DPM failed to communicate with the protection agent

Here is the problem on DPM one of the agents for a protected server stops communicating with DPM.  You see the error “DPM failed to communicate with the protection agent on protectedservername.domainname.com because access is denied. (ID 42 Details: Access is denied (0x80070005))”

In my scenario the protected server was in a non-trusted domain. I checked a couple of things as a part of the troubleshooting process. Here is what I checked:


  1. Made sure DPM can ping the protected server and the protected server can ping the DPM server.
  2. Checked firewalls on both DPM server and protected server to make sure nothing changed here.
  3. Checked the network for high latency and saturation.  (Link to tutorial on checking latency: Tutorial)
  4. Checked to make sure the user account being used by DPM was in the following security groups on the protected server:

Distributed COM Users

  1. Checked DPM services on the DPM server to make sure they are configured to run using the Local System account.

None of the items I checked was the issue. The last thing to check was the account used by the DPM agent as the protected server is in a non-trusted domain. That turned out to be the issue. The account being used by the DPM agent needed to be re-sync’d. Here are the steps I took to do this.




On Protected Server:

  • Open elevated command prompt
  • Navigate to: C:\Program Files\Microsoft Data Protection Manager\DPM\bin
  • Run:

SetDpmServer.exe –dpmServerName DPMSERVERNAME.DOMAINNAME.com -isNonDomainServer -userName dpmaccount

PASSWORD: ************


On DPM server:

  • Open DPM PowerShell.  You will be here: PS C:\Program Files\Microsoft DPM\DPM\bin\
  • Run:


  • You will be prompted for the following:





After doing this the agent will be able to communicate again.

Print Friendly, PDF & Email

Leave a Comment