我有两台服务器要用System Center 2012来保护。可能会有一些硬件上的差异,但是它们是平等的:
从Windows Server 2012 Datacenter使用System Center 2012 Service Pack 1 DPMpipe理员控制台执行安装。
在一台服务器上,远程安装成功完成。 在第二个失败。 所有的Windows更新已经安装,我已经重试并重新启动服务器几次。 错误消息如下所示:
Install protection agent on server.domain.local failed: Error 313: The agent operation failed because an error occurred while running the installation program on server.domain.local. Error details: Unspecified error (0x80004005) Recommended action: Review the log files on server.domain.local: [windir]\temp\msdpm*.log and take appropriate action. Retry the operation, and if the error persists, restart the computer and then retry the operation again. 这是来自日志的一些输出:
=== Logging stopped: 25.04.2013 09:05:38 === MSI (s) (8C:8C) [09:05:38:656]: Note: 1: 1708 MSI (s) (8C:8C) [09:05:38:656]: Note: 1: 2205 2: 3: Error MSI (s) (8C:8C) [09:05:38:656]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1708 MSI (s) (8C:8C) [09:05:38:656]: Note: 1: 2205 2: 3: Error MSI (s) (8C:8C) [09:05:38:656]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1709 MSI (s) (8C:8C) [09:05:38:656]: Product: Microsoft System Center 2012 SP1 DPM Protection Agent -- Installation failed. MSI (s) (8C:8C) [09:05:38:656]: Windows Installer installed the product. Product Name: Microsoft System Center 2012 SP1 DPM Protection Agent. Product Version: 4.1.3313.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603. MSI (s) (8C:8C) [09:05:38:656]: Deferring clean up of packages/files, if any exist MSI (s) (8C:8C) [09:05:38:656]: MainEngineThread is returning 1603 MSI (s) (8C:E8) [09:05:38:672]: RESTART MANAGER: Session closed. MSI (s) (8C:E8) [09:05:38:672]: No System Restore sequence number for this installation. MSI (s) (8C:E8) [09:05:38:672]: User policy value 'DisableRollback' is 0 MSI (s) (8C:E8) [09:05:38:672]: Machine policy value 'DisableRollback' is 0 MSI (s) (8C:E8) [09:05:38:672]: Incrementing counter to disable shutdown. Counter after increment: 0 MSI (s) (8C:E8) [09:05:38:672]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 MSI (s) (8C:E8) [09:05:38:672]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 MSI (s) (8C:E8) [09:05:38:672]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1 MSI (s) (8C:E8) [09:05:38:672]: Destroying RemoteAPI object. MSI (s) (8C:A0) [09:05:38:672]: Custom Action Manager thread ending. MSI (c) (3C:A0) [09:05:38:672]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1 MSI (c) (3C:A0) [09:05:38:672]: MainEngineThread is returning 1603 === Verbose logging stopped: 25.04.2013 09:05:38 ===
我也尝试在本地安装保护代理,并从DPM服务器连接,安装成功,但连接代理失败,出现“无法连接”。
任何帮助或提示表示赞赏。
更新:在目标计算机上禁用防火墙。 安装失败,同样的错误,所以我不认为这是一个防火墙问题。
更新二:得到我的第三台服务器与一个新的Windows Server 2012安装和运行,所以在第一台服务器上的成功并不是巧合。
这一天拯救了一天:
事实certificate,在限制Windows防火墙时,我有点太急了。 检查MSDPMAgentInstall.log后,我注意到这个错误:
ConfigureFirewall method return hr =0x80004005
谷歌search带我到上面的链接。
我已经删除了Windows防火墙中的一些默认规则,即使防火墙closures了,当安装程序尝试修改这些规则时也失败了。 在这里复制答案,以防引用的论坛主题消失。
对于那些寻找“为什么setdpmserver.exe失败”的快速解决scheme,你需要先弄清楚是否是导致问题的Windows防火墙规则集。 注意:即使您已closures防火墙,您仍然需要规则集中的特定规则才能使setdpmserver.exe成功。 运行这些netsh命令:
netsh advfirewall firewall set rule group=\"@FirewallAPI.dll,-29502\" new enable=yes netsh advfirewall firewall set rule group=\"@FirewallAPI.dll,-34251\" new enable=yes netsh advfirewall firewall add rule name=dpmra dir=in program=\"%PROGRAMFILES%\\Microsoft Data Protection Manager\\DPM\\bin\\DPMRA.exe\" profile=Any action=allow netsh advfirewall firewall add rule name=DPMRA_DCOM_135 dir=in action=allow protocol=TCP localport=135 profile=Any
如果前两个命令导致错误,则需要重新添加一些默认防火墙规则。 将下面的内容复制到.reg文件并运行以将其添加回来。 然后重新启动Windows防火墙服务,再次尝试上面的netsh。 如果他们工作,那么setdpmserver.exe应该工作。
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "RemoteSvcAdmin-In-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\\system32\\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|Edge=FALSE|" "RemoteSvcAdmin-NP-In-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=445|App=System|[email protected],-29507|[email protected],-29510|[email protected],-29502|Edge=FALSE|" "RemoteSvcAdmin-RPCSS-In-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|Edge=FALSE|" "WMI-RPCSS-In-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|Edge=FALSE|" "WMI-WINMGMT-In-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|Edge=FALSE|" "WMI-WINMGMT-Out-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|Edge=FALSE|" "WMI-ASYNC-In-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\\system32\\wbem\\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|Edge=FALSE|"
感谢sonicbum @ social.technet.microsoft.com