Getting Started with the Datto Windows Agent

Topic

This article describes system requirements for the Datto Windows Agent.

Environment

Datto Windows Agent

Description

Overview
System requirements
Considerations
Versioning
Installation
Additional Resources

Overview

This illustrates a generalized data flow for the Datto Windows Agent solution.

System requirements

OS	Datto Windows Agent 3.0 and above (Current production version) Windows Server 2008 R2 Service Pack 1 and later Includes Windows Small Business Server 2011 See Datto Windows Agent: Server boots into recovery mode after initial install of DWA on Windows 2008 R2 for important update information before installing on a Windows 2008 R2 SP1 system. Windows 7 Service Pack 1 Windows 8 Windows 8.1 Windows 10 Windows 11 Windows Server 2012 Windows Server 2016 Windows Server 2019 Windows Server 2022 Datto Windows Agent 2.1 to 2.8 (Legacy) Windows Server 2008 Service Pack 2 Windows Vista Datto Windows Agent 1.0 and 2.0 (Legacy) Windows XP Service Pack 3 Windows Storage Server 2003 Windows Server 2003 Service Pack 2
Supported disk types	Hardware and software-based RAID implementations are supported. Datto Windows Agent supports drives up to 64 TB, the max size supported by Microsoft's Volume Shadow Copy Service. MBR boot sectors and GPT partition tables. Virtual & physical disks. Basic volumes and disks. Windows dynamic disks. Protected volumes must be Read/Write. You cannot back up Read-Only volumes. The SYSTEM user must have full control of the protected volume.
Disk space requirements	The Datto Windows Agent normally requires each volume selected for backup to have 10% of the volume's total size available for the DattoCtrl or Datto.ctl file except in the following scenarios: For versions 3.0 (current production release) and above of the Datto Windows Agent, 1 GB of free space each protected volume is the minimum required. For version 2.1 of the Datto Windows Agent, if the 10% number is larger than 10 GB, the file's size will be 10 GB, regardless of the total size of the protected volume.The minimum size of the file will be 1GB. For versions 2.0 and below of the Datto Windows Agent, if the volume is large enough that 10 GB is less than 10% of the total disk space, the agent will use the percentage of the volume's size that is closest to and is at least 10 GB. For example, for a 560 GB volume, the COW file size will be 2% of the volume and be about 11.2 GB in size In all sizing scenarios, the agent requires an additional 2 GB of free space for operational overhead. There may be exceptions to the above guidelines. Contact Datto Technical Support if you cannot resolve any free space issues.
CPU and Memory requirements	At least 1 GB of RAM must remain free during normal operations of the production machine for install and backups to run. Datto recommends a minimum of 2 CPU cores for the backup agent, depending on workloads. If the agent is experiencing high CPU usage during backups with fewer than 2 CPUs, the production machine may require additional resources.
Network	Gigabit connections from the Datto appliance to all appropriate network infrastructure. For best results, the Datto appliance should be connected to a gigabit switch whenever possible. The protected machine must have Internet access and be able to reach https://device.dattobackup.com/certApi.php for the initial installation and ongoing operation of the Datto Windows Agent. Outbound connectivity on the protected machine: Port 443 (for Datto Cloud communication) Port 3260 (for iSCSI) Port 3262 (for MercuryFTP) Inbound connectivity on the protected machine: TCP port 25568 (for Datto Windows Agent service) Outbound from the Datto appliance to the Internet: Ports 22, 80, 123, 443 Bypass any local proxy to 8.34.176.9 (webserver.dattobackup.com), on port 443 for correct certificate installation during DWA install. The protected machine must be able to reach http://cacerts.digicert.com and ocsp.digicert.com for certificate authentication All protected machines must be able to resolve dattolocal.net in the local DNS. The Datto Windows Agent uses MercuryFTP as its primary transport method; however, if this method fails, backups are intended to fall back to iSCSI. For an in-depth overview of Datto's networking requirements, see the Unified Backup Networking & Bandwidth Requirements article.
Anti-virus recommendations	Datto recommends making the following exceptions in your anti-virus software to avoid potential issues. For DWA 3.0 or higher, set service level exceptions for the Datto Backup Agent. For DWA versions 2.7x and older set service-level exceptions for the Datto Backup Agent and Datto Provider Set an application-level exception for the Datto Windows agent (DattoBackupAgent.exe). Allowlist the following installation path: %PROGRAMFILES%\Datto\ Allow the following file: %SYSTEMROOT%\system32\Drivers\DattoCbt.sys
Compatibility	The production machine must use a ReFS or NTFS filesystem. For information on the limitations of backing up ReFS volumes, see Backing up ReFS volumes with Datto Windows Agent Acronis True Image and Acronis Disk Director are incompatible with the Datto Windows Agent. Ensure that neither product is present on the protected system before attempting to install the Datto Windows Agent. FAT32 filesystems are currently unsupported. The compatibility of this backup solution with any hypervisor environment or operating system not listed in this article is untested and may yield unreliable results. Backing up external/removable drives is unsupported. See Volume Level Backup Control for more information
Other Requirements	The System PATH variable must have powershell included to allow pairing. See PowerShell isn't recognized as an internal or external command(external link) for more information. Windows PowerShell version 3 or higher must be installed on the protected machine. TLS 1.2 must be enabled on the production machine. More information on this is available under Considerations. Visual C++ runtime must be up-to-date and fully-installed. If Visual C++ 2017 runtime is not up to date or not installed properly, this could prevent an install. If you see errors related to the C++ runtime, reinstall the latest Visual C++ update. Before pairing, you should disable and remove all other backup software from the production machine. Depending on the software, you may need to completely uninstall it for backups to run correctly. When uninstalling other backup software, use a high-level program that eliminates all traces of the incompatible software, including registry keys, DLLs, and stray folders. These components can cause conflicts.

Datto currently supports Core based versions for any applicable Windows operating systems listed above. For more information on how to install these, please see Installing the Datto Windows Agent.

Considerations

Compatibility of this backup solution with any hypervisor environment or operating system not listed in this article is untested and may yield unreliable results. Universal VM Backup may be a viable alternative for backing up virtual machines with operating systems that are not listed as compatible.

Due to their mobile nature, Datto does not endorse or support backing up laptops, tablets or mobile devices. Devices must be inside the LAN, and not on a wireless network, to perform backups promptly. Attempts to back up any of these devices are at your discretion. Due to the range of touchpad drivers, custom drivers, and hardware configurations available for laptops, tablets, mobile devices or all-in-one workstations, restoration support for these platforms is 'best-effort' only.
The Datto Windows Agent can only be used to back up volumes that are recognized by the Windows operating system as logical, stable volumes, Backup of mapped network drives, iSCSI targets not attached as a logical volume, or removable drives is not supported.
The Datto solution can back up multiple types of disk sector schemes. The process writes an image-based backup to a file that is 512 bytes per physical sector. While rare, some software that relies on advanced formats, such as 4K, may have issues with the sector size change. Datto recommends performing regular DR tests to ensure that all required applications function as expected in our virtualized environment.
System compression, also known as "Compact OS", is a Windows feature that allows rarely modified files to be compressed using the XPRESS or LZX compression formats and is NOT supported.
Backup and virtualization of of deduplicated volumes is untested and may produce inconsistent results, particularly with File Restores . Use an alternate restore method where the volume is mounted in Windows to avoid these scenarios. DWA versions prior to 3.0 are more prone to issues due to deduplicated volumes and should be updated.
Backup of User Profile Disks used by the Remote Desktop Service is unsupported. Remote Desktop Service (external link). These volumes should be excluded from backups.
The file restore option is not compatible with Microsoft One Drive. You'll need to mount a volume restore or virtualization to retrieve these files from oneDrive in the event of a disaster recovery.
CB Defense Anti-Virus software (external link), has been found to cause Datto Windows Agent backup failures. If the protected system uses CBDefense, you should set it to bypass the following files:
- c:\windows\system32\vssvc.exe
- c:\windows\system32\swprv.dll
- *\swprv*
If you are protecting any volumes on your machine using an anti-virus software that uses VSS to allow for rollback remediation or snapshotting in the event of a security / encryption breach (like SentinelOne, for example), this will need to disabled in order for the Windows agent to properly backup these volumes.
The Datto Windows Agent Service that runs inside of the Operating System is communicating with the Datto device across port 25568 utilizing TLS 1.1 & TLS 1.2. ( We suggest that you limit your system to utilizing TLS 1.2 only for highest security. )
TLS 1.1 is included in this stack to allow for Legacy Windows operating systems to be backed up with our agent. If you disable TLS 1.1 on your system to force TLS 1.2, you may break additional compatibility with other applications on your system. Make sure you validate all applications that are running on your system before you make that change. You can view a list of legacy systems in the OS section above.
The Transport Service that runs from the protected machine to the Datto device runs across Mercury on port 3262 & utilizes only TLS 1.2.
Storage Server operating systems are not supported at this time, unless explicitly included in the OS section above.

NOTE Please see Troubleshooting Agent Certificate Issues if you are having an installation issue that could be a result of a rejected CA certificate

Versioning

You can download the latest version of the Datto Windows Agent from the Datto Downloads page.

Version numbers for all Datto Windows Agent endpoints protected by your Datto device appear on the appliance's Device Overview page, in the Local Agent Information field, under the Agent Version heading for each listed production machine.

The current production release and is not compatible with Windows Server 2008, but is compatible with Windows Server 2008R2.

Unlike previous DWA versions that used a CoW (copy on Write) file, DWA 3.0 and newer versions use Volume Shadow Storage (VSS) that must be enabled on any protected volumes. While this is normally enabled by default, if it's not, you can use an elevated CMD prompt on each volumes to do so:

To add Shadow Storage

vssadmin add shadowstorage /For=(volume): /On=(volume): /MaxSize=(either pct or Unbounded)

To resize Shadow Storage

vssadmin resize shadowstorage /For=(volume): /On=(volume): /MaxSize=(pct or Unbounded)

For more information on VSS Shadow Storage see Microsoft's documentation (external link).

For the current version of the Datto Windows Agent and information on recent changes, refer to Datto Windows Agent (DWA) Version 3.0 and above: Release notes.

Update notes for all versions

The agent software automatically updates itself when a new version becomes available. If the release includes a driver update, the software will update, but a reboot of the protected machine will be required before the new driver will be installed.
When upgrading from Datto Windows Agent 2.7 to 3.0, incremental backups will continue to run until a reboot (recommended). The first backup after reboot will be a differential merge.
After a Windows update, only the OS volume will perform a differential merge, rather than all protected volumes.
The Datto Windows Agent will attempt to connect with Datto' servers to check for updates on a daily basis. If your protected machine does not have regular internet access, you will need to check for and install updates manually.

Installation

You can download the Datto Windows Agent from the Datto Download Page. Full installation instructions can be found here: Installing the Datto Windows Agent.

When the Datto Windows Agent is installed, it installs the following services on the Windows machine.

Datto Backup Agent Service: This is the primary service for the webserver, backup jobs, logging, and operation.
DattoProvider: (versions 2.7 and older) This is the driver that handles the backup engine and VSS interaction. This service is required to quiesce the operating system and take a block-level backup. Versions 3.0 and newer do not contain this service.

Datto recommends reviewing the Encryption Compatibility With The Datto Solution Knowledge Base article when deploying the agent to encrypted machines.

Datto recommends running the following checks on the system you are protecting before installing the Datto Windows Agent:

chkdsk

Run chkdsk to be sure that all RAIDs and individual disks report back as healthy. Perform necessary disk repairs before deploying any backup agent. Failure to do so may result in backing up corrupted systems and restoration failures.

Disk defragmentation

While Datto can perform backups that are running disk defragmentation, be aware that this rearranges data at a block level, and may result in larger backups.
Run disk defragmentation before you deploy the agent.
VSS-aware disk defragmentation programs may allow for smaller backups but are optional.

Windows updates

Download Windows updates, service packs, and any other Microsoft-provided updates. After installing these updates, reboot the server. When scheduling your deployment, remember that the 2nd Tuesday of every month is Microsoft's 'Patch Tuesday.'

Virus scan

Run a virus scan before you deploy the Datto backup solution to your production machine.

Event Viewer

Check the target's system and application logs to see if there are any VSS or hardware errors.
Resolve any errors before attempting to install the agent.

Previously installed backup software

Before installing the Datto Windows Agent, you should disable and remove all other backup software from the production machine. Depending on the software, you may need to completely uninstall it for backups to run correctly.
When uninstalling other backup software, use a high-level program that eliminates all traces of the incompatible software, including registry keys, DLLs, and stray folders. These components can cause conflicts.

Group Policy

To avoid issues with installing the necessary certificates, ensure that the Windows Group Policy is not set to "Allow only Enterprise Administrators"

See Installing the Datto Windows Agent to learn how to deploy the agent to your production machine.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the ideas forum!
	Provide feedback for the Documentation team.