1. A Review of Recovery Options
Windows Server 2003 supports a number of methods to repair and recover from specific types of failures:
Data loss or corruption
The Backup Utility and Ntbackup.exe command allow you to back up and
restore data. The new Volume Shadow Copy Service allows users to access
or restore previous versions of files in shared folders on servers.
Driver updates resulting in system instability
Windows Server 2003 provides a new driver rollback capability of
Windows Server 2003. If a driver has been updated and the system becomes
unstable, that driver and any new settings that were configured can be
rolled back to a previously installed version and state. Printer drivers
cannot be rolled back. It is easy, using Device Manager, to disable a
device that causes instability. If an application or supporting software
contributes to the instability, use Add Or Remove Programs to remove
the offending component.
Driver or service installation or update results in the inability to start the system Windows
Server 2003, like earlier versions of Windows, provides the Last Known
Good Configuration, which rolls back the active ControlSet of the
system’s registry to the ControlSet that was used the last time a user
successfully logged on to the system. If you install or update a service
or driver and the system crashes or cannot reboot to the logon screen,
the Last Known Good Configuration effectively takes you back to the
version of the registry that was active before the driver or service was
installed. There are also a variety of Safe Mode options, which enable
the system to start with specific drivers or services disabled. Safe
Mode can often allow you to start an otherwise unbootable computer and,
using Device Manager, disable, uninstall, or roll back a troublesome
driver or service.
Failure of the disk subsystem Windows Server 2003 allows you to create redundant disk volumes by configuring mirrored (RAID-1) or RAID-5 volumes.
Each of these recovery and repair processes
makes the assumption that a system can be restarted to some extent. When
a system cannot be restarted, the System State, Automated System
Recovery, and the Recovery Console can return the system to operational
status.
2. System State
Windows 2000 and Windows Server 2003 introduced the concept of System State to the backup process. System State data contains critical elements of a system’s configuration, including:
The system’s registry
The COM+ Class Registration Database
The boot files, including boot.ini, ntdetect.com, ntldr, bootsect.dos, and ntbootdd.sys
System files that are protected by the Windows File Protection service
In addition, the following items are included in
the System State when the corresponding services have been installed on
the system:
Certificate Services database on a certificate server
Active Directory and the Sysvol folder on a domain controller
Cluster service information on a cluster server
Internet Information Services (IIS) metabase on a server with IIS installed
To back up the System State in the Backup
Utility, include the System State node as part of the backup selection.
The System State and its components are shown in Figure 1.
If you prefer to use the command line, use Ntbackup with the following syntax:
Ntbackup backup systemstate /J "backup job name" ...
followed by the /F switch to indicate backing up
to a file, or by the appropriate /T, /G, /N, or /P switches to back up
to a tape.
There are several important considerations related to backing up the System State:
You cannot back up individual components
of the System State. For example, you cannot back up the COM+ Class
Registration Database alone. Because of interdependencies among System
State components, you can back up only the collection of System State
components as a whole.
You cannot use
Ntbackup or the Backup Utility to back up the System State from a remote
machine. You must run Ntbackup or the Backup Utility on the system that
is being backed up. You can, however, direct the backup to a file on a
remote server, which can then transfer the file onto another backup
media. Or you can purchase a third-party backup utility that can
remotely back up the System State.
The
System State contains most elements of a system’s configuration, but it
might not include every element required to return the system to full
operational capacity. It is therefore recommended that you back up all
boot, system, data and application volumes when you back up the system
state. The System State is a critical piece of a complete backup, but it
is only one piece.
Performing a system
state backup automatically forces the backup type to Copy, although the
interface might not indicate that fact. Take that fact into
consideration when planning whether to include other items in your
backup selection.
To restore the System
State on a computer that is operational, use the Backup Utility and, on
the Restore And Manage Media tab, click the System State check box. If
the computer is not operational, you will most likely turn to Automated
System Recovery to regain operational status.
3. System State on a Domain Controller
The System State on a domain controller includes
the Microsoft Active Directory directory service and the Sysvol folder.
You can back up the System State on a domain controller just as on any
other system, using the Backup Utility or Ntbackup command. As with all
backup media, it is paramount to maintain physical security of the media
to which the Active Directory is backed up.
To restore the System State on a domain
controller, you must restart the computer, press F8 to select startup
options, and select Directory Services Restore Mode. This mode is a
variation of the Safe Modes that have been supported in recent versions
of Windows. In Directory Services Restore Mode, the domain controller
boots but does not start Active Directory services. You can log on to
the computer only as the local Administrator, using the Directory
Services Restore Mode password that was specified when Dcpromo.exe was
used to promote the server to a domain controller.
When in Directory Services Restore Mode, the
domain controller does not perform authentication or Active Directory
replication, and the Active Directory database and supporting files are
not subject to file locks. You can therefore restore the System State by
using the Backup Utility.
When restoring the System State on a domain
controller, you must choose whether to perform a nonauthoritative
(normal) or authoritative restore of the Active Directory and Sysvol
folder. After restoring the System State by using the Backup Utility,
you complete a nonauthoritative restore by restarting the domain
controller into normal operational status. Because older data was
restored, the domain controller must update its replica of the Active
Directory and Sysvol, which it does automatically through standard
replication mechanisms from its replication partners.
There might be occasions, however, when you do
not want the restored domain controller to become consistent with other
functioning domain controllers and instead want all domain controllers
to have the same state as the restored replica. If, for example, objects
have been deleted from Active Directory, you can restore one domain
controller with a backup set that was created prior to the deletion of
the objects. You must then perform an authoritative restore, which marks
selected objects as authoritative and causes those objects to be
replicated from the restored domain controllers to its replication partners.
To
perform an authoritative restore, you must first perform a
nonauthoritative restore by using the Backup Utility to restore the
System State onto the domain controller. When the restore is completed
and you click Close in the Backup Utility, you are prompted to restart
the computer. When that occurs, you must select No. Do not allow the
domain controller to restart. Then, open a command prompt and use
Ntdsutil.exe to mark the entire restored database or selected objects as
authoritative. You can get more information about Ntdsutil and
authoritative restore by typing ntdsutil /? at the command prompt or by using the online references in the Help And Support Center.
4. Automated System Recovery
Recovering a failed server has traditionally
been a tedious task, involving reinstallation of the operating system,
mounting and cataloging the backup tape, and then performing a full
restore. Automated System Recovery makes that process significantly
easier. Automated System Recovery requires you to create an ASR set,
consisting of a backup of critical system files—including the
registry—and a floppy disk listing the Windows system files that are
installed on the computer. If the server ever fails, you simply restart
with the Windows Server 2003 CD-ROM and select the option to perform an
Automated System Recovery. The process uses the list of files on the ASR
disk to restore standard drivers and files from the original Windows
Server 2003 CD-ROM, and it will restore remaining files from the ASR
backup set.
To create an ASR set, open the Backup Utility
from the All Programs\Accessories\System Tools program group, or by
clicking Start, clicking Run, and typing Ntbackup.exe.
If the Backup And Restore Wizard appears, click Advanced Mode. Then,
from the Backup Utility’s Welcome tab or from the Tools menu, select ASR
Wizard. Follow the instructions of the Automated System Recovery
Preparation Wizard. It will request a 1.44 megabyte (MB) floppy disk to
create the ASR floppy. The ASR Preparation Wizard is shown in Figure 2.
The
backup created by the ASR Wizard includes disk configuration
information for each disk in the computer, a System State backup, and a
backup of files including the driver cache. The backup set is sizable.
On a standard installation of Windows Server 2003, the ASR backup size
will be almost 2 gigabytes (GB).
The ASR floppy disk is created by the Automated
System Recovery Preparation Wizard, and it is specific to the system and
the time at which the ASR set was created. You should label the ASR
backup set and floppy disk carefully and keep them together.
The ASR floppy disk contains two catalogs of
files on the system: Asr.sif and Asrpnp.sif. If the system does not have
a floppy drive when you create the ASR set, you can create the floppy
disk after running the wizard by copying these two files from the %Systemroot%\repair
folder on the system to another computer that does have a floppy drive,
and copying the files to the floppy disk on that second system. If you
lose the floppy disk, you can restore the two files from the %Systemroot%\repair folder in the ASR backup set. You must
have the ASR floppy disk to perform an Automated System Recovery. If
the system does not have a floppy drive, you will need to connect one
before performing the restore.
Tip
The
ASR set contains the files required to start the system. It is not a
comprehensive backup of the entire system. Therefore it is highly
recommended that you create a complete backup, including the System
State, system volume, applications and, perhaps, user data when you
create your ASR set. |
When you perform an Automated System Recovery, you will need the following:
Tip
You
will also need any mass storage device drivers that are not part of the
standard Windows Server 2003 driver set. To facilitate recovery, you
should consider copying those drivers to the ASR floppy disk. |
To restore a system using Automated System
Recovery, restart using the Windows Server 2003 CD-ROM, just as if you
were installing the operating system on the computer. If the computer
requires a mass storage device driver that is not included with Windows
Server 2003, press F6 when prompted and provide the driver on a floppy
disk. After loading initial drivers, the system will prompt you to press
F2 to perform an Automated System Recovery. Press F2 and follow the
instructions on your screen. Automated System Recover will prompt you
for the system’s ASR floppy, which contains two catalogs, or lists, of
files required to start the system. Those files will be loaded from the
CD-ROM. Automated System Recovery will restore remaining critical files,
including the system’s registry, from the system’s ASR backup set.
There is a restart during the process, and if the computer requires a
vendor-specific mass storage device driver, you will need to press F6
during this second restart as well. Because there is a restart, you
should either remove the floppy disk after the initial text-based
portion of the restore, or set the restart order so that the system does
not attempt to restart from the floppy drive.
5. Recovery Console
The Recovery Console is a text-mode command
interpreter that allows you to access the hard disk of a computer
running Windows Server 2003 for basic troubleshooting and system
maintenance. It is particularly useful when the operating system cannot
be started, as the Recovery Console can be used to run diagnostics,
disable drivers and services, replace files, and perform other targeted
recovery procedures.
Installing the Recovery Console
You can start the Recovery Console by booting
with the Windows Server 2003 CD-ROM and, when prompted, pressing R to
choose the repair and recover option. However, when a system is down you
will typically want to recover the system as quickly as possible, and
you might not want to waste time hunting down a copy of the CD-ROM or
waiting for the laboriously long restart process. Therefore, it is
recommended that you proactively install the Recovery Console.
To install the Recovery Console, insert the Windows Server 2003 CD-ROM and type cddrive:\i386\winnt32/cmdcons
on the command line. The Setup Wizard will install the 8 MB console in a
hidden folder called Cmdcons, and it will modify the boot.ini file to
provide the Recovery Console as a startup option during the boot
process.
Removing the Recovery Console
If you ever decide to remove the Recovery
Console, you must delete files and folders that are “super hidden.” From
Windows Explorer, choose the Folder Options command from the Tools
menu. Click the View tab, select Show Hidden Files and Folders, clear
Hide Protected Operating System Files, and if you are prompted with a
warning about displaying protected system files, click Yes.
Then, delete the Cmdcons folder and the Cmldr
file, each of which is located in the root of the system drive. You must
next remove the Recovery Console startup option from Boot.ini. Open
System from Control Panel, click the Advanced tab, click the Settings
button in the Startup And Recovery frame, and then, in the Startup And
Recovery dialog box, under System Startup, click Edit. Boot.ini will
display in Notepad. Remove the entry for the Recovery Console, which
will look something like this:
c:\cmdcons\bootsect.dat="Microsoft Windows Recovery Console" /cmdcons
Save the file and close Boot.ini.
Using the Recovery Console
After you have installed the Recovery Console,
you can reboot the system and select Microsoft Windows Recovery Console
from the startup menu. If the console was not installed or cannot be
launched successfully, you can restart using the Windows Server 2003
CD-ROM and, at the Welcome To Setup page, press R to select Repair. The
loading takes significantly longer from the CD-ROM, but the resulting
Recovery Console is identical to that installed on the local system.
Once the Recovery Console has started, as shown in Figure 3,
you will be prompted to select the installation of Windows to which you
want to log on. You will then be asked to enter the Administrator
password. You must use the password assigned to the local Administrator
account, which, on a domain controller, is the password configured on
the Directory Services Restore Mode Password page of the Active
Directory Installation Wizard.
You can type Help at the console prompt to list the commands available in the Recovery Console, and Help command name
for information about a specific command. Most are familiar commands
from the standard command-line environment. Several commands deserve
particular attention:
Listsvc
Displays the services and drivers that are listed in the registry as
well as their startup settings. This command is useful for discovering
the short name for a service or driver before using the Enable and
Disable commands.
Enable/Disable
Controls the startup status of a service or driver. If a service or
driver is preventing the operating system from starting successfully,
use the Recovery Console’s Disable command to disable the component, and
then restart the system and repair or uninstall the component.
Diskpart
Provides the opportunity to create and delete partitions by using an
interface similar to that of the text-based portion of Setup. You can
then use the Format command to configure a file system for a partition.
Bootcfg Enables you to manage the startup menu.
The Recovery Console has several limitations
imposed for security purposes. These limitations can be modified using a
combination of policies (located in the Computer Configuration\Windows
Settings\Security Settings\Local Policies\Security Options node of the
Local Computer Policy console) and Recovery Console environment
variables.
Directory access You can view files only in the root directory, in %Windir%
and in the \Cmdcons folder. Disable this limitation by enabling the
policy Recovery Console: Allow Floppy Copy And Access To All Drives And
All Folders, and using the Set AllowAllPaths = True command in the Recovery Console. Be sure to include the space on either side of the equal sign when typing the Set command.
File copy You
can only copy files to the local hard disk, not from it. Disable this
limitation by enabling the Recovery Console: Allow Floppy Copy And
Access To All Drives And All Folders policy and using the Set AllowRemovableMedia = True command in the Recovery Console. Be sure to include the space on either side of the equal sign when typing the Set command.
Wildcards
You cannot use wildcards such as the asterisk to delete files. Disable
this limitation for some commands by enabling the Recovery Console:
Allow Floppy Copy And Access To All Drives And All Folders policy and
using the Set AllowWildCards = True command in the Recovery Console. Be sure to include the space on either side of the equal sign when typing the Set command.
Practice: Recovering from System Failure
In this practice, you will back up the System
State and create an Automated System Recovery Set on Server02. You will
also install and use the Recovery Console to troubleshoot driver or
service failures. Finally, if you have access to a second physical disk
drive, you will be able to perform Automated System Recovery to restore a
failed server.
Exercise 1: Backing Up the System State
1. | Log on to Server02 as Administrator.
|
2. | Open the Backup Utility.
|
3. | If the Backup And Restore Wizard appears, click Advanced Mode.
|
4. | Click
the Backup tab, and select the check box next to System State. Also
click the System State label so that you can see the components of the
System State listed in the other pane of the dialog box.
|
5. | In the Backup Media Or File Name box, type a file name for the backup file, such as C:\SystemState.bkf.
|
6. | Start the backup.
|
7. | When the backup is complete, examine the file size of the System State backup file. How big is the file?
|
Exercise 2: Creating an ASR Set
This exercise requires a blank floppy disk and
approximately 1.7 GB of free disk space. If you have a second physical
disk in Server02, direct the backup to that disk so that you can perform
an Automated System Recovery in Exercise 4.
1. | Open the Backup Utility. If the Backup And Restore Wizard appears, click Advanced Mode.
|
2. | Click Automated System Recovery Wizard, or choose ASR Wizard from the Tools menu.
|
3. | Follow the prompts. Back up to a file named ASRBackup.bkf on the C drive or, if you have a second physical disk, on that volume.
|
4. | When
the backup is complete, examine the file size of ASRBackup.bkf. How big
is it? How does its size compare to that of the System State backup?
|
Exercise 3: Installing and Using the Recovery Console
1. | Insert the Windows Server 2003 CD-ROM.
|
2. | Click Start, click Run, and then type the following command in the Open box:
D:\i386\winnt32.exe /cmdcons
where D: is the drive letter for your CD-ROM. The Recovery Console will be installed on the local hard disk.
|
3. | To
simulate a service in need of troubleshooting, open the Services
console from Administrative Tools. Locate the Messenger service.
Double-click the service, choose Automatic as the Startup Type, and
click OK.
|
4. | Restart the server.
|
5. | When the server presents the startup boot menu, select Microsoft Windows Recovery Console.
|
6. | When prompted, type 1 to select the installation of Windows Server 2003.
|
7. | Type the password for the local Administrator account.
|
8. | When the Recovery Console prompt appears (by default, C:\Windows>), type help to display a list of commands.
|
9. | Type listsvc
to display a list of services and drivers. Note that the short name of
many services is not the same as the long name. However, the short name
of the Messenger service is also Messenger. Confirm that its startup is
set to Automatic.
|
10. | Type disable messenger
to disable the service. The output of the command indicates the success
of the command and the original startup configuration for the service
(in this case, SERVICE_AUTO_START). You should always make note of this
setting so that once troubleshooting has been completed you can return
the service to its original state.
|
11. | To quit the Recovery Console, type exit and press ENTER.
|
Exercise 4: Restoring a System Using Automated System Recovery
1. | Power off your computer.
|
2. | Restart the computer, and open the computer’s BIOS. Make sure the system is configured to start from the CD-ROM.
|
3. | Insert the Windows Server 2003 installation CD-ROM.
|
4. | Restart Server02. Watch carefully and, when prompted, press a key to start from the CD-ROM.
|
5. | Early in the text-mode setup phase, setup prompts you to press F2 to run an Automatic System Recovery. Press F2.
|
6. | You
will then be prompted to insert the Windows Automated System Recovery
disk into the floppy drive. Insert the floppy disk you created in Exercise 2, and press any key to continue.
|
7. | Text-mode
setup prepares for Automated System Recovery and a minimal version of
the operating system is loaded. This step will take some time to
complete.
|
8. | Eventually, a Windows Server 2003 Setup screen will appear.
|
9. | Windows
Server 2003 Setup partitions and formats the disk, copies files,
initializes the Windows configuration, and then prepares to restart.
|
10. | Remove the floppy disk from the disk drive, and allow the computer to restart.
The installation will continue. When the installation completes, the computer should be restored to its previous state. |
