leedesmond’s blog

The following error may appear if you restore a virtual hard disk (VHD) and attempt to attach it to a new guest virtual machine (or child partition) in Hyper-V R2:

[Window Title]
New Virtual Machine Wizard

[Main Instruction]
The server encountered an error while configuring hard disk on virtualMachineName.

[Content]
Failed to add device ‘Microsoft Virtual Hard Disk’.

User Account does not have permission to open attachment.

Cannot get information for attachment ‘C:\ClusterStorage\Volume1\virtualMachineName\virtualMachineName_disk_1.vhd’

Account does not have permission to open attachment.

[Expanded Information]
‘virtualMachineName’ failed to add device ‘Microsoft Virtual Hard Disk’. (Virtual machine ID  - - - - )

‘virtualMachineName’: User account does not have permission required to open attachment ‘C:\ClusterStorage\Volume1\virtualMachineName\virtualMachineName_disk_1.vhd’. Error: ‘General access denied error’ (0×80070005). (Virtual machine ID  - - - - )

‘virtualMachineName’: Cannot get information for attachment ‘C:\ClusterStorage\Volume1\virtualMachineName\virtualMachineName_disk_1.vhd’. (Virtual machine ID  - - - - )

‘virtualMachineName:  account does not have permission required to open attachment ‘C:\ClusterStorage\Volume1\virtualMachineName\virtualMachineName_disk_1.vhd’. Error: ‘General access denied error’ (0×80070005). (Virtual machine ID  - - - - )

[^] Hide details  [Close]

This error is caused by the file level NTFS permissions that were restored together with the VHD. The resolution is simple: navigate to the folder containing the affected VHDs, call out the VHD’s properties, go to the Security tab and change permissions to inherit from the parent folder.

Technorati tags: Hyper-V, Windows Server 2008 R2

No Comments »

Throughout DPM 2010 , there are many clickable links* that you can activate to understand the cause of a message or error condition. Unfortunately, almost all of them still end up redirecting you to land at a TechNet web site indicating the infamous “Page Not Found” error. When this will be fixed for a RTM product is still a big question though.

With Windows Server 2008 and above, the same kind of information is logged with corresponding Event ID, Source, OpCode, etc. under Diagnostics / Event Viewer / Applications and Services / DPM Alerts. Nevertheless, the provided link “Event Log Online Help” simply prompts you to approve the question “Event Viewer will send the following information across the internet. Is this OK?”. In the end, the result will not be any more reassuring: “Fehler- und Ereignismeldungszentrum”. You can always consult the %ProgramFiles%\Microsoft DPM\DPM\Temp\MSDPMCurr.errlog but the logged contents are more relevant for the support or product team to aid troubleshooting in tricky situations.

The entire experience makes searching for resources to mitigate the situation very tedious and time consuming. Unless you have Premier Support contract in place, you will be standing in line waiting for Microsoft Support to provide technical assistance. There may now be a sign of quick relieve with the release of the “Data Protection Manager 2010 Troubleshooting Guide“. Over 200 pages long, it documents a known list of protection/recovery issues of various system and application workloads as well as troubleshooting DPM issues plus listing common Event ID, the possible causes and recommended resolution.

Although not as convenient as the in-line product help, it would be helpful to deliver this guide** as separate Help download file for local consumption. Not all security policies enable Internet access especially from a server role as critical as backup and restore.

* “More information” link
** or for that matter any real documentation

Technorati tags: System Center, Data Protection Manager

No Comments »

To have the ability to recover individual files and folders in a guest virtual machine hosted on Hyper-V RTM / R2, the protection group must specify Disk as the backup media (short term).

The DPM agent only needs to be installed on the physical Hyper-V host. It is not a prerequisite to setup the DPM Agent in each and every VM. Doing so, however, enables the administrator to define separate and complementary backup schedules with added flexibility in recovery, both at the VM (as seen from Hyper-V) and application (child partition’s viewpoint) levels.

Additionally, the Hyper-V server role must be installed on the DPM 2010 Server. This requires Windows Server 2008 RTM / R2, which in any case is the only supported x64 operating system for DPM 2010. It is not sufficient to just install the Hyper-V Manager.

Technorati tags: System Center, Data Protection Manager, Windows Server 2008 R2

No Comments »

If you deploy SCVMM to manage your virtual infrastructure, navigating to DPM / Protection Group and expanding the <clusterName> on the “Select Group Members” page will present you with the opportunity to pick from a list of virtual machines prefixed with <SCVMM> for backup.

Assuming that you have a clustered VM resource named Exchange, it will read “SCVMM Exchange Resources” below “<clusterName> (Cluster)”. Drill down to “HyperV” and put a check against “Backup Using Child Partition Snapshot\Exchange”. Complete the remaining steps to finalize your backup requirements (backup media, goals, schedule, etc.).

For the reverse procedure (data restore), click on the Recovery tab and move to the Browse tab. On the left hand pane, expand “Recoverable data” and choose the node representing the Active Directory domain name. Instead of the <clusterName> name, you will find “SCVMM Exchange Resources (<clusterNameFQDN>)” along with other protected servers and resources (SQL, SharePoint, etc.).

In order to recover the entire VM - virtual hard disks (vhd), Virtual Machines folders, XML/bin/vsv files, etc. - it is imperative to first select “All Protected HyperV Data” in the tree view (Protected Data) on the left hand side. Be aware that these files do not show up as individual items for selection.

On the list pane to the right, highlight “Backup Using Child Partition Snapshot\Exchange” and locate the desired recovery point, date, time and backup media using the calendar. Click on Recover where you have a choice on the “Recovery Type” page to perform restore using one of the options:

Recover to original instance
Recover as virtual machine to any host
Copy to a network folder
Copy to tape

For restoration of just the associated vhd files of the VM, double click “Backup Using Child Partition Snapshot\Exchange”. You can only pick a single vhd for recovery one at a time. The recovery target in this case is limited to “Copy to a network folder”. Should you attempt to replace the vhds using this approach, VMM may fail to start the VM and complain with the error:

Error (12711)
VMM cannot complete the WMI operation on server <clusterNodeNameFQDN> because of error: [MSCluster_Resource.Name=”SCVMM Exchange”] The group or resource is not in the correct state to perform the requested operation.

(The group or resource is not in the correct state to perform the requested operation (0×139F))

To learn more about a cluster and its nodes under DPM, simply hover and pause the mouse over the entity to see the corresponding tool tip:

<clusterName> consists of multiple servers, which may have unclustered resources. Unclustered resources are listed separately under server names. Since this list is sorted alphabetically, server names may appear somewhere else in this tree view.

<clusterNodeName> is part of a cluster. Unclustered resources on this server are listed here. Clustered resources belonging to the same cluster are listed under cluster name separately. Since this list is sorted alphabetically, cluster name may appear somewhere else in this tree view.

Environment
Hyper-V R2 in a 2-node Fail-over Cluster with Cluster Shared Volume, CSV*
System Center Virtual Machine Manager 2008 R2, v2.0.4273.0
Data Protection Manager 2010 RTM*

*  Windows Server 2008 R2

See also:
Restore of hyper-v VM’s on DPM 2010 in Data Protection Manager

Technorati tags: System Center, Data Protection Manager, Virtual Machine Manager, Windows Server 2008 R2

No Comments »

The DPM team has made it relatively easy to upgrade DPM 2010 Release Candidate, RC* and DPM agent on protected machines to the RTM (or Evaluation) version. After you have determined and completed the upgrade process of the main DPM application with the help of the System Center Data Protection Manager 2010 Upgrade Advisor, start the DPM Administrative Console and navigate to the Management tab. A machine reboot is not needed unless prompted whether upgrading the DPM application suite or PA.

Under “Protected computers with protection agent” next to each protected entity, you will find that the columns “Agent Status” and “Agent Updates” will show “Needs updating” and “Update Available”. Simply click on the link to start the process; no Wizard walk-through will be shown.

If you find that after an update for a protection agent has been triggered, it may appear stuck at “Upgrading: 5%” for an undetermined period of time. Some may reach 99% and still fail to complete the upgrade. You may eventually succeed after several tries, although this is not always the case as evidenced from different posts in the Microsoft DPM newsgroup and forum.

The “Refresh Information” context-sensitive menu option is not available and restarting the DPM Administrative Console is one way to refresh the agent status. Except in the event log, no additional information will be shown in the DPM console. An entry from the source DPM-EM registers a warning with Event ID 370 on the DPM server as follows:

Agent operation failed. (ID: 370)
The agent operation failed because of a communication error with the DPM Agent Coordinator service on <fqdn_protected_machine>. (ID: 319)

On the protected computer, a similar error may be logged:

Der Dienst “DPM AC Service” wurde mit folgendem dienstspezifischem Fehler beendet: 2157513244 (0×80990A1C).

Manually starting the DPM AC Service and DPMRA services on the protected machine will not help. The former service exists in transient only for the purpose of installing or upgrading the DPM Protection Agent.

For this incident, you can find out exactly what the root cause is by running DPMAgentInstaller_x86.exe <FQDN_DPM_Server> (or x64) on the protected computer. The failure will immediately become apparent:

Installing agent and configure for dpmserver = [domain\DPM_Server]

Installation of a knowledge base article 975759 has failed. This is required for the DPM agent to function correctly.
Install knowledge base article 975759 from http://go.microsoft.com/fwlink/?LinkId=184897, and then try installing the DPM Agent again.
Check log files in [WINDIR]Temp\MSDPM*.LOG
Press Enter key to close the window

DPM 2010 RTM will automatically try to install KB975759 if it is missing. The protection agent upgrade process via the DPM Administrative Console apparently failed because it was unable to download and/or install this pre-requisite from remote. This could be caused by security restrictions imposed on the default browser (Internet Explorer). A machine restart is required after installation of this patch. Subsequently, KB978243 is recommended; no restart is essential here.

As soon as this criteria is fulfiled, clicking on the “Update Available” will enable the DPM agent to be correctly updated to the RTM version. DpmAgentInstaller_x??.exe resides in <drive_letter>\%ProgramFiles%\Microsoft DPM\DPM\ProtectionAgents\RA\<build number>.

* DPM 2010 core application, Administrative Console, DPM Management Shell

Technorati tags: System Center, Data Protection Manager

No Comments »

- System Center Service Manager 2010 Product Documentation (v1.0 link)

- Operations Manager 2007
— SCOM SP1 Management Pack (v6.0.6709.0 link)
— Operations Manager 2007 R2 Sizing Helper (v1.0 link)

Technorati tags: System Center

No Comments »

Currently taking place in beautiful Interlaken, Switzerland, X.DAYS is a 2-day event (17-18 March 2010) that brings together the “Who is Who” in the Swiss ICT industry. Delegates include 3C level executives - CEOs, CIOs, CFOs - and decision and policy makers from KMU, small, medium to large international organizations.

More information and registration can be found at the official web-site.

Interested in the Microsoft System Center family of products? Check out the cool videos here and here (first in 3D TV/three dimension television live _without_ 3D glasses at the event).

Technorati tags: Events

No Comments »

The OCS 2007 R2 Management Pack for System Center Operations Manager 2007 SP1 delivers the capability to monitor event log entries, performance counters and QoE in a stateful manner. Previously, the Quality of Experience (QoE) MP was available separately.

You can run this release of MP (Version 6.0.6907.21) on x64 versions of Windows Server 2003 with SP2 or 2008 with either the Standard or Enterprise Edition of OCS 2007 R2 only. Additionally, System Center Operations Manager 2007 Service Pack 1 is required. RTM versions of SCOM 2007 or Microsoft Operations Manager (MOM) 2005 are not supported.

Download and more information here.

Technorati tags: LCS/OCS, OCS 2007 R2 , System Center

No Comments »

Although “Automatic (recommended)” is the suggested option for Automatic Updates, this little convenience also means that you lose complete control over what kind of Microsoft hotfixes or patches will be downloaded and automatically installed on your Windows-based server and desktop systems.

This is especially true in an unmanaged environment where patch management systems such as WSUS or SMS/SCCM are not deployed to centrally manage or administer the approval of tested patches before widespread rollout. As a result, you may be unnecessary affected by incidents such as the Exchange 2007 SP1 Update Rollup 4 (KB952580) blunder here which is largely beyond your control.

Best practice would be to configure “Notify me but don’t automatically download or install them” for Automatic Updates. Better still, deploy the free WSUS 3.0 SP1 solution with Active Directory Group Policy to regain control of your patch management needs if budget is a constraint.

Technorati tags: WSUS, Security

No Comments »

One popular topic discussed in the just concluded TechNet & MSDN Gulf roadshow revolves around system management. Virtual or physical machine administration, patch management, monitoring, analysis and reporting as well as data protection are just some of the typical tasks performed by IT in any organization regardless of size or complexity.

To that end, check out The System Center Team Blog for authoritative information on this key aspect of infrastructure right from the source.

No Comments »