the SQL Server error log. You can view the error logs by using SQL Server Management Studio and connecting to the named instance. You can view the current log under the Management - SQL Server Logs in the entry Server is listening on ['any'
DPM 2016 requires SQL Server Management Studio (SSMS) version 16.5 or earlier. SSMS is no longer installed with SQL Server; you must Download and install SQL Server Management Studio (SSMS) version 16.5. SSMS version 17.0 or later is not supported with DPM 2016. For more information, see SQL Server Management Studio 16.5 release. With DPM 2019, you need to install SQL SSRS separately for SQL 2017. With SQL 2017 and later, SSRS doesn't get installed as a part of SQL install.
When installing DPM, use NetBIOS names for the domain name and SQL machine name. Do not use fully qualified domain names (FQDN).
If required, extract the DPM 2016.exe (for DPM 2016)/DPM 2019.exe (for DPM 2019) file onto the machine on which you want to run DPM. To do this, run the exe file and on the Welcome screen, click Next. In Select Destination Location specify where you want to extract the installation files to. In Ready to Extract click Extract.. After the extraction finishes go to the specified location and run Setup.exe.
On the Welcome page of DPM Setup click Next. On the License Terms page accept the agreement > OK.
On the Prerequisites Check page, wait for the check and resolve any issues before proceeding.
On the Product Registration page click Next. On the Microsoft Update Opt-In page, choose whether you want to include DPM in your Microsoft Updates.
On Summary of Settings page check the settings and click Install. After install is complete click Close. It will automatically launch Windows update to check for changes.
Run an unattended install
Run an unattended install as follows:
Make sure you have the prerequisites installed before you start.
On the remote SQL Server, make sure .NET Framework 3.5 (for SQL 2016) 4.0 or 4.5 (SQL 2017) is installed on Windows server before installing SQL.
Use the following code to make sure the firewall is opened:
netsh advfirewall firewall add rule name=DPM_SqlServr.exe dir=in action=allow program=\"%PROGRAMFILES%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe\" profile=Domain netsh advfirewall firewall add rule name=DPM_UDP_Port_1434 dir=in action=allow protocol=UDP localport=1434 profile=Domain
Install SQL Server on the local or remote server.
Copy the following text into Notepad (or another text editor) and save the script on the DPM server as DPMSetup.ini. You use the same script whether the SQL Server instance is installed on the DPM server or on a remote server.
When installing DPM, use NetBIOS names for the domain name and SQL machine name. Do not use fully qualified domain names (FQDN).
When creating DPMSetup.ini, replace the text inside <> with values from your own environment. Lines beginning with the hash (#) are commented out, and DPM setup uses the default values. To specify your own values, type the values within the <> and delete the hash (#).
``` [OPTIONS] UserName = <A user with credentials to install DPM> CompanyName = <Name of your company> ProductKey = <The 25-character DPM product key in the format xxxxx-xxxxx-xxxxx-xxxxx-xxxxx> # SqlAccountPassword = <The password to the DPM$ account> # StandardAgentLicenses = <No. of standard agent licenses you have purchased> # EnterpriseAgentLicenses = <No. of enterprise agent licenses you have purchased> # ProgramFiles = C:\Program Files\Microsoft Data Protection Manager # DatabaseFiles = C:\Program Files\Microsoft Data Protection Manager\DPM\DPMDB # IntegratedInstallSource = <Location of the DPM setup files> # ---For using a remote SQL Server instance --- # SQLMachineName = <Name of the SQL Server computer> OR <SQL Cluster Name> # SQLInstanceName = <Name of the instance of SQL Server that Setup must use> # SQLMachineUserName = <User name that Setup must user> # SQLMachinePassword = <Password for the user name Setup must use> # SQLMachineDomainName = <Domain to which the SQL Server computer is attached> # ---For using a reporting SQL Server instance in case of DPMDB in SQL Cluster --- # ReportingMachineName = <Name of the SQL Server computer> # ReportingInstanceName = <Name of the instance of SQL Server that Setup must use, SSRS in case of SQL 2017> # ReportingMachineUserName = <User name that Setup must user> # ReportingMachinePassword = <Password for the user name Setup must use> # ReportingMachineDomainName = <Domain to which the SQL Server computer is attached> ```
- After saving the file, at an elevated command prompt on the installation server, type:
start /wait [media location]\setup.exe /i /f <path>\DPMSetup.ini /l <path>\dpmlog.txt.
[media location]indicates where you'll run setup.exe from.
<path>is the location of the .ini file.
Install DPM on a domain controller
If you want to set up DPM on an RODC you'll need to do a couple of steps before you set up SQL Server and install DPM.
Create the security groups and accounts needed for DPM. To do this click Start > Administrative Tools > Active Directory Users and Computers > Domain/Builtin and create these security groups. For each group use the default setting for Scope (Global) and Group type (Security):
- DPMDBReaders$<Computer Name>;
- MSDPMTrustedMachines$<Computer Name>;
- DPMRADCOMTrustedMachines$<Computer Name>;
- DPMRADmTrustedMachines$<Computer Name>;
- DPMDBAdministrators$<Computer Name>;
- MSDPMTrustedUsers$<Computer Name>;
- DPMSCOM$<Computer Name>;
- DPMRATrustedDPMRAs$<Computer Name>, where <Computer Name> is the name of the domain controller.
Add the local machine account for the domain controller (<Computer Name>) to the MSDPMTrustedMachines$<Computer Name> group. Then on the primary domain controller create a domain user account with the lowest possible credentials. Assign it a strong password that doesn't expire and add it to the local administrators group.
Make a note of this account because you need to configure the SQL Server services during the installation of SQL Server. You can name this user account anything that you want; however, for the purposes of easily identifying the account's purpose, you might want to give it a significant name, such as DPMSQLSvcsAcct. For the purposes of these procedures, this account is referred as the DPMSQLSvcsAcct account.
On the primary domain controller, create another domain user account with the lowest possible credentials and name the account DPMR$MACHINENAME, assign it a strong password that does not expire, and then add this account to the DPMDBReaders$<Computer Name> group.
Then create the security groups and user accounts needed for the SQL Server database with scope: global and Group type: security. The group or account should be in this format <grouporaccountnameComputerName>.
SQLServerReportServerUser$<Instance ID><Instance Name>
SQLServerMSASUser$<Computer Name><Instance Name>
SQLServerFDHostUser<Computer Name><Instance Name>
where <Computer Name> is the computer name of the domain controller on which SQL Server 2008 will be installed.
- <Instance Name> is the name of the instance of SQL Server that you plan to create on the domain controller. The instance name can be any name other than the default DPM instance name (MSDPM2010).
- <Instance ID> by default is assigned by SQL Server Setup and indicates that the group applies to Reporting Services (MSRS) for the major version of the instance (10) of SQL Server. For this release, this value is MSRS1A0_50.
On the primary domain controller, add the domain user account that you created earlier (the DPMSQLSvcsAcct account) to the following groups: SQLServerReportServerUser$<ComputerName>$MSRS10.<InstanceID> SQLServerMSASUser$<ComputerName>$<InstanceID>
After you've complete these steps you can install SQL Server:
Log onto the domain controller on which you want to install DPM using the domain user account that you created earlier. Let's refer to this account as DPMSQLSvcsAcct.
Start to install SQL Server. On the Server Configuration - Service Accounts page of Setup you specify the login account for the SQL Server services (SQL Server Agent, SQL Server Database Engine, SQL Server Reporting services) to run under the user account DPMSQLSvcsAcct.
After SQL Server is installed, open SQL Server Configuration Manager > SQL Server Network Configuration > Protocols, right-click Named Pipes > Enable. You'll need to stop and restart the SQL Server service.
Then you can install DPM:
On the SQL Server Settings page type the name of the instance of SQL Server that you installed in procedure as localhost\<Instance Name>, and then type the credentials for the first domain user account you created (the DPMSQLSvcsAcct account). This account must be a member of the local Administrators group on the domain controller where the remote instance is installed. After setup is complete, you can remove the user account from the local Administrators group.
On the Security Settings page you'll need to enter the same password that you used when you created the DPMR$MACHINENAME user account earlier.
Open SQL Server Management Studio and connect to the instance of SQL Server that DPM is configured to use. Click New Query, copy the text below to the right pane, and then press F5 to run the query.
use DPMDB declare @refresh_jobid uniqueidentifier select @refresh_jobid = ScheduleId from tbl_SCH_ScheduleDefinition where JobDefinitionId in (select JobDefinitionId from tbl_JM_TaskDefinition where TaskDefinitionId in (select distinct TaskDefinitionID from tbl_TE_TaskTrail where VerbID = '53603503-C4C8-4D0E-8F1E-D2F3868E51E3')) and IsDeleted=0 exec msdb.dbo.sp_update_job @job_name =@refresh_jobid, @enabled=0 update tbl_SCH_ScheduleDefinition set IsDeleted=1 where ScheduleId = @refresh_jobid
Upgrade SQL 2016 to SQL 2017
If you want to use SQL 2017 with DPM Semi Annual Channel 1801 or later, you must upgrade SQL 2016 to SQL 2017. You can upgrade SQL Server 2016, or SQL Server 2016 SP1 Enterprise or Standard, to SQL 2017. The following procedure lists the steps to upgrade SQL 2016 to SQL 2017.
SQL 2017 is supported as a database with DPM 1801 in upgrade scenarios. With DPM 2019, SQL 2017 is supported as a DPM database, in both new installation and upgrade scenarios of DPM.
On the SQL Server, back up the Reporting database.
Back up the Encryption Keys.
Clean up the reporting folders on the local machine.
Install the Reporting service.
On the DPM server, change the following DPM registry key to the new reporting instance name.
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\DB<ReportingInstanceName>
Change the Reporting Service virtual directory name to ReportServer_SSRS.
Configure the Reporting Service, and restore the database and encryption keys.