ALERT: Datto Drive Cloud service will no longer be available as of July 1, 2019. For more information, see our end-of-life article. To learn how to download your Datto Drive Cloud data, please visit this article.

Agent Pairing & Backup Errors with Windows Server 2012

Follow

Issue

When attempting to pair or back up a protected machine running Windows Server 2012, you receive the errors, "Unable to start backup because agent service is stopped, or, "Unable to start backup because agent is unreachable."

Environment

  • Datto SIRIS
  • Datto ALTO
  • Datto Windows Agent
  • StorageCraft ShadowSnap Agent

Cause

DirectAccess settings in the Group Policy are preventing communication between the backup agent and the Datto appliance, which can cause agent pairing and backup failures.

Resolution

  1. Verify that you have created TCP and UDP firewall rules for DirectAccess. The following steps are from Microsoft's Knowledge Base article, Configure DirectAccess in Windows Server Essentials (external link):
    1. On the Start page, open Group Policy Management.
    2. In the Group Policy Management console, click the default forest and domain, right-click DirectAccess Server Settings, and then click Edit.
    3. Click Computer Configuration, click Policies, click Windows Settings, click Security Settings, click Windows Firewall with Advanced Security, click next-level Windows Firewall with Advanced Security, and then click Inbound Rules. Right-click Domain name Server (TCP-In), and then click Properties.
    4. Click the Scope tab, and in the Local IP address list, add the IPv6 address of the IP-HTTPS interface.
    5. Repeat the same procedure for Domain Name Server (UDP-In).

  2. Reserve ports for the WinNat service by running the following PowerShell command:
Set-NetNatTransitionConfiguration –IPv4AddressPortPool @("192.168.1.100, 10000-47000") 

By default, Microsoft recommends defining a port range of 10000-47000, which captures the ports used by the ShadowSnap Agent and the Datto Windows Agent. If you create a custom range, ensure that you reference TCP port 25566 for ShadowSnap and TCP port 25568 for the Datto Windows Agent.

Additional Resources


Was this article helpful?

1 out of 2 found this helpful

You must sign in before voting on this article.

Want to talk about it? Have a feature request?

Head on over to our Community Forum or get live help.