When attempting to protect a SQL Server AlwaysOn Availability Group (AG) using System Center 2012 Data Protection Manager (DPM), the job fails with the following error:
The DPM job failed for SQL Server 2012 database <DBname> on <serverName> because the SQL Server instance refused a connection to the protection agent. (ID 30172 Details: Internal error code: 0x80990F75)
In SQL, AlwaysOn is configured as follows:
Availability Mode: Synchronous Commit
Failover Mode: Automatic
Connections in Primary Role: Allow all connections
Readable Secondary: No
Priority: 50 (for each node)
Exclude Replica: False (for each node)
In general: Prefer Secondary – Backups should occur on a secondary replica except when the primary replica is the only replica online. If there are multiple secondary replicas available then the node with the highest backup priority will be selected for backup. In the case that only primary replica is available then backup should occur on the primary replica.
This occurs due to incorrect SQL AlwaysOn settings for DPM backups where Make Readable Secondary is set to No.
Set Make Readable Secondary to Yes on all the nodes.
If setting Make Readable Secondary to Yes on all the nodes does not resolve the issue, verify on the SQL server that the DPMRA service is running under the Local System account AND that the NT Authority\System has the sysadmin selected for the server role in SQL studio.
a.) On the SQL side the DPMRA service should run under Local system. You can verify this via services in computer management.
b.) Connect to the SQL 2012 instance with the help of SQL2012 Management Studio > select and expand Security > select and expand Logins > right click on the NT AUTHORITY\SYSTEM and select Properties > click on Serverroles > check the sysadmin checkbox > click OK
after this, In certain cases it may also be necessary to reinstall the DPM Agent on the SQL server OR manually run the SetDPMServer command on the SQL server specifying the DPM server.
For the most current version of this article please see the following:
J.C. Hornbeck | Knowledge Engineer | Management and Security Division
App-V Team blog: http://blogs.technet.com/appv/
ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/
DPM Team blog: http://blogs.technet.com/dpm/
MED-V Team blog: http://blogs.technet.com/medv/
Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
Operations Manager Team blog: http://blogs.technet.com/momteam/
SCVMM Team blog: http://blogs.technet.com/scvmm
Server App-V Team blog: http://blogs.technet.com/b/serverappv
Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center Essentials Team blog: http://blogs.technet.com/b/systemcenteressentials
WSUS Support Team blog: http://blogs.technet.com/sus/
The Forefront Server Protection blog: http://blogs.technet.com/b/fss/
The Forefront Endpoint Security blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/