What’s New in System Center 2019 Data Protection Manager #SCDPM

11 Min. Read

Updated – 10/08/2020 – Check what’s New In System Center 2019 Data Protection Manager Update Rollup 2.

Updated – 04/02/2020 – Check what’s New In System Center 2019 Data Protection Manager Update Rollup 1.

Updated – 08/04/2019 – Microsoft officially is supporting backing up Windows Server 2012 and Windows Server 2012 R2 with DPM 2019.


Microsoft announced the release of System Center 2019 under the Long-Term Servicing Channel (LTSC). LTSC provides 5 years of standard and 5 years of extended support. Subsequent to the release of System Center 2019, the suite will continue to accrue value through the Update Rollup releases every six months over the mainstream support window of 5 years. Microsoft has dropped Semi-Annual Channel (SAC) releases, but new features before the next Long-Term Servicing Channel (LTSC) release will be delivered through Update Rollups. You can read about the announcement on Windows Server Blog. You can download the media from the Volume Licensing Service Center (VLSC), or you can download the evaluation bits from the following link.

There are a lot of improvements and new features were introduced in this release.

In System Center 2019 Data Protection Manager, Microsoft added several new features. In the previous blog post, we showed you how to install System Center 2019 Data Protection Manager on top of Windows Server 2019 and SQL Server 2017. In this article, we will dive into the new features and improvements.

Click on the title below to forward in the article:

VMware backup to Tape

In System Center 2019 Data Protection Manager, Microsoft added tape support for VMware backup for long-term data retention on-premises. DPM 2019 supports both Original Location Recovery (OLR) and Alternate Location Recovery (ALR) for restoring the protected VM. DPM 2019 also supports Item-Level Recovery (ILR) for individual files and folders of Window Server VMs running on top of VMware. You can use either a physical tape library or a virtual tape library.

For more information about how to use Virtual Tape Library (VTL) with DPM, please check the following whitepaper.

Newer workloads backup support

With System Center 2019 Data Protection Manager, you can backup new versions of different workloads:

  • Hyper-V VMs running on top of Windows Server 2019.
  • Windows Server 2019.
  • SharePoint 2019.
  • Exchange 2019.
  • System Center 2019 Virtual Machine Manager.
  • VMware vSphere V6.7. VMware enabled TLS as a communication protocol starting with version 6.7 onward. If you want to backup VMware 6.7 with DPM 2019, please follow the steps below.

Backup VMware 6.7

In order for DPM 2019 to backup VMWare 6.7, there are 2 external registry entries that need to be set and this also depends on the OS where the DPM server is running.

If you are running DPM 2019 on Windows Server 2016, then you need to Enable .NET to let the OS choose the SSL/TLS protocol, and you need to Enable TLS 1.2. However, if you are running DPM 2019 on Windows Server 2019, then you only need to Enable .NET because Windows Server 2019 has TLS 1.2 enabled by default.

Enable .NET (Windows Server 2016/Windows Server 2019)

The following PowerShell script will enable .NET in the registry to let the OS choose the SSL/TLS protocol.

# The following registry keys should be created on the DPM server to backup VMware 6.7
# Windows Server 2016 / Windows Server 2019
$NetRegistryPath = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727"
New-ItemProperty -Path $NetRegistryPath -Name "SystemDefaultTlsVersions" -Value "1" -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $NetRegistryPath -Name "SchUseStrongCrypto" -Value "1" -PropertyType DWORD -Force | Out-Null

$NetRegistryPath = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319"
New-ItemProperty -Path $NetRegistryPath -Name "SystemDefaultTlsVersions" -Value "1" -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $NetRegistryPath -Name "SchUseStrongCrypto" -Value "1" -PropertyType DWORD -Force | Out-Null

$NetRegistryPath = "HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727"
New-ItemProperty -Path $NetRegistryPath -Name "SystemDefaultTlsVersions" -Value "1" -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $NetRegistryPath -Name "SchUseStrongCrypto" -Value "1" -PropertyType DWORD -Force | Out-Null

$NetRegistryPath = "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319"
New-ItemProperty -Path $NetRegistryPath -Name "SystemDefaultTlsVersions" -Value "1" -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $NetRegistryPath -Name "SchUseStrongCrypto" -Value "1" -PropertyType DWORD -Force | Out-Null

Enable TLS 1.2 (Windows Server 2016)

The following PowerShell script will enable TLS 1.2 in the registry for Windows Server 2016.


//     Copyright (c) {https://charbelnemnom.com}. All rights reserved.


File Name : Enable-TLS1.2.ps1
Author    : Charbel Nemnom
Version   : 2.0
Date      : 01-March-2019
Requires  : PowerShell Version 5.0 or above
OS        : Windows Server 2016

To provide feedback or for further assistance please visit: https://charbelnemnom.com

Param (
$Protocol           = "TLS 1.2",
$ProtocolSubKeyList = @("Client", "Server"),
$DisabledByDefault = "DisabledByDefault",
$Enabled = "Enabled",
$registryPath = "HKLM:\\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\"

foreach($key in $ProtocolSubKeyList)
    $currentRegPath = $registryPath + $Protocol + "\" + $key
    Write-Verbose "Registry Path $currentRegPath"
        if(!(Test-Path $currentRegPath))
            Write-Verbose "Creating the registry..."
            New-Item -Path $currentRegPath -Force | out-Null            
Write-Verbose "Enable Protocol $Protocol for the $Key"
New-ItemProperty -Path $currentRegPath -Name $DisabledByDefault -Value "0" -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $currentRegPath -Name $Enabled -Value "1" -PropertyType DWORD -Force | Out-Null

Faster Backup using SSD Tiered Storage

Starting with DPM 2016, Microsoft introduced a major new feature called Modern Backup Storage (MBS) that allows you to backup dynamic data sources with ease, achieve faster backups, and reduce storage consumption. This is achieved by leveraging ReFS Block Cloning technology introduced in Windows Server 2016 and so DPM 2016, DPM 2019 (LTSC) including DPM 1801, and DPM 1807 (SAC) should be running on Windows Server 2016 or Windows Server 2019 to leverage Modern Backup Storage (MBS).

Moving forward, Microsoft recommends using a small percentage of SSD storage (~2% to 5%) as a minimum for tiered volume in combination with DPM HDD storage to improve ReFS cloning performance, thus resulting in better backup with Modern Backup Storage. The same recommendation applies to DPM 2016 and DPM 2019.

To create a Tiered storage volume using Storage Spaces, please follow the steps below assuming you already have some HDDs and SSDs in your system. In this example, I have (2 * 100GB SSDs) and (4 * 300GB HDDs).

First, we need to create a Storage Pool by running the following PowerShell command. Please note that it’s very important to specify the default logical sector size as 4K (4096) when creating the Storage Pool because to maintain compatibility with older server applications, Storage Spaces uses 512-byte sectors for virtual disks, this will affect the backup performance since DPM leverages ReFS with 4K sectors. In other words, the 4K sectors size should be across all your physical disks, logical disks, and virtual disks.

# Variables
$Pool1 = "DPM-Pool-01"
$vd1   = "DPM-TieredVolume-01"

New-StoragePool –FriendlyName $Pool1 –StorageSubsystemFriendlyName "Windows Storage*" -PhysicalDisks (Get-PhysicalDisk -CanPool $True) -LogicalSectorSizeDefault 4096  

Get-StoragePool $Pool1 | Get-PhysicalDisk | Where {$_.MediaType -eq "Unspecified" -and $_.Size -eq "100GB"}  | Set-PhysicalDisk -MediaType SSD
Get-StoragePool $Pool1 | Get-PhysicalDisk | Where {$_.MediaType -eq "Unspecified" -and $_.Size -eq "300GB"}  | Set-PhysicalDisk -MediaType HDD
Get-StoragePool $Pool1 | Get-PhysicalDisk | Sort Size | FT FriendlyName, Size, MediaType, HealthStatus, OperationalStatus -AutoSize

Here is the output in Server Manager:

What's New in System Center 2019 Data Protection Manager #SCDPM 1

Next, we need to create a simple tier virtual disk and volume, then we need to disable the write-back cache. Storage Spaces by design maintains write-back to cache the hot data (by default it’s 1GB), but since these are external cache it results in huge I/O amplification.  For example, for every ReFS write, it would go first to Storage Spaces write-back cache followed by actual location so it results in writing the same data twice to the underlying storage. Therefore, it’s recommended to disable the write-back cache and set it to 0.

# Create Two Tiers Fast (SSD) and Standard (HDD)
$FastTier     = New-StorageTier -FriendlyName Fast     -MediaType SSD -StoragePoolFriendlyName $Pool1 -ResiliencySettingName Simple  
$StandardTier = New-StorageTier -FriendlyName Standard -MediaType HDD -StoragePoolFriendlyName $Pool1 -ResiliencySettingName Simple

# Create Simple Tiered Storage Space virtual disk (volume)
# The size of the SSD Tier should be a minimum of 5% of the total size of HDD Tier
# For example, If the total requirement for the backup storage is 1TB, then 974GB on HDD and 50GB on SSD
# Disable Write-Back cache for ReFS
New-Volume -StoragePoolFriendlyName $Pool1 -FriendlyName $vd1 -StorageTierFriendlyNames $FastTier.FriendlyName, $StandardTier.FriendlyName `
-StorageTierSizes 50GB, 974GB -FileSystem ReFS -AccessPath "F:" -ProvisioningType Fixed -ResiliencySettingName Simple -NumberOfColumns 1 -WriteCacheSize 0

Then, we need to disable write auto-tiering at the file system (volume) level by running the fsutil command. This command will disable write auto-tiering and make sure that ReFS metadata remains always on the faster (SSD) tier and won’t move to the standard (HDD) tier, thus will ensure consistent backup performance. On the other hand, when write auto-tiering is enabled, ReFS won’t differentiate between actual data and metadata and would work on normal caching heuristics.

Now, if you have SSD storage with more than 10% of the total HDD tier, then I would recommend keeping write auto-tiering enabled. As otherwise, it would result in a waste of storage. Please note that write auto-tiering can be dynamically enabled or disabled at any given time by using the following command (1 = Disable, 0 = Enable).

# Disable Write Auto Tiering at file system (volume) level
$DriveLetter = (Get-Volume | Where-Object {$_.FileSystemLabel -eq $vd1} | Select-Object DriveLetter).DriveLetter
fsutil behavior set disableWriteAutoTiering "$($DriveLetter):" 1

Finally, we need to add the volume to DPM by running the following command:

# Add the volume to DPM
$volumes = Get-DPMDiskStorage -Volumes -All | Where-Object {$_.Tag -eq "NotOwnedByDPM"}
Add-DPMDiskStorage -Volumes $volumes
Update-DPMDiskStorage -Volume $volumes -DatasourceType All -FriendlyName $vd1

Here is the output in DPM Administrator Console:

What's New in System Center 2019 Data Protection Manager #SCDPM 2

If you need to add additional Backup Storage to DPM in the future, you can simply add additional HDDs to your system, and then leverage the remaining capacity from the SSDs as ReFS tiered volume.

VMware parallel backups

With earlier versions of DPM, VMware parallel backups were performed only across protection groups. With DPM 2019, VMware delta replication jobs run in parallel which leads to faster VM backups.

By default jobs to run in parallel are set to 8, you can modify the number using the registry key as below. Please note that the key is not present by default, you need to add it.

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\Configuration\MaxParallelIncrementalJobs

What's New in System Center 2019 Data Protection Manager #SCDPM 3

If you set the value to 1, this will run the replication jobs serially. However, when increasing the number to a higher value, VMware performance needs to be taken into consideration. Considering the number of resources in use and additional usage required on the VMware vSphere server should be the criteria for determining the number of delta replication jobs to run in parallel.

Monitoring DPM in Azure

Monitoring is crucial when you are protecting a large amount of data. Starting with DPM 2019 and Azure Backup Server Version 3, you can leverage the Log Analytics monitoring solution provided by Azure Backup to monitor both on-premises and cloud backups. You can start monitoring daily backups and restore them for all protected workloads. With this solution, you can even monitor log backups for your SQL Databases whether they are running within Azure IaaS VMs or being run locally on-premises and being protected by DPM 2019 or MABS V3 server.

All you need is an active Azure subscription. With a subscription, you can sign in to the Azure Portal and create a storage account for reports, then turn on diagnostics, and finally add the Log Analytics workspace to monitor your backups. The good news is, you do not need to set up a reporting server, a database, or any other infrastructure since everything is completely managed by the Azure Backup service.

To monitor your DPM server in Azure, please follow the steps below assuming your DPM server is already registered and connected to Microsoft Azure.

Log in to the Azure Portal, and on the left-hand side choose All services. Then scroll down to Recovery Services Vault, and then select a vault you used to register the DPM server.

From the list of items that appears under the vault, select Diagnostic Settings under the Monitoring section. Click on Turn on diagnostics to collect the following data.

What's New in System Center 2019 Data Protection Manager #SCDPM 4

In the Diagnostic settings blade, give a valid name, then select Send to Log Analytics, select the relevant log analytics workspace or create a new one, select the relevant log, AzureBackupReport, and click Save.

Note: Please choose the same Log Analytics workspace for all the Recovery Services vaults to get a centralized view in the workspace. After configuration, please allow 24 hours for initial data push to complete.

What's New in System Center 2019 Data Protection Manager #SCDPM 5

Finally, you need to deploy the solution template from the following location: https://azure.microsoft.com/resources/templates/101-backup-oms-monitoring/

You need to deploy the monitoring solution template to the workspace that you configured above. Make sure you give the same Resource group, Workspace name, and Workspace location to properly identify the workspace and then install this template on it as shown in the next screenshot, and then click Purchase.

What's New in System Center 2019 Data Protection Manager #SCDPM 6

Once deployed, you can go to the relevant Log Analytics workspace > General > Workspace summary or you can select Azure Monitor > Insights > More and then select the relevant Log Analytics workspace. If you click on the Azure Backup Monitoring Solution tile, it will take you to the solution dashboard which provides you with all the backup information as shown below:

What's New in System Center 2019 Data Protection Manager #SCDPM 7

Please make sure to select the desired time range for monitoring by choosing the proper start and end dates.

What's New in System Center 2019 Data Protection Manager #SCDPM 8

Last but not least, you can also create custom alerts to monitor the DPM and MABS servers and send you a notification when something goes wrong. This solution is key for any organization to keep an eye on their backups and ensure that all actions are taken for successful backups and restoration. For more information on how to create custom alerts, please check the following article.

DPM disaster recovery: Backup DPM DB

A disaster can occur at any time. You can rebuild your DPM server with the same database as long as you are backing up the DPM database to Azure Backup or to a secondary location. Starting with DPM 2019, Microsoft enhanced the disaster recovery for DPM, you can now backup the DPM DB to local disks, and in case of a disaster, you can rebuild the functionality of your DPM server by using a recent backup of the database from the local disk.

This only works in case your DPM server crashes or becomes non-operational, and you still have your storage pool intact containing your backups. In this scenario, you can build a new DPM 2019 server and reconfigure it with the same DPM DB.

To back up and recover your DPM database, please follow the steps below:

First, you need to create a protection group and protect the DPM database using short-term protection on disks.

What's New in System Center 2019 Data Protection Manager #SCDPM 9

After the initial replica of the DPM database is completed, open SQL Server Management Studio (SSMS) and run the following SQL script:

select AG.NetbiosName, DS.DatasourceName, V.AccessPath, LR.PhysicalReplicaId from
tbl_IM_DataSource DS
join tbl_PRM_LogicalReplica as LR
on DS.DataSourceId = LR.DataSourceId join tbl_AM_Server as AG
on DS.ServerId=AG.ServerId
join tbl_PRM_ReplicaVolume RV
on RV.ReplicaId = LR.PhysicalReplicaId join tbl_STM_Volume V
on RV.StorageId = V.StorageId
where datasourcename like N'%dpmdb%' and ds.ProtectedGroupId is not null and LR.Validity in (1,2)
and AG.ServerName like N'%DPM2019%' -- Put the Netbios name of your server hosting DPMDB

Please note down the AccessPath and PhysicalReplicaId from the SQL script output below, because you need to use them in the recovery step later.

In this example, the Access Path is F:\ and the Physical Replica Id is 2238503E-325F-4719-ADCC-0281FBB0158F.

What's New in System Center 2019 Data Protection Manager #SCDPM 10

Next, you need to download the PsExec tool from Microsoft, and then open an administrative command prompt and run the following command to start a PowerShell window in SYSTEM context:

.\PsExec.exe -i -s -accepteula -nobanner PowerShell.exe

To restore the DPM database from the last backup, run the following PowerShell script (make sure to replace AccessPath and PhysicalReplicaId with appropriate values).

# Function dismount virtual disk
Function Dismount-DPMDisk {
Get-Volume -Drive $DriveLetter | Get-Partition | Remove-PartitionAccessPath -accesspath "$DriveLetter`:\"
Dismount-VHD -Path $replicaPath       

# Variables
$ReFSDPMPath = 'F:\' # Replace AccessPath
$PhysicalReplicaId = '2238503E-325F-4719-ADCC-0281FBB0158F' # Replace PhysicalReplicaId
$DriveLetter = 'X'

$ds = Get-ChildItem -Path $ReFSDPMPath -Directory
$replicaPath = $ReFSDPMPath + $ds.Name + "\" + $PhysicalReplicaId + "\" + $PhysicalReplicaId + "\disk0.vhdx"
Write-Verbose "Mount VHD $replicaPath" -Verbose
Mount-VHD -Path $replicaPath -PassThru | Get-Disk | Get-Partition | Set-Partition -NewDriveLetter $DriveLetter
$temp = Get-ChildItem -File -Path "$DriveLetter`:\" -Recurse -Filter "*DPMDB*"
If($temp.count -gt 0) {
  Write-Verbose ("Found DPM DB files in replica: {0}, files found: {1} " -f $replicaPath, ($temp.FullName -join ", ")) -Verbose
  $Path = Read-Host "`n Specify the folder where DPM DB will be exported"
  # Create the folder if doesn't exist
  Try {
       Resolve-Path -Path $Path -ErrorAction Stop | Out-Null
  Catch {
        Try {
             New-Item -Path $Path -ItemType Directory -ErrorAction Stop | Out-Null
        Catch {
             Write-Error "Can't create the folder $($Path): $($Error[0].Exception.Message). Exiting."
             Dismount-DPMDisk -DriveLetter $DriveLetter -replicaPath $replicaPath 
Write-Verbose "Copying DPM DB files, $temp to $Path" -Verbose
Copy-Item -Path ($temp.FullName) -Destination $Path -Force
Write-Verbose "Dismount Drive $DriveLetter" -Verbose
Dismount-DPMDisk -DriveLetter $DriveLetter -replicaPath $replicaPath

What's New in System Center 2019 Data Protection Manager #SCDPM 11

After reinstalling a new DPM server, you can use the restored DPM DB and attach it to the DPM server by running dpmsync -restoredb as shown in the example below:

dpmsync -restoredb -dbloc D:\StagingArea\MSDPM2012$DPMDB_DPM2019.mdf -instancename (local) -dpmdbname DPMDB_DPM2019

Once dpmsync -restoredb command is completed, you need to run dpmsync -sync command to synchronize DPM.

Please note that the same recovery steps described above applies to System Center Data Protection Manager (SCDPM 2016 and 2022) with Modern Backup Storage (MBS).

Windows Server 2019 support

As mentioned in my previous article, DPM 2019 can be installed on Windows Server 2019 and Windows Server 2016.

With DPM 2019, you can protect the following workloads:

  • System Center Virtual Machine Manager: 2016 and 2019.
  • Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.
  • SQL Server 2017, SQL Server 2016, and SQL Server 2014.
  • Exchange Server 2016 (latest Service Pack) and Exchange Server 2019.
  • SharePoint 2016 (latest Service Pack) and SharePoint 2019.
  • Windows Server 2016 Hyper-V and Windows Server 2019 Hyper-V.
  • Windows 10 (64-bit) only.
  • Linux running as Hyper-V guest on Windows Server 2016 Hyper-V or Windows Server 2019 Hyper-V.
  • VMware VMs running on VMware vSphere 6.0, 6.5, and 6.7.

SQL Server 2017 as DPM database

As mentioned in my previous article, you can install System Center 2019 Data Protection Manager with SQL Server 2017 as its database. DPM 2019 supports SQL Server 2016 and SQL Server 2017 as its database.

You can install SQL Server 2017 on a remote server, or locally on the DPM server. Please note that SQL Server 2017 must be installed and running before you install DPM 2019. You can either use SQL Server 2017 Standard or Enterprise Edition (64-bit).

Learn more

Do you want to learn more about System Center Data Protection Manager and how to create a hybrid-cloud backup solution? Make sure to check my recently published book: Microsoft System Center Data Protection Manager Cookbook.

With this book (over 450 pages) on your side, you will master the world of backup with System Center Data Protection Manager and Microsoft Azure Backup Server deployment and management by learning tips, tricks, and best practices, especially when it comes to advanced-level tasks.

Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Related Posts


Install System Center 2019 Virtual Machine Manager on Windows Server 2019 and SQL Server 2017

What’s New in System Center 2019 Virtual Machine Manager #VMM #SCVMM


2 thoughts on “What’s New in System Center 2019 Data Protection Manager #SCDPM”

Leave a comment...

  1. Thanks for the excellent article. What self-service restore options are available for a DPM 2019 on Windows Server 2019 environment where End User Recovery (EUR) is no longer supported? It is my understanding that creating DPM storage pools at this version level requires MBS (which does not support EUR.)

  2. Hello Dan, thanks for the comment!
    Unfortunately, file server end-user recovery (EUR) is not supported when using modern backup storage (MBS) and the reason is that EUR is volume shadow copy (VSS) based and MBS uses ReFs clones for recovery points and not VSS snapshots. This limitation is documented officially here.
    UR will support Client machine Files & Folders that are protected by DPM 2019 using the MBS feature. If you are protecting desktop clients using DPM client protection, then end-users will be able to recover previous versions from DPM recovery points.
    We hope that Microsoft will support EUR for File Shares protection in the upcoming DPM release.

Let me know what you think, or ask a question...

The content of this website is copyrighted from being plagiarized!

You can copy from the 'Code Blocks' in 'Black' by selecting the Code.

Please send your feedback to the author using this form for any 'Code' you like.

Thank you for visiting!