Should you be deploying any DPM agents out to your on domain machines that have the local firewall and active, use the below to allow exceptions into that local firewall to ensure your box can speak back to DPM and install the agent. Remember that any XP/2K3 boxes will need a restart afterwards.
“netsh advfirewall firewall add rule name=”Allow DPM Remote Agent Push” dir=in action=allow service=any enable=yes profile=any remoteip=<InsertDPMserverIP>”
This was discovered by one of my colleagues Helen Staddon.
I hope this helps!