*************************************************
* Bare-metal recovery Windows 2003 Server (PDC) *
*************************************************
06 Feb 2006
(copyleft) Santa Claus
temp99 [mad dog] gmail [dot] com
I apologize for my bad English. Please correct this.
This plan is tested on a real server in test conditions.
1. General
^^^^^^^^^^
The given plan is applied at restoration of server SERVER1 on same or
other, similar hardware in cases when:
* MS Windows of a server is not loaded, the system section and/or a
folder %SYSTEMROOT% is in full or in part damaged, system database
Active Directory is in full or in part damaged. Thus other means to
restore working of a server do not possible.
* HDD or all equipment of a server has completely failed.
* OS is not loaded even at use of configuration LastKnownGood.
In some cases, see Table 1, it is possible to restore system not
resorting to the plan of full restoration.
Table 1. The Solution of some problems without reinstallation of system.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Problem: After installation or updating of the driver of the device of
OS has ceased to respond to inquiries.
* Solution: Use configuration LastKnownGood for start of a computer.
Forbid use of the changed driver, reload a computer and use mechanism
Driver Rollback.
* Problem: After modification in a configuration of OS the system has
ceased to respond to inquiries or there were serious failures in its job.
* Solution: Use loading configuration LastKnownGood for a cancelling of
the made changes.
* Problem: device works incorrectly after installation or updatings of
its driver.
* Solution: Use mechanism Driver Rollback for restoration of the
previous version of the driver.
* Problem: Corrupt master boot record.
* Solution: Recovery Console (type command: fixmbr)
* Problem: Corrupt boot sector.
* Solution: Recovery Console (fixboot).
* Problem: Corrupt or missing boot.ini
* Solution: Recovery Console (bootcfg /rebuild)
* Problem: Corrupt system file.
* Solution: Recovery Console (chkdsk). Restore from ASR backup. Perform
a Repair install.
* Problem: Corrupt registry
* Solution: Recovery Console (chkdsk). Restore system state from backup.
Perform a Repair install.
* Problem: Blue screen. Or Hung system.
* Solution: Last known good. Safe mode (roll back suspect driver using
Device Manager).
* Problem: One or more services failed to start.
* Solution: Reboot and select last known good, log on, undo the last
configuration steps you performed. Safe mode (undo last configuration
steps you performed)
2.Restrictions.
^^^^^^^^^^^^^^^
By means of the given procedure it is impossible to spend restoration of
the removed computer. Restoration can be made only locally and only by
the user with the rights Administrator.
The plan is developed in view of that:
* In a network there are no other controllers of the domain and servers
of global catalogue Active Directory except for SERVER1.
* On server SERVER1 enciphering files and folders by means of Encrypted
File System (EFS) is not applied.
* At reserve copying the files blocked by any applications can not be
processed.
3.Procedure of Backup
^^^^^^^^^^^^^^^^^^^^^
Full Backup make under the following scheme:
ClientRunBeforeJob starts c: \bacula \bin \before.cmd:
# first line
ntbackup.exe backup systemstate /J "SERVER1 Backup" /F
"D:\backup\server1\system_state_Backup.bkf" /R:yes /L:f /SNAP:on
# 2nd line
net stop FirebirdGuardian
# 3nd line
net stop "File Server"
# etc.
ClientRunAfterJob starts c: \bacula\bin\after.cmd:
# first line
net start FirebirdGuardian
# 2nd line
net start "File Server"
# etc.
Besides once a month is manually started by the system administrator
ntbackup.exe and procedure ASR Backup in a file:
D:\backup\server1\ASR_Backup.bkf
Note : In Windows Server 2003, the ASR set replaces the Emergency
Repair Disk (ERD) which is available in Windows 2000.
An ASR set contains a backup of your operating system files and a
bootable floppy disk that can be used to start your computer if it will
not start normally. Before creating an ASR set, make sure that you have
a 3.5-inch floppy disk available to make the boot disk. If your server
does not have a floppy drive, you can still perform an ASR backup by
copying the asr.sif and asrpnp.sif files located in the systemroot
\repair directory to another computer with a floppy drive, then copy
those files onto a floppy disk. However, before running the ASR restore
procedure, you must attach a floppy drive to your server.
4.Initial data for restoration
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
4.1. Shared Data
^^^^^^^^^^^^^^^^
Before the beginning of restoration bare-metal it is necessary to have:
* Bootable CD-R with install files Windows 2003 Server, Service Pack1,
Support Tools, Resource Kit Tools.
* diskette, containing archive ASR with files of archive ASR asr.sif and
asrpnp.sif.
* HDD in capacity not less 3Gb for record of a file (*.bkf) a backup
copy. Note: If the network adapter normally is recognized at loading
from CD-R with Windows PE it is possible to use a network folder for
copying files instead of additional HDD. However thus it is necessary to
consider throughput of a LAN and its congestion.
* Bootable CD-R with Windows PE (make from BartPE).
* Install file of a client part Bacula, a file winbacula-1.38.4.exe.
4.2.Special conditions
^^^^^^^^^^^^^^^^^^^^^^
The target personal computer on which will be made restoration should:
* To have volume of the RAM it is not less, than on the initial server.
* To have quantity of physical disks and volume of disk space of each of
them it is not less, than on the initial server.
During carrying out of emergency restoration (ASR) operational system:
* Network neighborhood and network drives will be inaccessible.
* All partition on a local disk where will be placed (were placed on the
initial server) files, will be recreated and formatted (about it the
prevention will be given out).
5.Procedure of Restore
^^^^^^^^^^^^^^^^^^^^^^
5.1.First stage
^^^^^^^^^^^^^^^
The purpose of a stage - to return a server from OS Windows in a working
status.
Provisional duration of a stage - 90-120 minutes.
* Take from PC-Bacula-Server files:
D:\backup\server1\ASR_Backup.bkf,
D:\backup\server1\system_state_Backup.bkf, D:\backup\server1\asr.sif,
D:\backup\server1\asrpnp.sif
* Take from PC-Bacula-Server files: c:\bacula\bin\bacula-fd.conf,
c:\bacula\bin\bconsole.conf, c:\bacula\bin\wx-console.conf
* Copy files of backup copies ASR_Backup.bkf, system_state_Backup.bkf
on separate HDD. Copy an install file of a client part "Bacula"
winbacula-1.38.4.exe, on the same HDD.
* Copy files asr.sif and asrpnp.sif on a diskette.
* Copy files bacula-fd.conf, bconsole.conf, wx-console.conf on the same
or on another a diskette.
* In BIOS setup booting from CD-ROM.
* Insert loading CD-R with install files Windows 2003 Server, SP1 into
CD-ROM.
* Insert a diskette, containing archive ASR, into the disk drive.
* Boot server from CD-R.
* Windows setup in a text mode will be started.
* Wait information in the bottom line of the screen about an input in a
mode "Automated System Recovery (ASR) " and press F2.
* During a text phase of installation will occur reformatting drive
partitions.
* After the ending of a text phase of installation the server will be
reloaded.
* Not waiting loadings of OS with HDD switch power off a server.
* Connect additional HDD to server.
* Power on a server.
* Not waiting loadings of OS with HDD take CD-R with install files Windows.
* Insert bootable CD-R with Windows PE and be booted from it. Note:
booting with Windows PE is necessary as to copy necessary files from a
disk on a disk in Recovery Console, generally, it will not be possible.
Also at start ASR Wizard it will not be accessible (why? Bug or
security?) in addition connected HDD.
* Process of loading Windows PE is externally similar to loading usual
Windows.
* Copying file ASR_Backup.bkf from additional HDD in folder
D:\backup\server1\ main HDD.
* Reboot.
* Not waiting loadings of OS from HDD switch power off a server.
* Disconnect additional HDD from server SERVER1.
* Power on a server.
* Then take CD-R with Windows PE.
* Insert CD-R with install files Windows.
* Boot from main HDD.
* Installation Windows will proceed in a graphic mode.
* After start ASR Wizard, press Next, and specify a site of a file: D:
\backup\server1\ASR_Backup.bkf also press Next.
* Process of automatic system recovery will begin. After its end the
server will automatically be reboot in a normal mode. Note: as in a
network there are no other controllers of the domain and servers of
global catalogue Active Directory except for SERVER1 start Ntdsutil.exe
it is not required.
5.2 Second stage
^^^^^^^^^^^^^^^^
The purpose of a stage - to restore the last System State, and also data
of applied problems and data of users.
* Reboot a server and press F8.
* Choose mode Directory Services Restore Mode.
* Enter into system as the local Administrator.
* Start ntbackup.exe and make restoration System State of file
D:\backup\server1\system_state_Backup.bkf. At end of restoration it will
be offered to reload a server, respond No.
* If it is required, install on SERVER1 a client part "Bacula" in
catalogue C:\bacula\. Copy files bacula-fd.conf, bconsole.conf,
wx-console.conf with in advance prepared diskettes in catalogue
C:\bacula\bin atop of available. Start service Bacula File Server
(Control Panel-> Administrative Tools-> Computer Management-> Services
and Applications-> Services).
* Reboot a server. Note: Presence of any errors connected with service
Bacula File Server, testifies to errors in a file bacula-fd.conf or that
this file is inaccessible (is incorrectly set the way, the rights to a
file). For start of service in a debugging mode use
>cd c:
>c:\bacula\bin\bacula-fd.exe -d100 -c c:\bacula\bin\bacula-fd.conf
command it the debugging information will enter the name in a file
bacula.trace in the working catalogue certain by option WorkingDirectory
in bacula-fd.conf.
* After end of restoration necessarily see system Event Log on absence
of errors.
* install Support Tools (ST) and Resource Kit Tools (RKT). Note: ST and
RKT will be necessary for testing working of a server.
6. Possible problems
^^^^^^^^^^^^^^^^^^^
* Disk full.
If after start with PC-Bacula-Server tasks for restoration you have
received the message on lack of an empty seat, and at reboot a server
receive errors it is necessary to clear a disk and to repeat 2-nd stage
of restoration.
* Network is inaccessible
If after carrying out of restoration the network is inaccessible, it is
possible to try one of following decisions: To switch-off built in
Firewall (Network Connections - Properties - Advanced - Windows Firewall
Settings to set Off);
To make necessary corrections to properties Network Connections. Or to
reinstall a network adapter.
* Service File Server is not started
Service File Server either is not started, or works with errors.
Solution: A problem that at ASR there are no reconstruction of structure
of folders and restoration of the user data which do not belong to OS.
Therefore pass to 2nd to a stage and after its end again check up
working capacity of service File Server.
* There Is no diskette ASR
At carrying out of emergency restoration of system (ASR) there is no
initial a diskette, containing archive ASR, the program of archiving
demands to insert a diskette with files of archive ASR asr.sif and
asrpnp.sif.
Solution : At creation of archive ASR files asr.sif and asrpnp.sif are
copied on a diskette and added in a set of emergency restoration ASR (in
a file or on a tape). If a diskette it is lost, all over again it is
necessary to find by means of the program of archiving a corresponding
bkf-file with information ASR, then to restore files asr.sif and
asrpnp.sif (located in the catalogue %systemroot%\repair the carrier of
archive) on a diskette.
* If the system is not loaded
If the system is not loaded, it is necessary to press after the
termination of loading BIOS F8, to choose Enable Boot Logging, again to
press F8, to choose Safe Mode and to press Enter for continue loadings
of OS. The report of loading will be displayed and in file
C:\Windows\NtBtLog.txt. If loading of OS stops on a file acpitabl.dat it
means, that at MainBoard the given personal computer of a problem with
ACPI (Advanced Configuration and Power Interface). It is possible to try
to solve a problem as follows: to enter into options BIOS and if ACPI it
is switched-off to switch on it; if ACPI it is switched on to
switch-off. Further it is necessary to try to load OS once again. If the
problem has remained, it is necessary to replace MainBoard.
* Error EventID 53258
In Event Log Application the following error from Microsoft Distributed
Transaction Coordinator contains:
Source: MSDTC
Type: Warning
Category: SVC
Event ID: 53258
Description: MS DTC could not correctly process a DC Promotion/Demotion
event. MS DTC will continue to function and will use the existing
security settings. Error Specifics: %1
Solution:
- Start equipment Component Services (Start - Programs - Administrative
Tools).
- Open section Component Services, having pressed on "+".
- Open section Computers, having pressed on "+".
- Right cliques on My Computer, also choose Properties, tab MSDTC.
- Press button Security Configuration, in the opened window press OK.
- Further in window My Computer Properties also press OK
- You again will appear in window Component Services
- Right cliques on My Computer, also choose Stop MS DTC, this action
will stop corresponding service (Distributed Transaction Coordinator).
- Again right cliques on My Computer, also choose Start MS DTC, this
action will start corresponding service.
- See Event Log Application. Probably it is necessary to reload a server
to be convinced, that the problem is solved.
* Error EventID 4404
Event Log Application the following error from Microsoft Distributed
Transaction Coordinator contains:
Source: MSDTC
Type: Error
Category: Tracing Infrastructure
Event ID: 4404
Description: MS DTC Tracing infrastructure: the initialization of the
tracing infrastructure failed. Internal Information: msdtc_trace: File:
d:\srvrtm\com\complus\dtc\dtc\trace\src\tracelib.cpp, Line: 1107,
StartTrace Failed, hr=0x80070070
Solution:
- Start equipment Component Services (Start - Programs - Administrative
Tools).
- Open section Component Services, having pressed on "+".
- Open section Computers, having pressed on "+".
- Right cliques on My Computer, also choose Properties, tab MSDTC.
- Choose Tracing Options.
- Execute sequence of actions: Stop Session, New Session, Flush Data,
OK, and more time OK.
- You again will appear in window Component Services.
- Right cliques on My Computer, also choose Stop MS DTC and дале Start
MS DTC, this action will restart corresponding service (Distributed
Transaction Coordinator).
- Again see Event Log Application to be convinced, that the problem is
solved.
* Errors EventID 1058, 1030
In Event Log Application the interconnected errors contain:
Source: Userenv
Type: Error
Event ID: 1058
Description: Windows cannot access the file gpt.ini for GPO CN =
{31B2F340-016D-11D2-945F-00C04FB984F9}, CN=Policies, CN=System, DC=test,
DC=net. The file must be present at the location <\\ test.net \sysvol
\test.net \Policies \ {31B2F340-016D-11D2-945F-00C04FB984F9} \gpt.ini>.
(The network location cannot be reached. For information about network
troubleshooting, see Windows Help.). Group Policy processing aborted.
and
Source: Userenv
Type: Error
Event ID: 1030
Description: Windows cannot query for the list of Group Policy objects.
Check the event log for possible messages previously logged by the
policy engine that describes the reason for this.
Solution: The full description of the decision contains in article
Microsoft #842804 http://support.microsoft.com/?id=842804. Be convinced
that:
- Services Netlogon and DFS are started.
- The Controller of the domain valid reads and applies rules from Domain
Controllers Policy.
- The NTFS-rights to common resource Sysvol are established{installed}
correctly.
- DNS records on server DNS are correct.
- Useful links for the decision of problems:
http://technet.microsoft.com/default.aspx
http://www.eventid.net/
7. Testing a server after recovery
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Enter into system with the rights of Administrator.
Start ping for check of availability of a network.
See all system logs (Control Panel-> Administrative Tools-> Computer
Management-> Event Viewer). At presence of error messages reload a
server, if error messages repeat, before transition to 2nd to a stage
all errors (especially having attribute Type = Error) is necessary for
eliminating situations.
For the further testing it is necessary installed Support Tools (ST).
By means of command (from set Support Tools)
>netdom query fsmo
determine, what computer is the owner (Schema owner, Domain role owner,
PDC role, RID pool manager, Infrastructure owner).
Check up availability and correctness of job of a domain name system
(Domain Name System, DNS), executed Netdiag/debug command on a server.
It will check up registration NetBIOS, DNS and services. If it will not
help, familiarize with article Microsoft #265706, "DCDiag/NetDiag
Facilitate Join and DC Creation" to the address of
http://support.microsoft.com/default.aspx?ln=EN-US&pr=kbinfo&;
Enter
>dcdiag
command for check of configuration DC.
Also try to enter into system on a network with the rights of any user.
The Used literature
^^^^^^^^^^^^^^^^^^^
http://www.microsoft.com/technet/security/smallbusiness/prodtech/windowsserver2003/ntbackup.mspx
"Backing Up and Restoring Data for Windows Server 2003"
http://support.microsoft.com/kb/326216/
Article ID#326216 "How to use the backup feature to back up and restore
data in Windows Server 2003"
http://support.microsoft.com/kb/814583/en-us
Article ID#814583 "How to use command line parameters with the Ntbackup
command in Windows Server 2003"
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/
"Backup Troubleshooting"
Microsoft Corp. "Windows 2000 Server Disaster Recovery Guidelines. White
Paper."
Brien M. Posey,
http://searchtechtarget.techtarget.com/
"Bare metal restore via Automated System Recovery"
Good luck ;)
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
