我有两台服务器想要使用 System Center 2012 进行保护。它们之间可能存在一些硬件差异,但其他方面都相同:
- 与 DPM 服务器相同的域
- 全新安装 Windows Server 2012 数据中心。
- Hyper-V 角色
- 防火墙组策略中的通配符规则允许来自 DPM 服务器的任意端口上的所有传入连接,并且该策略已应用。
- 我使用域管理员凭据来安装保护代理。
- 远程管理已启用
- 我能够远程安装虚拟机管理器代理,没有任何问题。
使用 Windows Server 2012 数据中心的 System Center 2012 Service Pack 1 DPM 管理员控制台执行安装。
在一台服务器上,远程安装成功完成。在第二台服务器上,它失败了。所有 Windows 更新都已安装,我已重试并重新启动服务器多次。错误消息如下:
Install protection agent on server.domain.local failed: Error 313: The
agent operation failed because an error occurred while running the
installation program on server.domain.local. Error details: Unspecified
error (0x80004005) Recommended action: Review the log files on
server.domain.local: [windir]\temp\msdpm*.log and take appropriate
action. Retry the operation, and if the error persists, restart the
computer and then retry the operation again.
这是日志的一些输出:
=== Logging stopped: 25.04.2013 09:05:38 ===
MSI (s) (8C:8C) [09:05:38:656]: Note: 1: 1708
MSI (s) (8C:8C) [09:05:38:656]: Note: 1: 2205 2: 3: Error
MSI (s) (8C:8C) [09:05:38:656]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1708
MSI (s) (8C:8C) [09:05:38:656]: Note: 1: 2205 2: 3: Error
MSI (s) (8C:8C) [09:05:38:656]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1709
MSI (s) (8C:8C) [09:05:38:656]: Product: Microsoft System Center 2012 SP1 DPM Protection Agent -- Installation failed.
MSI (s) (8C:8C) [09:05:38:656]: Windows Installer installed the product. Product Name: Microsoft System Center 2012 SP1 DPM Protection Agent. Product Version: 4.1.3313.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.
MSI (s) (8C:8C) [09:05:38:656]: Deferring clean up of packages/files, if any exist
MSI (s) (8C:8C) [09:05:38:656]: MainEngineThread is returning 1603
MSI (s) (8C:E8) [09:05:38:672]: RESTART MANAGER: Session closed.
MSI (s) (8C:E8) [09:05:38:672]: No System Restore sequence number for this installation.
MSI (s) (8C:E8) [09:05:38:672]: User policy value 'DisableRollback' is 0
MSI (s) (8C:E8) [09:05:38:672]: Machine policy value 'DisableRollback' is 0
MSI (s) (8C:E8) [09:05:38:672]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (8C:E8) [09:05:38:672]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (8C:E8) [09:05:38:672]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (8C:E8) [09:05:38:672]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (8C:E8) [09:05:38:672]: Destroying RemoteAPI object.
MSI (s) (8C:A0) [09:05:38:672]: Custom Action Manager thread ending.
MSI (c) (3C:A0) [09:05:38:672]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (3C:A0) [09:05:38:672]: MainEngineThread is returning 1603
=== Verbose logging stopped: 25.04.2013 09:05:38 ===
我还尝试在本地安装保护代理并从 DPM 服务器连接,安装成功但连接代理失败并显示“无法连接”。
任何帮助或建议都将不胜感激。
更新:目标计算机上的防火墙已禁用。安装失败并出现相同错误,因此我认为这不是防火墙问题。
更新二:我的第三台服务器安装了全新的 Windows Server 2012 并运行,因此第一台服务器的成功并非巧合。
答案1
这一个挽救了局面:
事实证明,我在限制 Windows 防火墙时有点太急了。检查 MSDPMAgentInstall.log 后,我注意到此错误:
ConfigureFirewall method return hr =0x80004005
通过谷歌搜索我找到了上面的链接。
我删除了 Windows 防火墙中的一些默认规则,安装程序在尝试修改这些规则时失败,即使防火墙已关闭。将答案复制到此处,以防引用的论坛主题消失。
对于那些寻找“setdpmserver.exe 为何失败”的快速解决方案的人,您需要首先弄清楚是否是 Windows 防火墙规则集导致了问题。注意:即使您已关闭防火墙,您仍然需要规则集中的特定规则才能使 setdpmserver.exe 成功。运行以下 netsh 命令:
netsh advfirewall firewall set rule group=\"@FirewallAPI.dll,-29502\" new enable=yes
netsh advfirewall firewall set rule group=\"@FirewallAPI.dll,-34251\" new enable=yes
netsh advfirewall firewall add rule name=dpmra dir=in program=\"%PROGRAMFILES%\\Microsoft Data Protection Manager\\DPM\\bin\\DPMRA.exe\" profile=Any action=allow
netsh advfirewall firewall add rule name=DPMRA_DCOM_135 dir=in action=allow protocol=TCP localport=135 profile=Any
如果前两个命令导致错误,则需要重新添加一些默认的 FW 规则。将以下内容复制到 .reg 文件并运行以重新添加它们。然后重新启动 Windows 防火墙服务并再次尝试上述 netsh。如果它们有效,则 setdpmserver.exe 应该有效。
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteSvcAdmin-In-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\\system32\\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|Edge=FALSE|"
"RemoteSvcAdmin-NP-In-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=445|App=System|[email protected],-29507|[email protected],-29510|[email protected],-29502|Edge=FALSE|"
"RemoteSvcAdmin-RPCSS-In-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|Edge=FALSE|"
"WMI-RPCSS-In-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|Edge=FALSE|"
"WMI-WINMGMT-In-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|Edge=FALSE|"
"WMI-WINMGMT-Out-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|Edge=FALSE|"
"WMI-ASYNC-In-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\\system32\\wbem\\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|Edge=FALSE|"
谢谢音速@ social.technet.microsoft.com