Blog Dive: SQL Protection with DPM

Background for this post

Since version 2006 DPM has been able to protect SQL databases. Often in environments that are using DPM I still see they are using DPM for backup of all workloads but not using it for SQL backups. There are reasons for this such as a lack of understand of how DPM protects SQL or lack of trust in DPM to protect SQL. The goal of this blog post is to lay out why you would want to use DPM to backup SQL, what SQL versions and functionality (such as AlwaysOn) are supported, what happens under the hood when DPM protects SQL and that you can use DPM as your sole solution for protecting SQL. This is an effort to convince those that don’t use DPM for SQL Backups today to start using it or those that don’t trust DPM for SQL backups that it is a great option to consider. This blog post is targeted directly at DBA’s or DPM admins that need to give information about SQL protection to their DBA’s.

One major challenge I had when I set out to write this blog post is that I am not a DBA or a SQL expert. So I don’t have any SQL “street cred” so I needed to fully understand what a SQL DBA would require to ok DPM being the sole backup solution for SQL in an organization.

I have the fortunate opportunity to work with an awesome SQL MVP named Jes Borland at Concurrency. As a part of my research for this blog post I reached out to Jes Borland to have a discussion around SQL protection. One of the important questions I asked her was “What things do you look for in a SQL backup solution?“. Her response was “What I look for in a backup tool: the ability to do all types of SQL Server backups – full, differential, log, copy-only. Ability to take advantage of built-in backup compression.” as well as “As a DBA, my main question is, “How do I restore?“. This was perfect as they are key things I should look out for to make sure DPM can do.

Now that we covered the background let’s look at what DPM can do when it comes to SQL protection.

Why would you want to use DPM to backup SQL?

  • DPM understands SQL and was designed to protect the advanced configurations of SQL.
  • DPM can protect SQL up to every 15 minutes.
  • Reduce potential conflicts between backup tools and schedules of SQL protection.
  • DPM can protect SQL at the instance level or the database level. When protection at the instance level is turned on DPM will detect new databases on that instance and automatically add them to protection.
  • DPM is an affordable option for protecting SQL. It is a good fit for small SQL shops and can scale for large enterprise SQL shops.
  • DPM has self-service recovery of SQL databases using the Self-Service Recovery Tool (SSRT) that can be extended to DBA’s.

What SQL versions and functionality does DPM support?


  • 2005
  • 2008
  • 2008 R2
  • 2012
  • 2014


SQL Clustering

When protecting a SQL cluster DPM is cluster aware. DPM is aware of the clusters identity as well as the nodes in the cluster. In a SQL clustering scenario if the SQL Server is changed to a different node, DPM will continue to protect the clustered SQL without any intervention from backup administrators.

SQL Mirroring

If the SQL you are protecting is mirrored DPM is aware of the mirrored databases and will protect the shared data set properly.

SQL Log shipping

In scenarios when SQL log shipping is being used DPM will automatically discover that log shipping is being used and DPM will auto-configure itself to co-exist ensuring proper SQL protection.

SQL AlwaysOn

When protecting SQL AlwaysON DPM will automatically detect Availability Groups and detects when a failover occurs and will continue protection of the database.

What happens under the hood with SQL protection in DPM?


When SQL protection is first setup an express full copy of the database is created and this is the initial backup of the database. Express full backups bring over block level changes of the databases themselves. This would be the entire database on the very first backup.

Express full backups leverage a filter technology. This filter technology is what identifies changed blocks instead of needing to read all of the data or use checksums. This filter technology is known as volume shadow services (VSS). Specifically the SQL Server VSS Writer is used during SQL protection. This does two things: DPM backup of SQL will not impact databases and it will only backup changed blocks after the initial backup of the database reducing the storage footprint. Backing up the block level changes also has a significantly lower impact of the protected server during backup.

After the initial backup of the SQL database DPM will perform subsequent express full backups and synchronizations between the express full backups. Synchronizations copy over SQL Transaction logs. A recovery is possible from both an express full and synchronization backups. DPM does truncate the SQL transaction logs as a part of the backup process.

DPM can be set to protect SQL databases as often as every 15 minutes so that you can have frequent protection of SQL throughout a day. As a part of the DPM SQL protection recovery points are created for each incremental synchronization and express full backup. DPM can maintain up to 512 shadow copies of a full SQL Server database(s) by storing only the differences at the block level. In a scenario where you have one express full backup per week, stored as one of 512 shadow copy differentials between one week and the next, plus 7 days x 24 hours x 4 (every fifteen minutes), DPM would have over 344,000 recovery points (what you restore from) of SQL.

The following screenshot is an example of SQL protection in DPM. The top half in red shows an example of auto protection of SQL at the instance level while the lower half in blue is an example of individual database protection.



A good friend of mine System Center MVP Robert Hedblom always says “backup is about the restore”. I subscribe to the same principle in that “restore should always be the focus of any backup solution”. In a disaster recovery situation DPM can be used to restore from a loss of the database down to within 15 minutes of the failure. DPM can recover the database to original instance, a separate instance to a folder, or even copy to a tape. You can see those options reflected in the following screenshot:


When recovering to original SQL instance or a alternate SQL instance you can specify what state you want to leave the database in. Restoring the database in a non-operational state will allow you the ability to restore transaction logs in addition to the database restore.


You also have the option to specify where you want to place the database files (.MDF) and log files (.LDF) during the restore.


The DPM Self-Service Recovery Tool (SSRT) can be deployed on the client computers of the DBA/s. When recovering a database using the SSRT the experience is much like it is when recovering directly from DPM. When the New Recovery Job button is clicked a Recovery Wizard window will open with the same options as recovering directly from DPM. A screenshot of the SSRT shown below displays the UI with a restore job that has completed.


Details of a recovery job in the SSRT are shown in the following screenshot.


Hopefully this article has shed some light on SQL protection with DPM and will help you consider using DPM to protect your SQL instances/databases. For further information on SQL protection with DPM visit the following links on TechNet:

Read More

Service Manager SCCM Remote Control Management Pack

Configuration Manager has a Remote Control tool. This tool is often used by service desks to conduct remote support sessions with end users. More information about this tool can be found here:

A common ask in any Service Manager deployment is to use this tool within Service Manager from Incidents. For some time there have been many blogs out there with the steps on how to setup this integration. A quick search on your favorite search engine will bring back many results. The steps to set this up are relatively easy to do however they can be prone to errors.

I recently collaborated with fellow System Center expert Sam Erskine ( to package this in a management pack as an effort to reduce the steps needed to set this up. I use it myself on Service Manager projects and it saves me time. I can import a management pack on a new SCSM deployment and then it is ready to be used. If you are using User Affinity in SCCM and the SCCM connector in Service Manager users primary device will automatically be assigned. This relationship flows over to Service Manager through the SCCM connector. When you click on the SCCM Remote Control Task it will attempt to connect to the primary device. Here is what it looks like:


Download the solution here:

Read More

Agent Pending Management Ghost

One of my clients recently had an issue with SCOM 2012 R2 latest UR. They were trying to install the SCOM agent on a server. It did not work through the console they would receive the following warning:

One or more computer you are trying to manage are already in the process of being managed. Please resolve these issues via the Pending Management view in Administration, prior to attempting to manage them again.”


The server was not displaying under SCOM Console>>Administration>>Pending Management. They installed the SCOM agent manually but it still did not show in SCOM Console>>Administration>>Pending Management. I jumped into PowerShell and ran the following:

Get-SCOMPendingManagement | ft AgentName,AgentPendingActionType



NOTE: You can also run this query “select * from agentpendingaction” against the OperationsManager database to see a list of agents in a pending state.

I ran

Get-SCOMPendingManagement | where {$_.AgentName -Like “”} | Deny-SCOMPendingManagement

It gave this error:


I then ran:

Get-SCOMPendingManagement | where {$_.AgentPendingActionType -eq “ManualApproval”} | Deny-SCOMPendingManagement

This gave the same error. I then ran Get-SCOMPendingManagement | where {$_.AgentName -Like “”} and this worked fine. So PowerShell was not helping me here except for showing me some servers are in the pending state even though they do not show in the console.

To resolve this issue I was able to fix this by removing the stuck agents in SQL. To do this I ran the following stored procedure (blog on this here) against the OperationsManager database:

exec p_AgentPendingActionDeleteByAgentName ‘’

After that I ran

Get-SCOMPendingManagement | ft AgentName,AgentPendingActionType in PowerShell again and the server was no longer listed.

I then went back to SCOM Console>>Administration>>Pending Management and now the server shows as pending. I clicked Approve and the SCOM agent was fine after that.


Read More

Update: SCSM Discovery Report v1.3

I have made some more updates to the SCSM Discovery Report script. It is now version 1.3. The updates include:

First: Updated the SCSM Version Checker code to version 2. Microsoft MVP Steve Beaumont worked with Samuel Erskine to optimize the PowerShell in the SCSM version checker. This optimization is now a part of the SCSM Discovery Report script. This also detects up to UR7 now.


Second: Fixed Service Manager Management Group Name section not displaying the name.


Third: Updated the Display Data Warehouse Information section to use UR7’s Get-SCDWInfraLocation CMDlet.


The script can be downloaded here:

Read More

System Center 2012 R2 UR7 Highlights

Its been a while since I have posted a new blog. I have been busy working on multiple System Center projects and other behind the scene activities. Today update rollup 7 for System Center 2012 R2 was released and this is definitely worth a post. This UR includes DPM, SCSM, SPF, VMM, , SCORCH, Azure Pack, but not Operations Manager. UR7 for Operations Manager will be coming within a few weeks. More info here.  It is interesting that SCOM is not in this UR and we actually see SCORCH included. Here are some highlights from UR7:

For Orchestrator The Monitor SNMP Trap activity has an issue fixed and there is a fix for Stop Job and Stop Runbook. The SCORCH UR also includes some fixes for SMA.

For Service Manager we see a bunch of fixes. Some fixes I want to call out are MPSync Data Warehouse job stop responding and the Get-SCDWInfraLocations cmdlet introduced in update rollup 5 have been fixed. Great work from the Service Manager team. Keep it up.

Beyond just fixes we see new features in two of the System Center components VMM and DPM. As always its exciting to see new features added via UR’s.

In VMM we see support for Windows 10, the ability to provision and customize Debian 8 Linux as a Guest Operating System, support for VMWare vCenter 5.5, the ability to have Multiple External IP Addresses per Virtual Network, the ability to re-associate orphaned virtual machines to their service or VM role, and support for VMM DHCP Extension PXE/TFP Forwarding. There also is a ton of great fixes for issues in VMM. This is great work from the team and should make VMM more stable.

In DPM we see support for Windows 10 client protection, and a really cool feature being the ability to use alternate DPM servers to recover backups from Azure Backup vault. These means if you sent your backup data to Azure from one DPM server and it croaks you can connect a different DPM server to your Azure Backup subscription and recover data from Azure! I have a feeling we will continue to see greater collaboration between on premise backup/DR (DPM) and cloud backup/DR Azure Backup in the future.

To access update rollup 7 visit this link:

Read More

Script: Export Unsealed Service Manager Management Packs

Customizations to Service Manager are stored in unsealed management packs. These should be backed up. These can be exported from Service Manager and stored in a safe location. The process to export unsealed management packs from the Service Manager console is manual and each have to be exported one by one. A better way to do this is to use a script to export all un-sealed management packs.

There are several scripts out there that can do this but most are for older versions of SCSM. I have recently updated one of these scripts. It was created by Microsoft MVP and one of the top Service Manager experts Anders Asp. Here is his blog with the original script:

I have updated the script to work with the latest SCSM PowerShell CMDlets and have tested it with SCSM 2012 R2 UR7.

The script is named: ExportUnsealedSCSMMPs.ps1

You can download the script locally on a Management Server

Edit the script and change “C:\Unsealed SCSM MPs\” to a directory on your server. Be sure to leave the “\” at the end.

Run the script from an elevated PowerShell window on a Management Server by typing


You should see the following output:


The unsealed MP’s will be loaded in a folder with the current date as seen in the following screenshot:


Note: Old folders will need to be manually cleaned up. You can also schedule this using Task Scheduler.

This script can be downloaded here:

Read More

SCRIPT: Schedule Maintenance Mode SCOM 2012 R2

I know scheduled maintenance mode functionality is coming to SCOM 2016 as shown here. However I have clients that are still on SCOM 2012 R2 that need to schedule maintenance mode in SCOM right now. There are options out there for this already the best solution is a tool called SCOM 2012 Maintenance Mode Scheduler . It has a small fee but is well worth it. Sometimes I have clients that would prefer to run a script vs. pay the fee for a tool especially when this is coming to SCOM 2016.

There are a bunch of scripts out there for this but most are old and or don’t work. I have been using my own script to do this for a while. I recently updated it and have decided to share it. I run this script from Windows task scheduler. It could also just as easily be scheduled to run from Orchestrator, SMA or Azure Automation. I will put the download link at the end of this blog post. This script will put a SCOM group in maintenance mode. It also sets the duration in minutes but can easily be changed to hours.

Here is the PowerShell script:

Read More

4th time System Center MVP

This morning I received an email from Microsoft that I am awarded System Center Cloud and Datacenter Management MVP for the 4th year. Here is the email I received:


The System Center Cloud and Datacenter Management MVP’s are a great lively bunch of folks. It is an honor to still be a part of this group. I have made many friends at Microsoft, with other MVP’s and in the community during my time as an MVP. I look forward to making many more!

I am also looking forward to another year of fun MVP activities. A huge thanks goes out to everyone in the community and Microsoft.

Congrats to all the other new and renewed MVP’s! I hope to keep adding value to the System Center community!

MVP Profile:

Read More

Operations Management Suite in SCSM Console

Today I was playing around with Service Manager and decided to add a view for Operations Management Suite in the Service Manager Console. I have placed it in a management pack for use in other Service Manager environments. I have uploaded the management pack to TechNet Gallery. Once you load the management pack an Operations Management Suite folder will show up within Work Items.


NOTE: The first time you open Operations Management Suite inside of Service Manager you will see compatibility mode warning just click on continue.


Here are some screenshots:




Download the management pack here:

Read More

Cant change SCOM agents Primary Management SVR in SCOM Console


When in SCOM you go to change the primary management server on a SCOM agent but you cannot. It is grayed out.


More details about this issue referenced on the following links:

I built a quick script to help with this. It can be used in any SCOM environment. Details are as follows:




This script can be used to move agents from one management server or gateway server to another.

There is a common issue “Cannot change SCOM agents Primary Management via the GUI (SCOM Console)”. This script can be used to help with this issue.

This script should be run in an administrative PowerShell console on a SCOM management server. You can run this script using: powershell.exe -executionpolicy unrestricted -command .\MoveAgentSCOMMgmtServer.ps1

How to run:

Step 1: Copy the MoveAgentSCOMMgmtServer.ps1 script to a SCOM management server.

Step 2: Open an elevated PowerShell and navigate to the script. For example: CD “C:\SCOM Scripts”

Step 3: Run powershell.exe -executionpolicy unrestricted -command .\MoveAgentSCOMMgmtServer.ps1

You will be prompted to enter the name of the management server you want the SCOM Agents set to. You need to enter in the servers full FQDN. This can be a management server or a gateway server.


Step 4: A window will pop up with a list of your SCOM Agents. Select the SCOM Agents you want to change the primary management server for. Click the OK button.


Step 5: Once the SCOM Agents are set you should see a similar output.


Download from TechNet Gallery:

Read More