Exercises 17.1. Using Last Known Good Configuration A very common problem in Windows is the installation and recovery from the effects of bad device drivers. The effects of a faulty device driver can range from poor performance to a blue screen. As a system administrator, you need to be able to recover from this type of incident. What is the best way to accomplish this in Windows Server 2003? On your own, try to develop a solution that involves the least amount of downtime. If you would like to see a possible solution, follow these steps: Estimated Time: 20 minutes 1. | Open Regedit. Delete the Registry key HKLM\SYSTEM\CurrentControlSet\Control\SystemBootDevice.
| 2. | Restart the server. You should get a blue screen, possibly with the message "Inaccessible Boot Device."
| 3. | Restart the server. If Windows Server 2003 is the only operating system installed, you have to press F8 early in the boot process, just after the POST screen disappears. Otherwise, when you see the prompt Please Select the Operating System to Start, press the F8 key at the first OS screen.
| 4. | The Advanced Options Menu screen appears. On this screen, use the arrow keys to select the Last Known Good Configuration option.
| 5. | You're now back at the operating system screen. Select the operating system you want to start and then press the Enter key. The server boots normally.
|
17.2. Using the Recovery Console Another common problem in Windows is the corruption of system files. This prevents a server from booting properly, or it can result in a system stop error. It is important to understand the capabilities and limitations of the tools used to correct these types of situations. For this exercise, one of the Windows Server 2003 system files is corrupt. The server will no longer boot. Even Safe Mode is not available. Your job is to fix the server while incurring the least amount of downtime. What is the best way to accomplish this in Windows Server 2003? On your own, try to develop a solution that involves the least amount of downtime. If you would like to see a possible solution, follow these steps: Estimated Time: 20 minutes 1. | Open either My Computer or Windows Explorer. Select Tools, Folder Options, and then click the View tab. Unhide the hidden files.
| 2. | In the root folder on the boot drive, remove the read-only attribute from the boot.ini file.
| 3. | Make a copy of boot.ini and name it boot.sav.
| 4. | Open boot.ini with a text editor and delete all the lines under [operating systems].
| 5. | Save the file.
| | | 6. | Reboot the server. You should get a boot error, most likely "Cannot find NTLDR."
| 7. | Insert the Windows Server 2003 CD-ROM and start the server.
| 8. | In the Windows Server 2003 Setup procedure, select the option to repair the operating system.
| 9. | Select Recovery Console as your repair method.
| 10. | The system boots to the Recovery Console screen.
| 11. | Select the operating system to load. This will probably be number 1.
| 12. | Enter the Administrator password.
| 13. | From the command prompt, type del boot.ini.
| 14. | From the command prompt, type ren boot.sav boot.ini.
| 15. | Type Exit to restart the server. It should boot normally.
|
Exam Questions | 1. | Mary scheduled Windows Backup to run unattended during the night to back up her server. When she came in the next day, she examined the backup logs, and the backup not only took a lot longer to complete than she thought it would, but there were also messages in the log about skipped open files. What is Mary's problem? 
| A. | She left too many files open. |
| B. | She ran the command-line version of Backup instead of the GUI version. |
| C. | Volume Shadow Copy was disabled. |
| D. | She forgot to dump her SQL database before starting the backup. |
| | 2. | Volume Shadow Copy is enabled on a volume that hosts the user data files. On Friday, a user tries to use the Previous Versions client to access a copy of a file that she has been working on every day that week. However, she has versions only from Wednesday forward. What is the most likely problem?
| A. | The Volume Shadow Copy Service wasn't enabled until Wednesday. |
| B. | The user doesn't have the proper rights to see all the files. |
| C. | The area designated for Volume Shadow Copy is too small. |
| D. | She hasn't saved a copy of the file since Wednesday. |
| | | | 3. | John, a junior system administrator, just loaded new video drivers on a Windows Server 2003 server. After the installation, he rebooted the server and immediately received a blue screen. What's the quickest way for John to recover from this problem?
| A. | Rebuild the server using Automated System Recovery (ASR). |
| B. | Go into Safe Mode, delete the driver, and reboot. |
| C. | Boot into the Recovery Console, delete the driver, and reboot. |
| D. | Boot the server and select Last Known Good Configuration. |
| | 4. | Jane is one of the network administrators for Big Company, Inc. Jane is responsible for managing and maintaining all the database servers in the organization. As part of her duties, Jane maintains current backups of all the servers she is responsible for, along with various boot disks and other items necessary for recovery purposes. One day, Jane comes to work and one of her servers has blue screened. It seems that one of the junior administrators was upgrading device drivers and, after he rebooted, got a blue screen. Jane proceeds to try Last Known Good Configuration, then Safe Mode, and then the Recovery Console, but those methods don't seem to repair the problem. What is her next step?
| A. | Rebuild the server using Automated System Recovery (ASR). |
| B. | Go into Safe Mode, restore the system state data, and reboot. |
| C. | Boot into the Recovery Console, restore the system state data, and reboot. |
| D. | Repair the server using the emergency repair disk (ERD). |
| | 5. | Fred reboots one of his Windows Server 2003 domain controllers and receives the message that NTOSKRNL.EXE cannot be found. What is the quickest way to repair this problem?
| A. | Boot his server from a DOS disk and copy the NTOSKRNL.EXE file from the Windows Server 2003 CD-ROM. |
| B. | Boot his server from the Recovery Console and copy the NTOSKRNL.EXE file from the Windows Server 2003 CD-ROM. |
| C. | Boot his server from Safe Mode and copy the NTOSKRNL.EXE file from the Windows Server 2003 CD-ROM. |
| D. | Boot his server from the Windows Server 2003 CD-ROM and select the Repair option. Then copy the NTOSKRNL.EXE file from the Windows Server 2003 CD-ROM. |
| | | | 6. | Your Windows Server 2003 uses a SCSI adapter that is not included on the Hardware Compatibility List (HCL). You install an updated driver for the SCSI adapter. When you start the computer, you receive the following STOP error: "INACCESSIBLE_BOOT_DEVICE."
Which of the following procedures can you use to resolve the problem?
| A. | Start the computer in Safe Mode. Reinstall the old driver for the SCSI adapter. |
| B. | Start the computer by using a Windows Server 2003 bootable floppy disk. Reinstall the old driver for the SCSI adapter. |
| C. | Start the computer by using the Windows Server 2003 CD-ROM. Load the Recovery Console and replace the SCSI driver. |
| D. | Recover the system and boot partitions using ASR. |
| | 7. | You are trying out a TCP/IP Registry hack that you saw in a magazine. After carefully making the change using Regedit, you reboot your server. However, it hangs on the logon screen. What is the best way to correct this problem?
| A. | Restart the server in Safe Mode. Undo the Registry change. |
| B. | Restart the computer and boot to the Recovery Console. Undo the Registry change. |
| C. | Restart the server and select Last Known Good Configuration from the Advanced Options Menu screen. |
| D. | Restart the server in Safe Mode with Networking. Undo the Registry change. |
| | 8. | You are the administrator of a Windows Server 2003 Active Directory domain with multiple sites. As part of your job, you perform daily system state backups on your domain controllers. Unfortunately, one of your junior administrators opened a file that contains a virus on one of your domain controllers. This virus seems to have deleted several users and groups in your Active Directory database on one of your domain controllers. What action should you take?
| A. | Quickly unplug the domain controller from the network, format the hard drive, and recover from backup. |
| B. | On one of the other domain controllers, use Windows Backup to restore the system state data. Run Ntdsutil. |
| C. | On one of the other domain controllers, boot into Directory Service Restore mode. Use Windows Backup to restore the system state data. Run Ntdsutil. |
| D. | On one of the other domain controllers, boot into Safe Mode. Use Windows Backup to restore the system state data. Run Ntdsutil. |
| | | | 9. | You are the administrator of a Windows Server 2003 Active Directory domain with multiple sites. As part of your job, you perform daily system state backups on your domain controllers. Unfortunately, one of your junior administrators opened a file that contains a virus on one of your domain controllers. This virus seems to have deleted several users and groups in your Active Directory database on several domain controllers. What action should you take?
| A. | Unplug the domain controller from the network, format the hard drive, and recover from backup. |
| B. | On one of the other domain controllers, use Windows Backup to restore the system state data. Run Ntdsutil. |
| C. | On one of the other domain controllers, boot into Directory Service Restore mode. Use Windows Backup to restore the system state data. Perform an authoritative restore. |
| D. | On one of the other domain controllers, boot into Safe Mode. Use Windows Backup to restore the system state data. Run Ntdsutil. |
| | 10. | Bob is the system administrator for Good Times Inc., a manufacturer of various leisure-time accessories. The Good Times network consists of 12 Windows Server 2003 servers, 10 Windows 2000 servers, and 700 Windows XP Professional clients. The Recovery Console is installed on each domain controller. Every Friday at 11:00 p.m., you run the Automated System Recovery (ASR) Wizard in conjunction with removable storage media. Every night at midnight, you use third-party software to perform full backups of user profiles and user data on removable storage media. One Friday at 8:00 p.m., an administrator reports that the CA database on a domain controller named GT1 is corrupted. You need to restore the database as quickly as possible. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
| A. | Restart GT1 by using Directory Services Restore Mode. |
| B. | Restart GT1 by using the installation CD-ROM. |
| C. | Perform a nonauthoritative restoration of Active Directory. |
| D. | Perform an authoritative restoration of Active Directory. |
| E. | Use the ASR disk to restore the contents of the ASR backup file. |
|
Answers to Exam Questions | 1. | C. When Volume Shadow Copy is enabled, and the backup process encounters an open file, a snapshot of the file is copied to another area on disk, and that snapshot copy of the file is backed up. Volume Shadow Copy is enabled by default for backups, but it can be deselected if desired. See "Volume Shadow Copy." | | 2. | C. The most likely cause is that the Volume Shadow Copy area is too small. Volume Shadow Copy can store only 64 copies, and it starts deleting the oldest versions when it reaches that number or when it runs out of disk space. See "Volume Shadow Copy." | | 3. | D. Although any of the other answers would work, the quickest way to recover from a bad driver installation is to boot the server using Last Known Good Configuration. See "Last Known Good Configuration." | | 4. | A. The next recovery step to attempt after Jane has tried Last Known Good Configuration, Safe Mode, and the Recovery Console is Automated System Recovery. ASR deletes and reformats the boot partition and then reloads it from backup. Restoring the system state data usually will fix a driver problem because it restores the Registry, but that had already been tried. The ERD doesn't exist in Windows Server 2003 (it has been replaced by ASR). See "Implementing Automated System Recovery (ASR)." | | 5. | B. A DOS disk won't be able to read an NTFS disk, which is what's installed by default on a domain controller. Safe Mode won't be available if the NTOSKRNL.EXE file is corrupted or missing. The Repair option from the install procedure requires the ASR recovery media. Because the Recovery Console uses its own miniversion of Windows Server 2003 to boot the server, it can be used to copy and repair system files. See "Recovery Console." | | 6. | C, D. Safe Mode does not work because the boot partition is inaccessible because of the driver problem. There is no boot floppy for Windows Server 2003. The Recovery Console has its own copy of Windows Server 2003 so that you can still boot to it. ASR will also work. See "Recovery Console." | | 7. | C. Restarting a server and selecting Last Known Good Configuration is the quickest and easiest way to correct most bad Registry edits. See "Last Known Good Configuration." | | | | 8. | A. Because the virus has affected only a single domain controller, you should take it off the network before it replicates changes to the other domain controllers. Then you should rebuild the domain controller from backup. See "Using Directory Services Restore Mode to Recover System State Data." | | 9. | C. Because the problem has started replicating to other domain controllers, your only choice is to perform an authoritative restore, which overwrites the bad copy of the AD database with a good copy from your backups. See "Using Directory Services Restore Mode to Recover System State Data." | | 10. | A and C. To restore the CA database, which is backed up as part of the System State data, we must restart the server in Directory Services Restore mode. Because we don't need to overwrite any Active Directory data, we will perform a nonauthoritative restore. ASR is not required because the server is still operational. See "Using Directory Services Restore Mode to Recover System State Data." |
Suggested Readings and Resources 1. Disaster Recovery Whitepaper. Microsoft Corporation. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/deployguide/sdcbc_sto_gqda.asp. 2. How ASR Works. Microsoft Corporation. http://technet2.microsoft.com/WindowsServer/en/Library/7b4f0436-cc90-4b52-b6ab-064f9db8d2721033.mspx?mfr=true. 3. How to Troubleshoot Startup Problems in Windows Server 2003. Microsoft Corporation. http://support.microsoft.com/kb/325375/. 4. Shadow Copy Whitepaper. Microsoft Corporation. http://www.microsoft.com/windowsserver2003/docs/SCR.doc. |
