I know that there are already a couple of articles covering this issue – but since I ran into trouble with exactly this configuration issue I realized that these articles do not cover everything. For example the problems you can run into.

To keep the steps to be taken as simple as possible I explain it regarding a Sharepoint farm with one server called “SHAREPOINT1” and a DPM server called “DPM1”. The database server is sharepoint2010_test_db but we will not need this one while configuring backup.
Even in larger farms the steps to be taken will remain the same, because you will need to configure just one web frontend server.

First we need to deploy the Data Protection Manager 2010 agent. Just do it like you always did before:

  1. Open the DPM 2010 Administrator Console
  2. Switch to the management tab
  3. On the Agents panel hit “Install…”
  4. In the “Protection Agent Installation Wizard” choose “Install agents”
  5. Add your Sharepoint web frontend server
  6. Hit Next and enter you credentials
  7. Click Next and choose to not automatically restart the server
  8. On the last page click Install

When the installation is complete log on to your Sharepoint 2010 server and open an elevated command prompt. Now you need a domain account that has the farm administrator right and local administrator right on the server. I used the database access / farm administrator account used when deploying the farm: normanbauer.com\sp2010_test_fa. Of course you will also need its password!

Now type the following in the elevated command prompt (line by line; you may need to change the directory):

[code lang=”shell”]
cd "%programfiles%\Microsoft Data Protection Manager\DPM\bin"
ConfigureSharepoint.exe -EnableSharePointProtection
ConfigureSharepoint.exe -EnableSPSearchProtection

For each of the ConfigureSharepoint commands you’ll need the account mentioned before. If the account you are using is not a member of the local administrators group on the server you will get an error message like this: “The specified Username and Password combination is Invalid.”

If everything worked correctly both commands will return “Operation completed successfully.” :

The account used for those two commands will be used as the run as credentials of a DPM developed DCOM object called WssCmdletWrapper:

Now you can configure the Sharepoint 2010 protection group in DPM. Again, go to the DPM 2010 Administrator Console and open the “Protection” panel. Create a new or modify an existing protection group. Add the server by choosing the database child item below the Sharepoint node of your server.

After completing the wizard DPM will start to synchronize all data. After that, you can review the progress in the Monitoring > Jobs panel, your databases can be restored using the Recovery panel. Simply navigate to your server > All Protected SharePoint Data > your database name. In the Recoverable Items list you can see your AdminContent DB, Config DB and any other Application databases you created before.

The problem now is, that you cannot navigate your application databases down to single items. DPM needs to create a catalog containing all urls of your Sharepoint sites first. This operation can take up to 24 hours but you can force DPM to do so immediately using PowerShell.

Open the DPM Management Shell from start menu and enter the following commands (please modify them to meet your servers names):

[code lang=”ps”]
$dpmserver = "DPM1"
$sharepointserver = "SHAREPOINT1"
$pg = Get-ProtectionGroup $dpmserver
$ds = $pg | Get-Datasource
$sp = $ds | Where-Object {"$_.computer" -like "*" + $sharepointserver + "*" -and $_.type -like "*SharePoint*"}
$sp | Start-CreateCatalog

or as a one-liner:

[code lang=”ps”]
Get-ProtectionGroup DPM1 | Get-Datasource | Where-Object {"$_.computer" -like "*SHAREPOINT1*" -and $_.type -like "*SharePoint*"} | Start-CreateCatalog

Now you should be able to navigate down to every single item of your farm:

If this is still not possible your account used to enable Sharepoint protection may not have sufficient rights. I had the problem when I first used a separate backup account that did not have a certain permission – I still do not know which one. I am currently using the farm administrator account, which is not a perfect solution but it works.

There is only one problem I found using that account: You cannot let Sharepoint change its password automatically from the managed accounts. Doing so would result in backup not working properly because the DCOM object mentioned before would need to be configured to use always the current password, which is not possible (as far as I know).