You dont have javascript enabled! Please enable it! How To Deploy DPM 2016 Using VMM 2016 On WS2016? #SCDPM #SCVMM #SysCtr #HyperV #WS2016 - CHARBEL NEMNOM - MVP | MCT | CCSP | CISM - Cloud & CyberSecurity

How To Deploy DPM 2016 Using VMM 2016 on WS2016? #SCDPM #SCVMM #SysCtr #HyperV #WS2016

9 Min. Read

Updated 09/02/2017: Announcing backups of SQL Server 2016 and SharePoint 2016 with DPM 2016 Update Rollup 2. DPMDB can also be hosted on SQL Server 2016.


We continue our series on automating System Center Data Protection Manager 2016 deployment.

In earlier blog post, we covered how to install DPM 2016 on Windows Server 2016 and SQL Server 2016, this was a manual process.

In a second blog post, we covered how to automate the Installation of DPM 2016 on Windows Server 2016. However, the later is still a bit a manual process where you want to login and run couple of scripts, and wait for the installation to complete. This option is great if you don’t have System Center Virtual Machine Manager deployed in your environment, or if you don’t have license for Client Management Suite (System Center). But since you want to install DPM 2016, then VMM is already included in your license if you bought it before January 1st, 2017. Because starting from January 1st, 2017 the licensing for the System Center Components has been changed and the Client Management Suite is no longer exist. Microsoft switched the licensing of the System Center Products from Suite to licensing all products on their own. So from now on you have to purchase Client Management Licenses for the specific product you want to use.

In the remainder of this blog post, I will show you how to automate the deployment of DPM 2016 using VMM 2016 on top of Windows Server 2016 with just a single click “Deploy”.



Before we start creating the service deployment in VMM, we should have the following components already in-place:

Here’s a step-by-step process you can implement to build your own DPM 2016 service template in VMM 2016.

Step 1. Prepare the requirements

We start first by creating the VHDX image for Windows Server 2016 by running the following command using Convert-WindowsImage command-line tool (see Figure 1).

# Load Convert Windows Image (aka "dot-source) the Function
 . .\Convert-WindowsImage.ps1 

# Prepare all the variables in advance
$ConvertWindowsImageParam = @{
SourcePath          = "C:\NanoServer\WindowsServer2016.ISO"
RemoteDesktopEnable = $True
Passthru            = $True
Feature             = @(
WorkingDirectory    = "D:\Temp\"
SizeBytes           = 50GB
VHDFormat           = "VHDX"
VHDPartitionStyle   = "GPT"
Edition    = @(
Package = @(
# Produce the image
$VHDx = Convert-WindowsImage @ConvertWindowsImageParam


Figure 1. Creating Windows Server 2016 VHDX image with Hyper-V Role.

There is a parameter we added to the above command called “Feature”, then we specified “Microsoft-Hyper-V“, and “Microsoft-Hyper-V-Management-PowerShell” features which are very important and required by DPM Server.  DPM server installation will install those features for you if you did not include them as part of your image, but rest assure that the service deployment in VMM will fail, because SCVMM MUST be in control of the VM reboot, and by having DPM to add the Hyper-V role for you, the VM will reboot twice because of Hyper-V, thus the deployment will fail badly. For this reason, we added the Hyper-V role as part of the image.

The second requirement is to prepare a SQL Server ConfigurationFile.ini. For more information about SQL 2014 Configuration file and unattended installation go to Install SQL Server 2014 Using a Configuration File and Install SQL Server 2014 from the Command Prompt.

The third requirement is to prepare dpmsetup.ini file. Please refer to my earlier post for more details on how to create a DPM setup file for unattended installation.

The fourth requirement is to create a blank VHDX file, then mount it, initialize it, and copy SQL Server 2014 including SCDPM 2016 bits, and finally dismount the disk. This virtual hard disk must be copied under VHDs folder in the VMM library. We will attach it to the DPM VM template in Step 2 that follow. You can run the following command on a machine with a Hyper-V role that will automate the whole process for you.

# Define variables
 $vhdpath = "D:\SCVMMLibrary\VHDs\DPMDB-2016_E.vhdx"
 $vhdsize = 50GB
 $SCDPMpath = "D:\SCDPM2016"
 $SQLpath = "D:\SQL2014"

New-VHD -Path $vhdpath -Dynamic -SizeBytes $vhdsize | Mount-VHD -Passthru | Initialize-Disk -Passthru | New-Partition -DriveLetter E -UseMaximumSize | Format-Volume -FileSystem NTFS -AllocationUnitSize 64KB -Confirm:$false -Force

Copy-Item -Path $SCDPMpath -Destination E:\ -Recurse
Copy-Item -Path $SQLpath -Destination E:\ -Recurse

Dismount-VHD –Path $vhdpath

The fifth requirement is to add the following PowerShell commands as part of the DPM VM preparation script.

param (

# Exit Codes
 $ErrorCode_Success = 3011

# Set General Firewall
 Set-NetFirewallRule -DisplayName 'File and Printer Sharing (Echo Request - ICMPv4-In)' -Profile Domain -Enabled True -Direction Inbound -Action Allow
 Set-NetFirewallRule -DisplayName 'File and Printer Sharing (Echo Request - ICMPv6-In)' -Profile Domain -Enabled True -Direction Inbound -Action Allow
 Set-NetFirewallRule -DisplayName 'File and Printer Sharing (SMB-In)' -Profile Domain -Enabled True -Direction Inbound -Action Allow
 Set-NetFirewallRule -DisplayName 'Remote Desktop - User Mode (TCP-In)' -Profile Domain -Enabled True -Direction Inbound -Action Allow
 Set-NetFirewallRule -DisplayName 'Remote Desktop - User Mode (UDP-In)' -Profile Domain -Enabled True -Direction Inbound -Action Allow

# Set DPM Firewall
 New-NetFirewallRule -DisplayName “SCDPM-TCP” -Direction Inbound –Protocol TCP -Profile Domain –LocalPort 135,5718,5719,6075,88,389,139,445 -Action allow
 New-NetFirewallRule -DisplayName “SCDPM-UDP” -Direction Inbound –Protocol UDP -Profile Domain –LocalPort 53,88,389,137,138 -Action allow
 New-NetFirewallRule -DisplayName “Remote SQL Server-TCP” -Direction Inbound –Protocol TCP -Profile Domain –LocalPort 80,1433 -Action allow
 New-NetFirewallRule -DisplayName “Remote SQL Server-UDP” -Direction Inbound –Protocol TCP -Profile Domain –LocalPort 1434 -Action allow

# Set DPM Service Account as local admin
 Add-LocalGroupMember -Group Administrators -Member $DPMServiceAccount 

# Add Data Disk
 Get-Disk | ?{$_.OperationalStatus -eq 'Offline'} | Set-Disk -IsOffline $false
 Get-Disk | ?{$_.IsReadOnly -eq 'True'} | Set-Disk -IsReadOnly $false
 New-Item -Path "E:" -Name "Program Files" -ItemType "directory"
 New-Item -Path "E:" -Name "Program Files (x86)" -ItemType "directory"

# Disable Server Manager
 Get-ScheduledTask -TaskName ServerManager | Disable-ScheduledTask

# Enable NetAdapter vRss
 Enable-NetAdapterRss -Name *
 Sleep 5

# Install .NET Framework 3.5
 Dism.exe /Online /Enable-Feature /FeatureName:NetFx3 /All

# Exit 3011
Exit $ErrorCode_Success

What above script will do is the following:

  • Set the required Firewall Rules including DPM and SQL server required TCP/UDP ports.
  • Add the DPM Service Account as Administrator.
  • Add the Data Disk that holds DPM and SQL bits as E drive.
  • Disable Server Manager.
  • Enable Virtual Receive-side scaling (vRSS) to spread incoming network traffic across multiple logical processors (LPs) of the VM for better backup performance.
  • Install Microsoft .NET Framework 3.5.
  • The Exit code will be used by VMM to reboot the VM.

The last requirement is to create a VMM Custom Resource under ApplicationFrameworks in VMM library (i.e. and paste the following files in it (see Figure 2).


Figure 2. VMM Custom Resource File

The remaining file “DPM-PrepVM.cmd” is in fact calling the PowerShell script “DPM-PrepVM.ps1”, more on this in Step 3 that follow.

Step 2. Build a VM template

The second step is perhaps the easiest, because you’ve likely done it before. Create a VM template in VMM. This is one of the most fundamental activities in VMM, and is documented in the TechNet Library article here: “How to Create a Virtual Machine Template in VMM”.

There’s obviously a bit of art in the science of creating this VM template. You’ll be using it to rapidly deploy DPM servers in the steps that follow. That means your template must be ready for automatic deployment.

This VM template becomes the starting point for all the DPM VMs you’ll provision to your service. Make sure you configure the template’s hardware profile and guest OS profile to match whatever configuration any DPM server should have when it’s deployed later.

In our example, we have created DPM 2016 VM Template to match our environment, we have attached the OS disk image including the second disk that we prepared in Step 1 earlier. (see Figure 3).


Figure 3. DPM VM Template Properties.

Step 3. Create DPM service template

The VM template created in Step 2 is ready and is the basis for your VMM service template.

Right-click Service Templates in the VMM 2016 Library view to create a new service template. Give the template a name and select the “Blank” pattern. This creates an empty workspace for creating your DPM service template (see Figure 4).


Figure 4. VMM New Service Template.

In the Service Template Designer, click the “Add Machine Tier” button. This launches the Create Machine Tier Template Wizard (see Figure 5). Select the option to “Customize a copy of an existing VM template” and click the Browse button to specify the VM template you created in Step 2.


Figure 5. The wizard for Creating a Machine Tier Template.

Name this tier “DPM Single Machine Tier” in the wizard’s Additional Properties page. Leave that page’s other settings unchanged. Select a hardware profile in the wizard’s Configure Hardware page and then a guest OS profile in the Configure Operating System page.

Pause for a minute on the Configure Operating System page and make sure the Operating System, Identity Information, and  others settings are correct (see Figure 6). In this example, we don’t need to select any role or feature. We will take care of all the prerequisites  in the wizard’s Configure Applications page. Click Next.


Figure 6. The wizard Configure Operating System Tier Template.

Here’s where we need to pause a second time. Remember that DPM installation is a special case and this normally happens in the DPM Server GUI, but can also happen via a set of commands. These commands can be actual VBScript, Windows PowerShell scripts, or batch scripts executed on the VM, or individual commands executed in a Deployment Order.

We will create the DPM deployment in the wizard’s Configure Applications page using a series of Pre-Install / Post-Install scripts.

In this example, you’ll need four separate Pre-Install scripts and two Post-Install scripts (see Figure 7).


Figure 7. The wizard Application Configuration Tier Template.

The first Pre-Install script sets the executable program to cmd.exe, follow by a command called “DPM-PrepVM.cmd” (see Figure 8). The command sets the Windows PowerShell execution policy to bypass and launch the script discussed in Step 1 to prepare the VM for DPM deployment. We also added a variable called ‘@DPMServiceAccount@’ (surrounded by the ‘@’ symbol). You’ll be prompted for the ‘@DPMServiceAccount@’ value in the deployment configuration in Step 4 that follow.


Figure 8. The command to launch DPM Prep VM script.

The second Pre-Install script  sets the executable program to PowerShell.exe, follow by a PowerShell command to install SQL Server 2014. Here is a question you might ask, why we don’t leverage SQL Server Profiles in VMM to install SQL Server instead of Application Configuration – It’s up to you. I prefer the Application Configuration script over SQL Server Profiles, because it save me an additional step, since you must use a separate virtual hard disk that contains a prepared instance of SQL Server (generalized by using the Sysprep tool), so instead of heaving multiple virtual hard disks in VMM library for specific deployment, I can use one Windows Server 2016 generalized image and then customize it according to my requirements.

The third Pre-Install script sets the executable program to cmd.exe, follow by copying dpmsetup.ini file into the VM to prepare DPM deployment.

The fourth and last Pre-Install script sets the executable program to cmd.exe, follow by installing DPM server 2016 inside the guest OS.

Finally, the Post-Install scripts (one and two) sets the executable program to PowerShell.exe, and delete SQL Server and DPM media from the guest to save disk space.

The following list outlines the Pre-Install / Post-Install specifics you’ll need to build this yourself. These commands must be run in this particular order and with the following settings for DPM to successfully deploy:

    • Pre-Install 1:

Executable Program: cmd.exe
Parameters: /q /c DPM-PrepVM.cmd ‘@DPMServiceAccount@’

Script resource package:

    • Pre-Install 2:

Executable Program: %WINDIR%\System32\WindowsPowerShell\v1.0\PowerShell.exe
Parameters: -Command Start-Process -FilePath “E:\SQL2014\setup.exe” -ArgumentList /ConfigurationFile=.\ConfigurationFile.ini –Wait

Script resource package:

    • Pre-Install 3:

Executable Program: cmd.exe
Parameters: /q /c xcopy dpmsetup.ini c:\

Script resource package:

    • Pre-Install 4:

Executable Program: cmd.exe
Parameters: /q /c start /wait E:\SCDPM2016\setup.exe /i /f \DPMSetup.ini /l \dpmlog.txt

    • Post-Install 1:

Executable Program: %WINDIR%\System32\WindowsPowerShell\v1.0\PowerShell.exe
Parameters: -command Remove-Item -Path E:\SQL2014 -Recurse -Force -Confirm:$false

    • Post-Install 2:

Executable Program: %WINDIR%\System32\WindowsPowerShell\v1.0\PowerShell.exe
Parameters: -command Remove-Item -Path E:\SCDPM2016 -Recurse -Force -Confirm:$false

You’ll also want to include a few extra settings in each script. First, configure each Pre-Install / Post-Install script with a VMM Run As account with Domain Administrator privileges and a second VMM Run as account for DPM service. You’ll need this account to install DPM Server in the guest “Pre-Install 4”. Increase each script’s timeout setting to 900 seconds. Finally, click the Advanced button on the first script and check the Restart policy box, “Restart the computer or virtual machine if the specific exit code is returned” (see Figure 9).


Figure 9. The wizard Application Configuration – Advanced Script.

If you recall in the PowerShell script described in Step 1, we added exit code “3011”, when this code is returned to VMM. This would ensure the reboot occurs without generating an error.

Click through to complete the wizard. You’ve now constructed a single-server DPM service template that you can use to test a deployment.

Step 4. Deploy DPM Service Template

Your DPM service template should now look like the template in Figure 10.


Figure 10. DPM Service Template – Single Machine Tier.

Note the value for “DPMServiceAccount” that require specification under the Settings tab prior to deploying this service (see Figure 11). Click the designer’s Refresh Preview button to see placement results, and then click the Deploy Service button to begin deploying this service to your Cloud, Hyper-V host group or Cluster.


Figure 11. Designer View – Deploy Service Template.

Deploying the DPM service template tier can take a while—as long as 20-35 minutes on some hardware. Once it’s deployed, test your work by navigating to the VMM 2016 VMs and Services view to inspect the service you just created (see Figure 12).


Figure 12. This is how your deployed DPM service should look.

You can also view the job in the VMM 2016 Jobs view to inspect the service you just deployed (see Figure 13).


Figure 13. This is how your deployed DPM job should look.

Finally, login to DPM server and launch DPM console and make sure it’s working as expected (see Figure 14).


Figure 14. DPM Server Console – Successful Deployment.


You need to run Windows Update and install Update Rollup 1 for System Center 2016 DPM KB3190600. This update is very important in order to start using Modern DPM Storage (MDS) and Resilient Change Tracking (RCT) based Hyper-V VM backups.

As you can see there’s plenty of up-front work here, but the payback in investing the time and eliminate repetitive tasks to silently deploy these configurations, is the ability to rapidly deploy the DPM service whenever you want especially if you have to deploy several DPM instances. You can now delete and recreate this service with just a couple clicks in the VMM interface. You can also easily update the service. Just make changes to the VM template and then redeploy the service. You’ve never had it so easy in deploying DPM server with just a single click.

Please note that Update Rollup 2 for System Center 2016 Data Protection Manager will be released in February 2017. Stay Tuned!

Hope this post was helpful and if you have any question feel free to comment below.

Thanks for reading!


Photo of author
About the Author:
Charbel Nemnom
Charbel Nemnom is a Senior Cloud Architect with 21+ years of IT experience. As a Swiss Certified Information Security Manager (ISM), CCSP, CISM, Microsoft MVP, and MCT, he excels in optimizing mission-critical enterprise systems. His extensive practical knowledge spans complex system design, network architecture, business continuity, and cloud security, establishing him as an authoritative and trustworthy expert in the field. Charbel frequently writes about Cloud, Cybersecurity, and IT Certifications.

How To Deploy Domain Joined Nano Server VM Using SCVMM 2016 UR2? #NanoServer #VMM #SysCtr #SCVMM

Configuring Constrained Delegation with Kerberos in Windows Server Hyper-V with PowerShell #HyperV


5 thoughts on “How To Deploy DPM 2016 Using VMM 2016 on WS2016? #SCDPM #SCVMM #SysCtr #HyperV #WS2016”

Leave a comment...

  1. Hello Charbel,
    Thanks as usual for all your contributions.
    Do you know if we can add a Hyper-V 2016 host to SCVMM 2012 R2?
    I upgraded one of my hosts as a test for the rolling update to 2016 (Clean install)but I don’t seem to be able to add it to my SCVMM R2.

    Thank you

  2. I did install Rollup 12 instead of 11 and the hotfix, but still couldn’t add a 2016 host cleanly (agent install fine on host but VMM shows the host with an endless hour glass and nothing can be done with it, the only way to remove it is by power shell command.
    Has this been tested successfully, if so maybe I am doing something wrong. BTW, I did try with 2 different hosts

  3. Hello Joseph,

    Please note that you cannot manage Windows Server 2016 Hyper-V hosts with VMM 2012 R2 UR12.
    However, you can only deploy Server 2016 Guest OS only. VMM never been up-level host management (you can manage same level or below).
    This is the accurate statement.


Let us know what you think, or ask a question...