Using Other Recovery Tools

Although a good backup can allow the system administrator to recover from a variety of problems, a full server restore can be time consuming. Sometimes a server might have a problem that can be repaired by changing its configuration or replacing a small number of files. Windows Server 2003 includes a number of utilities that allow the system administrator (and even a user, in the case of Volume Shadow Copy) to recover from various problems. In this section, we examine these utilities and show how and when they are used.

Restoring Data from Shadow Copy Volumes

Although hardware errors can sometimes result in data loss, industry studies have shown that at least one third of all data loss is caused by human error, usually accidental file deletion or modification. Although these types of errors can be rectified by restoring the affected file or folder from a current backup, this requires the intervention of a system administrator or other overworked IT professional.

The other problem with restoring from a backup is that backups are usually performed outside of normal business hours, usually at night. If, at 4:00 p.m., a user accidentally overwrites a file that he has been working on all day, the version on the backup tape does not reflect any changes made that day, so all the changes will be lost.

This situation can be averted using the Volume Shadow Copy service in Windows Server 2003. The Volume Shadow Copy service allows users to view the contents of shared folders as they existed at specific points in time and to restore a previous copy of a file. This reduces the calls to administrators to restore accidentally deleted or overwritten files.

The Volume Shadow Copy feature in Windows Server 2003 works by setting aside a configurable amount of space, either on the same or a different volume. This space is used to save any changes to the files accessed via a share on the volume that Volume Shadow Copy is enabled on. These changes are added by making a block-level copy of any changes that have occurred to files since the last shadow copy. Only the changes are copied, not the entire file. As new shadow copies are added, the oldest one is purged either when you run out of allocated space or when the number of shadow copies reaches 64.

Shadow copies are turned on for an entire volume, not just for specific files and folders. When the Volume Shadow Copy service runs, it takes a snapshot of the files and folders on the volume. When a file is changed and saved to a shared folder, Volume Shadow Copy writes the previous version of the file to the allocated space. If the file is saved again before Volume Shadow Copy has run again, a second copy is not saved to the Shadow Copy storage area. A second copy cannot be saved to the storage area until the service has run again. The Volume Shadow Copy service can be configured to run at any time; the default schedule is for it to run weekdays at 7:00 a.m. and 12:00 p.m.

Shadow copies are configured on a Windows Server 2003 server. Before they are configured, you should plan how they should be configured. The following guidelines apply:

• Volume Shadow Copy is enabled for all shared folders on a volume; you can't just select a few.

• The minimum storage space you can allocate for shadow copies is 100MB.

• The storage space can be allocated on the same or on another volume.

• The default storage size allocated is 10% of the volume; however, you can increase the size at any time.

• When estimating the size to allocate, you must consider both the number and size of the files in the shared folders as well as how often they will be updated.

• Remember that when the storage limit is reached, the oldest shadow copies will be deleted.

• If you decide to store your shadow copies on another volume, the existing shadow copies will be deleted.

• The default configuration values for shadow copies are 100MB of space, with a scheduled update at 7:00 a.m. and 12:00 p.m. on weekdays.

• Using a separate volume to store shadow copies is highly recommended for heavily used file servers.

• Performing a shadow copy more than once an hour is not recommended.

• Shadow copies do not work properly on dual-boot systems.

To configure Volume Shadow Copy on a volume, perform the procedure outlined in Step by Step 17.9.

After Volume Shadow Copy is enabled on the server, a client must be installed on the workstation so that the previous versions of the files are visible. Microsoft supplies a Shadow Copy client for Windows XP, Windows 2000 Professional, and Windows 98 users. The client is located in the %systemroot%\system32\clients\twclient folder on Windows Server 2003. The client software is referred to as Previous Versions. Windows Server 2003 and later operating systems have the Previous Versions client built in. The installation file, twcli32.msi, is a Microsoft installer file; you can copy it to a share that is accessible by your users.

To view files using the Previous Versions client, perform the procedure outlined in Step by Step 17.10.

The following buttons are available from the Previous Versions tab:

• View This button allows you to view the contents of the selected version of the shared folder. You can only view the files; you cannot edit them.

• Copy This button allows you to copy some or all of the files to a different location.

• Restore This button restores the files in the shared folder to their state at the time the selected version was made. This overwrites all the existing files in the shared folder with the previous versions. Use this option with care.

Shadow copies are good for the following scenarios:

• Recovering files that were accidentally deleted If someone accidentally deletes a file, he or she can recover a previous version using the Previous Versions client.

• Recovering files that were overwritten If someone normally creates new files using the Save As method, sometimes he or she might click Save instead and overwrite the original file. The user can recover a previous version of the file using the Previous Versions client.

• Checking the changes made between file versions The user can look at the previous versions of the file to see what changes have been made.

Shadow copies work with compressed or encrypted files and retain whatever permissions were set on these files when the shadow copies were taken.

Note: Keep Your Backup Plan

Using shadow copies is not a valid replacement for a well-planned backup procedure.

Exam Alert: Volume Shadow Copy Clients

Volume Shadow Copy clients are not available for Windows 95, Me, or any version of NT.

Advanced Options Menu

The Advanced Options menu allows you to select from a variety of options that can be used to troubleshoot and repair server startup and driver problems. The following options are available on the Windows Server 2003 Advanced Options menu, as shown in Figure 17.33:

• Safe Mode This option starts Windows Server 2003 with the basic drivers for the mouse, video, monitor, mass storage, and keyboard. This option is recommended when you suspect that a recently installed application is causing problems. You can boot into this mode and uninstall the application.

• Safe Mode with Networking This option starts Windows Server 2003 with the basic drivers, plus the network drivers. This option is handy for testing basic network connectivity.

• Safe Mode with Command Prompt This option starts Windows Server 2003 with the basic drivers and opens a command prompt window instead of the desktop. This option is useful when the first two Safe Mode options are unable to start the server.

• Enable Boot Logging This option starts Windows Server 2003 normally, but logs a list of all device drivers, services, and their status that the system attempts to load to %systemroot%\ntblog.txt. This is a good option to select to diagnose system startup problems.

• Enable VGA Mode This option starts Windows Server 2003 normally but forces it to load the basic VGA driver. This option is useful for recovering from the installation of a bad video driver.

• Last Known Good Configuration This option starts Windows Server 2003 with the contents of the Registry from the last time the user logged on to the system. This is helpful when recovering from a configuration error. For example, if you install a new driver and then the system crashes or fails to start, you can remove these changes by selecting Last Known Good Configuration when rebooting. When this option is selected, any configuration changes made after the last logon are lost. It is important to note that as soon as you log on to the server, the current drivers and Registry information become the last known good configuration. Therefore, if you suspect a driver problem, don't reboot and log on because you cannot roll back the changes using this option.

• Directory Services Restore Mode This option is used to restore the Active Directory database and SYSVOL on a domain controller. It is listed only on a domain controller.

• Debugging Mode This option starts Windows Server 2003 normally but sends debugging information over a serial cable to another computer. This option is for software developers.

• Disable Automatic Restart on System Failure The default in Windows Server 2003 is to reboot on failure. If there is a stop message, it might not be displayed long enough to read it. This option will stop the system if there is an error, so that you can read any error messages.

• Start Windows Normally This option bypasses the menu options and starts Windows Server 2003 without any modifications.

• Reboot This option reboots the computer.

• Return to OS Choices Menu If multiple operating systems are installed, selecting this option returns you to the boot menu.

Figure 17.33. The Windows Server 2003 Advanced Options Menu screen showing the Safe Mode option selected.

Although Microsoft recommends using Last Known Good Configuration as the first step in diagnosing a problem, you can also start and log on to the server using one of the Safe Mode options. Unlike a normal logon, the Safe Mode options do not update the Last Known Good Configuration information, so it's still an option if you try Safe Mode first.

If your startup problem does not appear when you start the system in Safe Mode, you can eliminate the default settings and minimum device drivers as problems. Using Safe Mode, you can diagnose the problem and remove the faulty driver, or you can restore the proper configuration.

Note: Other Recovery Options

If your server does not start properly using Safe Mode or Last Known Good Configuration, you might have to boot to the Recovery Console or restore your system files using the Automated System Recovery (ASR) feature.

Last Known Good Configuration

The Last Known Good Configuration option allows you to restore the system to the state it was in at the time of the last logon. Whenever a user logs on to the console of a server, the hardware configuration and settings are stored in the Registry key HKLM\System\CurrentControlSet. This configuration is then backed up to another key, usually ControlSet001. If you install a driver or make a configuration change after you log on, this new information is saved to the CurrentControlSet key. If your changes result in a blue screen or other problems, you can restart your server and then go into the Advanced Options Menu and select Last Known Good Configuration. This allows you to select and boot with the configuration information backed up from the CurrentControlSet key at the last logon. This should allow you to boot properly, although the new drivers will no longer be present.

You must remember that the previous configuration information is overwritten with the current configuration every time you complete a logon to a server. Therefore, if you reboot and log on to the server, the good configuration entry will have been overwritten by the bad configuration entry. Make sure you understand the sequence of system events so that you don't lose this recovery option.

To reboot a server using the Last Known Good Configuration option, perform the procedure outlined in Step by Step 17.11.

Step by Step 17.11 Using the Last Known Good Configuration 1. Restart the server. If Windows Server 2003 is the only operating system installed, you have to press F8 early in the boot process, just after the POST screen disappears. Otherwise, when you see the prompt Please Select the Operating System to Start, press the F8 key at the first OS screen. 2. The Advanced Options Menu screen appears, as shown previously in Figure 17.33. On the Advanced Options Menu screen, use the arrow keys to select the Last Known Good Configuration option. 3. You're now back at the operating system screen, as shown in Figure 17.34. Select the operating system you want to start and then press the Enter key. Figure 17.34. The boot menu screen again. Note that it informs you that you're in Last Known Good Configuration mode.

After the server boots, it should run normally. However, any configuration or driver changes made since the last logon are gone.

Safe Mode

The Windows Server 2003 Safe Mode option is a recovery tool carried over from the Windows 9x product line. This tool allows you to start your system with a minimal set of device drivers and services loaded.

Safe Mode is useful for those situations in which you load a new driver or software program or make a configuration change that results in an inability to start your system. You can use Safe Mode to start your system and remove the driver or software that is causing the problem.

To get into Safe Mode, perform the procedure outlined in Step by Step 17.12.

Step by Step 17.12 Starting in Safe Mode 1. Restart the server. If Windows Server 2003 is the only operating system installed, you have to press F8 early in the boot process, just after the POST screen disappears. Otherwise, when you see the prompt Please Select the Operating System to Start, press the F8 key at the first OS screen. 2. The Advanced Options Menu screen appears. On the Advanced Options Menu screen, use the arrow keys to select one of the Safe Mode startup options, and then press Enter. 3. You're now back at the operating system screen. Select the operating system you want to start and then press the Enter key. The server boots. 4. When you come to the logon screen shown in Figure 17.35, log on to the server. Figure 17.35. The Windows Server 2003 logon screen in Safe Mode. Notice that you're in VGA mode.

Remember that the capabilities vary depending on which Safe Mode option you select. For instance, the Safe Mode with Command Prompt option presents you with a command prompt window, and the Windows GUI will not be started, as shown in Figure 17.36.

Figure 17.36. Windows Server 2003 server in Safe Mode with Command Prompt mode. Notice that you're in VGA mode and are limited to a command prompt window.

Recovery Console

For those situations in which the tools and methods available via Safe Mode are not enough to recover from a server failure, or if Safe Mode will not boot the server, Microsoft has provided an additional tool called the Recovery Console. The Recovery Console is a DOS-like command-line interface in which you can perform a limited set of commands and disable system services. Unlike booting from a DOS disk, the Recovery Console allows you limited access to files on an NTFS-formatted volume.

The Recovery Console is not installed by default; you must install it manually after you have installed Windows Server 2003 or run it from the product CD. To install the Recovery Console, perform the procedure outlined in Step by Step 17.13.

The Recovery Console option is added to the Windows Server 2003 boot menu, as shown in Figure 17.38.

Figure 17.38. The Windows Server 2003 boot menu showing the addition of the Recovery Console.

If your system fails and you don't have the Recovery Console installed, or if you are having startup problems, you can run Recovery Console from the Windows Server 2003 CD-ROM.

Note: No More Boot Floppies

Windows Server 2003 does not come with startup floppies, or with any method of creating them.

To run the Recovery Console from a CD-ROM perform the procedure outlined in Step by Step 17.14.

Step by Step 17.14 Running the Recovery Console from a CD-ROM 1. Insert the desired media type and start the server. 2. In the Windows Server 2003 Setup procedure, select the option to repair the operating system. 3. Select Recovery Console as your repair method. 4. The system boots to the Recovery Console screen shown in Figure 17.39. Figure 17.39. The Windows Server 2003 Recovery Console showing the logon screen.

After you start the Recovery Console, either from a CD or from the hard disk, you will be prompted for the operating system number to log on to and the Administrator password, as shown in Figure 17.39. On a member server, this is the local Administrator password. However, on a domain controller this is not the domain or local Administrator password; instead, it's the Directory Services Restore Mode password that you were prompted to create during the dcpromo procedure you used to install Active Directory.

After you log on, the commands listed in Table 17.2 are available.

As you can see, the Recovery Console allows you to perform a variety of tasks, such as formatting a drive, copying, deleting, or renaming files, and starting and stopping services. However, there are some limitations:

• You have access only to %systemroot% and its subfolders, the root partitions of %systemdrive%, any other partitions, floppy drives, and CD-ROMs.

• You cannot copy a file from the hard disk to a floppy, but you can copy a file from a floppy, a CD-ROM, or another hard disk to your hard disk.

Using Directory Services Restore Mode to Recover System State Data

On a domain controller, the Active Directory files are restored as part of the system state. The system state on a domain controller consists of the following items:

• Active Directory (NTDS)

• The boot files

• The COM+ Class Registration database

• The Registry

• The system volume (SYSVOL)

• Files in the Windows File Protection folder

The individual components cannot be backed up or restored separately; they can be handled only as a unit, as we discussed previously in the section "System State Backups."

When a single domain controller fails, and the other domain controllers are still operational, it can be repaired and the data restored using a current backup tape. After Active Directory is restored, the domain controller coordinates with the other domain controllers to synchronize any changes that were made to the Active Directory on the other domain controllers since the backup tape was created. This process is called a nonauthoritative restore and is the type of system state restore we performed earlier in this chapter.

Windows Server 2003 assigns an Update Sequence Number (USN) to each object created in Active Directory. This allows Active Directory to track updates and prevents it from replicating objects that have not changed. When you perform a normal file restore of the Active Directory, all the data that is restored is considered old data and will not be replicated to the other domain controllers. This data is considered to be nonauthoritative (old and out-of-date) because the objects have lower USNs. All the objects contained in the other copies of Active Directory on the other domain controllers that have higher USNs than the objects in the restored data will be replicated to the restored domain controller so that all copies of Active Directory are consistent. A nonauthoritative restore is the default restore mode for Active Directory and is used most often.

However, in specific circumstances, such as the accidental deletion of a group or an Organizational Unit (OU), it may be necessary to perform an authoritative restore. When you perform an authoritative restore, the USNs on the objects in the copy of the Active Directory database that is restored to the domain controller are reset to a number higher than the current USNs so that all the data that is restored is no longer considered old data. This allows the objects in the restore job to overwrite newer objects on the other domain controllers.

Note: Authoritative Restore

An authoritative restore cannot be performed while a domain controller is onlinethe domain controller must be restarted into Directory Services Restore Mode, which is an option available from the Advanced Options Menu.

To restore an object, you must know its common name (CN), the Organization Unit (OU), and the domain (DC) in which the object was located. For example, to restore the ABC St. Louis User OU in the abc.com domain during an Authoritative Restore, you would enter the following command:

Restore Subtree "OU=ABC St. Louis User,DC=abc,DC=com"

This command restores all the objects that have been deleted in the ABC St. Louis User OU since the backup tape was created.

To restore a user, you would use the following command:

Restore Subtree "CN=JDoe,OU=ABC St. Louis User,DC=ABC,DC=com"

To restore a printer, you would use this command:

Restore Subtree "CN=DeskJet 3rdfloor,OU=ABC St. Louis User,DC=abc,DC=com"

After the command has completed, enter quit twice and reboot the domain controller. The domain controller now replicates the restored Active Directory object to the other domain controllers.

To perform an authoritative restore of a deleted OU, perform the procedure outlined in Step by Step 17.15.

To set up this exercise, open the Active Directory Users and Computers MMC, create an OU, and name it Test.

Step by Step 17.15 Performing an authoritative restore 1. Restart the server. If Windows Server 2003 is the only operating system installed, you have to press F8 early in the boot process, just after the POST screen disappears. Otherwise, when you see the prompt Please Select the Operating System to Start, press the F8 key at the first OS screen. 2. The Advanced Options Menu screen appears, as shown in Figure 17.40. On the Advanced Options screen, use the arrow keys to select Directory Services Restore Mode. Figure 17.40. The Advanced Options Menu screen showing the selection of Directory Services Restore Mode. 3. You're now back at the operating system screen. Select the operating system you want to start and then press the Enter key. The server boots. 4. The server boots into Directory Services Restore Mode. From the Windows Server 2003 logon screen, log on using the Directory Services Restore Mode password. This is not the normal Administrator password. This is the password that was entered during the dcpromo procedure. 5. Start the Windows Server 2003 Backup program by selecting Start, All Programs, Accessories, System Tools, Backup. 6. The Backup or Restore Wizard appears. Click the highlighted Advanced Mode link to open the Backup utility. 7. From the Backup utility's Advanced Mode window, select the Restore and Manage Media tab. 8. From the Restore and Manage Media tab, double-click the backup set that contains the backup of the system state data that you want to restore. 9. In the right pane of the Restore and Manage Media tab, shown in Figure 17.41, select System State and then click the Start Restore button to continue. Figure 17.41. The Restore and Manage Media tab. Select the desired backup set and then select System State. 10. A confirmation prompt warns you that your current system state data will be overwritten. Click OK to continue. 11. When the Confirm Restore dialog box appears, click the Advanced button. 12. From the Advanced Restore Options dialog box, shown in Figure 17.42, select the When Restoring Replicated Data Sets, Mark the Restored Data as the Primary Data for All Replicas check box, and then click the OK button. Figure 17.42. The Advanced Restore Options dialog box showing the authoritative restore selection. 13. Click the OK button in the Confirm Restore dialog box. 14. When the restore is complete, click Close. 15. When prompted to reboot, select No. 16. Open a command prompt window and type ntdsutil. Then press Enter. 17. At the command prompt, type Authoritative Restore and then press Enter. 18. Type Restore Subtree "OU=Test,DC=70-290,DC=local" and then press Enter. When prompted, click OK and then click Yes. 19. After the command has completed, the ntdsutil utility will display the number of objects restored and whether the restored objects have backlinks that need to be restored. If there are backlinks that need to be restored, make a note of the location of the .txt and .ldf files. 20. Because our OU was empty, there were no backlinks to be restored. On the command line, enter quit twice and reboot the domain controller. The domain controller now replicates the restored Active Directory object to the other domain controllers.

An authoritative restore is used most often in situations where an Active Directory object such as a user, group, or OU has been accidentally deleted and needs to be restored. If only a single Active Directory object is accidentally deleted, it is possible to restore only that object from a backup tape by performing a partial authoritative restore. This is accomplished by restoring from the last backup before the object was deleted. The procedure to perform this type of restore is very similar to the full Active Directory authoritative restore shown in the previous section.

Caution: Partial Authoritative Restores

When you're performing a partial authoritative restore, it is very important that you restore only the specific item that needs to be restored. If the entire Active Directory is restored, you could inadvertently write over newer objects. For example, the naming context of Active Directory contains the passwords for all the computer accounts and trust relationships. These passwords are automatically changed approximately every 30 days. If the existing values are overwritten by the restore, and the passwords have been renegotiated since that backup was created, the computer accounts will be locked out of the domain and the trust relationships will be dropped. For more information, see Microsoft Knowledge Base Article Q216243, "Impact of Authoritative Restore on Trusts and Computer Accounts."

Note: Containers, Not OUs

The default Active Directory folders shown in the root of the Active Directory Users and Computers MMC are actually containers and not Organizational Units:

• Users

• Builtin

• Computers

When referencing these containers, you have to use the CN= attribute and not the OU= attribute.

Implementing Automated System Recovery (ASR)

Objective:

Implement Automated System Recovery (ASR)

Most of the recovery procedures we have looked at so far are not much use if more than a handful of the boot partition files are missing or damaged. Although in certain modes you have the ability to copy files from the operating system CD-ROM, this can become a nightmare if your boot partition has sustained major damage.

Previous versions of Windows used the emergency repair disk (ERD) to assist in this type of situation; however, beginning in Windows 2000, it became unwieldy to save enough files to a floppy to restore the Registry and other files necessary to rebuild a boot partition. To rectify this situation, Windows Server 2003 includes a new feature called Automated System Recovery (ASR). ASR works by making a backup of the system and boot partitions (if different) to tape or other media. It then saves the catalog and other operating system information, such as system state, and disk partition information to a floppy disk.

When a problem occurs that cannot be fixed by using any of the other repair and recovery methods, or if you have replaced a failed boot drive, you need to restore the boot partition. Using ASR, this is as simple as booting your server from the Windows Server 2003 CD-ROM, and then inserting the floppy disk and the backup media created by the ASR process. The boot partition is automatically restored for you.

Note: System and Boot Partitions

Remember from Chapter 12, "Managing Server Storage Devices," that the boot partition contains the operating system files, whereas the system partition contains the startup files, such as Ntldr and Ntdetect.com. In most situations, the system and boot partitions are on the same volume.

ASR installs a generic installation of Windows Server 2003 and then uses this generic installation to mount and restore your boot partition from the backup media created by ASR. This process not only restores the information on your boot drive, it also restores the disk signatures and re-creates the boot partition or volume, if necessary. It does not recover or delete any data volumes.

The advantage of using ASR is that it automates the restoration of your server. For example, in previous versions of Windows NT and Windows 2000, after a disk failure, you would be required to do the following:

1. Repartition and format the new hard drive.

2. Load a generic installation of Windows, including any specialized drivers.

3. Restore the system and boot partitions from a backup tape.

With ASR, after booting from the Windows Server 2003 CD-ROM, you insert the ASR floppy and the backup tape, and all these steps are performed for you.

ASR should be run regularly so that the backup media contains the most current configuration to be used for server recovery. ASR is implemented using the Windows Server 2003 Backup utility's Automated System Recovery Wizard.

The ASR Wizard can be used to create an ASR backup set using the procedure outlined in Step by Step 17.16.

Step by Step 17.16 Creating an ASR backup 1. From the Start menu, click Start, All Programs, Accessories, System Tools, Backup. 2. The Backup or Restore Wizard appears. Click the highlighted Advanced Mode link to open the Backup utility. 3. From the Backup utility's Advanced Mode window, shown in Figure 17.43, select the Automated System Recovery Wizard button. Figure 17.43. The Backup utility's Advanced Mode screen, displaying the ASR Wizard button. 4. The ASR Wizard opening screen appears. Click Next to continue. 5. The Backup Destination screen appears. Select the desired options and then click Next to continue. 6. The Completing the Wizard screen appears. Click Finish to continue. 7. The Backup program backs up the boot partition to your selected media. When prompted, insert a blank, formatted floppy disk.

To repair your system using ASR, you must start from the Windows Server 2003 CD. During the setup process, select F2, when prompted, and then insert the floppy disk and the backup media.

When needed, ASR can be used to restore a server using the procedure outlined in Step by Step 17.17.

Step by Step 17.17 Restoring an ASR backup 1. Load the Windows Server 2003 CD-ROM in your CD-ROM drive. 2. Restart the server. When you see the prompt shown in Figure 17.44, press the F2 key. Figure 17.44. Press the F2 key to start ASR. 3. When prompted, insert the floppy disk and press the Enter key.

ASR uses the setup configuration files stored on the floppy disk to restore the boot partition to its state at the time the ASR media set was built.

Exam Alert: Know the Recovery Methods

You should be familiar with the various recovery methods for Windows Server 2003, as well as when and how to use each one.