• A production network with DNS zone. This DNS zone is used by Active Directory for production purposes;
• A private dedicated network for backup without DNS.

It is not recommended to register IP belonging to dedicated backup network in the production DNS zone because these IPs are not always reachable from outside. So there are two solutions: use host file on DPM (beurkkkk) or use DNS. I have chosen to use DNS with a new primary zone.

To use a dedicated network for Data Protection Manager, there are four steps:

1. Create a backup DNS zone;
2. Configure backup NIC on Domain Controller;
3. Configure backup NIC on member servers;
4. Configure DPM to use backup network.

For my example, I have these networks:

• Production network: 10.10.0.0/24
• Backup network: 10.10.1.0/24

Create a backup DNS zone

First of all, I create a backup DNS zone which I call backup.net. So I open a DNS console on a domain controller (dnsmgmt.msc) and I create a primary zone. Right click on the Forward Lookup Zone and select New Zone.

On the New Zone Wizard welcome screen, click on Next.

Create a Primary zone and to follow best practices, tick the Store the zone in Active Directory option.

Select the replication scope. On my side I choose to replicate on all DNS servers running on domain controllers in this domain.

Specify a Zone name. On my side I call my DNS zone backup.net.

Next configure the dynamic update. To follow best practices I choose Allow only secure dynamic updates.

To finish creating zone, click on Finish.

Once your DNS zone is created, you should have it in Forward Lookup Zones in your DNS console.

Once the zone is created, I recommend you to check listener on DNS service. So in the DNS console, right click on the server name and select properties.

Make sure that the DNS Service listens on your backup network. If you make a change, don’t forget to restart the DNS service.

Configure backup NIC on Domain Controllers

Once the zone is created and the DNS service listens on your backup network, it is time to register your domain controllers in this zone. For that, open network connection configuration, right click on your backup NIC and select properties.

Edit Internet Protocol Version 4 (TVP/IPv4) properties and click on advanced.

Regarding domain controller I have this IP configuration:

• VMADS01: 10.10.1.5/24
• VMADS02: 10.10.1.4/24

To follow best practices, on VMADS01 primary DNS is 10.10.1.4 and secondary DNS is 127.0.0.1 On VMADS02, the primary DNS is 10.10.1.4 and secondary DNS is 127.0.0.1. In this way, DNS resolution is crossed.

So on VMADS01 the configuration is like below screenshot:

On VMADS02 the configuration is like below screenshot:

You can use this Powershell script to configure your DNS settings as above:

Set-DnsClientServerAddress -InterfaceAlias "BackupNet" -ServerAddresses ("10.10.1.4","127.0.0.1")
Set-DnsClient –InterfaceAlias "BackupNet" -ConnectionSpecificSuffix "backup.net" –RegisterThisConnectionsAddress $true –UseSuffixWhenRegistering $true

Once the configuration is applied, don’t forget to run ipconfig /registerdns

So in my DNS zone, I have my two domain controllers registered automatically.

Configure Backup NIC on member servers

Now I apply the same configuration on member servers except that I set the primary DNS server to 10.10.1.4 and secondary DNS server to 10.10.1.5.

Set-DnsClientServerAddress -InterfaceAlias "BackupNet" -ServerAddresses ("10.10.1.4","10.10.1.5")
Set-DnsClient –InterfaceAlias "BackupNet" -ConnectionSpecificSuffix "backup.net" –RegisterThisConnectionsAddress $true –UseSuffixWhenRegistering $true

Once the configuration is applied, I run ipconfig /registerdns and all my servers are registered automatically in backup.net zone.

N.B: For IP Pool users on Virtual Machine Manager, you can make the configuration in VMM. Just configure the DNS and the specific connection suffix. However a Run Once script will be needed to tick the Use this connection’s DNS suffix in DNS registration option. You can use the Set-DNSClient powershell command like the script described above.

Configure DPM backup network

On DPM server, open a DPM Management shell. I will use the <verb>-DPMBackupNetworkAddress command to view and edit the networks used by Data Protection Manager. So First, I run Get-DPMBackupNetworkAddress to view backup network settings:

So as you can see in the above screenshot, no backup network is set on my DPM configuration. So I launch the below powershell command:

Add-DPMBackupNetworkAddress –DPMServerName VMDPM01.home.net –Address 10.10.1.0/24 –SequenceNumber 1

This command adds the 10.10.1.0/24 network as a first backup network in DPM. If DPM is able to resolve name on this network, it will use this network. The SequenceNumber is the priority of the network using.

Now I run again the Get-DPMBackupNetworkAddress and as you can see below, I have one backup network.

If you want to add your production network as a fallback network for backup, you can add another network with a SequenceNumber greater than 1.

To finish the configuration, restart the DPM service.

Now I run a Virtual Machine backup and that’s work J.

The post Use a dedicated network for Data Protection Manager appeared first on Tech-Coffee.

The first known misconfiguration that raises this error is that Windows Server Backup feature is not installed on the protected server.

Windows Server Backup

So if you have the below event, I am pretty sure that you have not installed the Windows Server Backup Feature.

To verify this assumption, connect to the protected server, and open the Add Roles and Features wizard. Verify that Windows Server Backup feature is installed. If not, you can do it without reboot.

WinRE issue

Then if you have installed Windows Server Backup and you still get the same error, it can be the WinRE (Windows Recovery) that can raise the problem. When I got this issue on my client infrastructure, I searched on Technet and I found this topic. My error in DPM is like the below screenshot:

So I connect to the protected server and I run this command: reagentc /disable.

This command disables the WinRE Agent.

Next I perform a consistency check and tadaaa:

To finish you can restart the WinRE agent: reagentc /enable.

 But why WinRE raises a Replica is inconsistent in DPM?

It is a bug known by Microsoft. Because System State is based on shadow copy, Windows needs 50MB on System Reserved partition. The problem is that WinRE take a lot of space also on this partition. So in my opinion, there is not enough space on the system reserved partition to make the shadow copy. This is why when the WinRE agent is stopped, Shadow Copy works.

The post Replica is inconsistent in DPM 2012R2 appeared first on Tech-Coffee.