Installing DPM 2010

Yesterday I started  installing DPM (System Center Data Protection Manager)  2010 on some test servers. My setup is a server acting as a domaincontroller with SQL server and another server acting as the DPM server. Some information I found on Internet states that DPM could not be installed on the following servers.

  • Domain Controller
  • System Center Operations Manager
  • Exchange Server

Also I found that “Cluster Services” must not be installed on the DPM server.
In the final stage of the installation a got the following error.

The Data Protection Manager error logs says:
“[7/27/2010 4:44:44 PM] Information : Add user: *****\SA_DPM to local group: DPMDBAdministrators$DPM on server: *****
[7/27/2010 4:44:45 PM] Information : Adding local group DPMDBReaders$DPM on server *****
[7/27/2010 4:44:45 PM] Information : Deleting local group DPMDBReaders$DPM on server *****
[7/27/2010 4:44:45 PM] * Exception : Ignoring the following exception intentionally => An error occurred while trying to configure DPM.Uninstall DPM by using Add or Remove Programs in Control Panel, and then run DPM Setup again.Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.BackEndErrorException: Exception of type ‘Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.BackEndErrorException’ was thrown.
at Microsoft.Internal.EnterpriseStorage.Dls.Setup.Wizard.SecurityConfigurationHandler.DeleteLocalGroup(String serverName, String localGroupName)
at Microsoft.Internal.EnterpriseStorage.Dls.Setup.Wizard.SecurityConfigurationHandler.AddLocalGroup(String serverName, String localGroupName)
*** Mojito error was: DpmSetupConfigurationError; 2220; WindowsAPI”

It tries to add the domainaccount used for the installation to a “local group” on the server where the SQL server instance is located, huh… 😉
In my testsetup the domaincontroller also has the “remote” SQL server role, and localgroups does not exists anymore on that server. 🙂

That’s probably the reason I get this error. I will try some other configuration and update this post with the results. 🙂


I used the option to install SQL Server with DPM and the install finished properly.
I want to test the option with the remote SQL Server instance to. Keep you posted.

Kernel-mode authentication with a domain account

You may know that kernel-mode authentication is faster then user-mode authentication. You also may know that when you have a webfarm, network service isn’t the “user” you can use for kernel-mode authentication. With thew following command you can configure that the application pool user is used for kernel-mode authentication.

%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/security/authentication/windowsAuthentication -useAppPoolCredentials:true

This wil result in the following configuration in the applicationHost.config

         <windowsAuthentication enabled="true" useAppPoolCredentials="true" />

You can configure this at the webserver/website/application level.

WCF Services and multiple bindings

.Net 4.0 has a nice improvement I want to share with you. Where in the past is was tricky to configure services with multiple bindings, now is become easier.

Just add the following to your application web.config:

  <serviceHostingEnvironment  multipleSiteBindingsEnabled=”true”>

And configure your IIS bindings on your site and your all set.