Most Windows Server 2003 services that contain a database or local files are backed up with the system state but also provide alternate backup and restore options. Because the system state restore is usually an all-or-nothing proposition except when it comes to cluster nodes and domain controllers, restoring an entire system state may deliver undesired results if only a specific service database restore is required. This section outlines services that either have separate backup/restore utilities or require special attention to ensure a successful backup. Disk Configuration (Software RAID Sets)Disk configuration is not a service but should be backed up to ensure that proper partition assignments can be restored. When dynamic disks are used to create complex volumes such as mirrored, striped, spanned, or RAID 5 volumes, the disk configuration should be saved. This way, if the operating system is corrupted and needs to be rebuilt from scratch, the complex volumes will need to have only their configuration restored, which could greatly reduce the recovery time. Only an automated system recovery backup can back up disk and volume configuration. Certificate ServicesInstalling Certificate Services creates a Certificate Authority (CA) on the Windows Server 2003 system. The CA is used to manage and allocate certificates to users, servers, and workstations when files, folders, email, or network communication needs to be secured or encrypted. When the CA allocates a certificate to a machine or user, that information is recorded in the certificate database on the local drive of the CA. If this database is corrupted or deleted, all certificates allocated from this server become invalid or unusable. To avoid this problem, the certificates and Certificate Services database should be backed up frequently. Even if certificates are rarely allocated to new users or machines, backups should still be performed regularly. Certificate Services can be backed up in three ways: by backing up the CA server's system state, using the Certificate Authority Microsoft Management Console (MMC) snap-in, or using the command-line utility Certutil.exe. Backing up Certificate Services by backing up the system state is the preferred method because it can be easily automated and scheduled. But using the graphic console or command-line utility adds the benefit of being able to restore Certificate Services to a previous state without restoring the entire server system state or taking down the entire server for the restore. To create a backup of the Certificate Authority using the graphic console, follow these steps:
Domain Name ServiceDomain Name Service (DNS) configuration data is stored in the Registry and is backed up with the system state backup. For each DNS zone that is hosted on the Windows Server 2003 system, a backup zone file is created and stored in the %systemroot%\DNS\Backup folder. These files can be backed up and used to restore a DNS zone to the same server after a restore or to a completely different server. For information on how to create a DNS zone from an existing file, refer to Chapter 33 on restoring DNS data. Note Active Directoryintegrated zones will not have a valid backup file in the DNS/backup folder. To back up an Active Directory-integrated zone, perform a system state backup on any AD domain controller running DNS and hosting the zone. Windows Internet Naming ServiceWindows Internet Naming Service (WINS) is a database composed of NetBIOS names and their corresponding IP addresses. The NetBIOS names include domain, server, and workstation names, along with other records used to identify services such as the master browser. The WINS database is backed up by performing a system state backup of the WINS server or by initiating a backup using the WINS console. Because the WINS database is populated by servers and workstations dynamically, in some cases backing up may not be necessary. When WINS contains several static mappings, a WINS backup is essential because records will not be re-created automatically if the WINS database is corrupted or rebuilt from scratch. Also, even if only dynamic records populate the database, each device registers with WINS only on startup and then periodically, so the record may not be re-created in time. This results in NetBIOS-dependent clients failing to locate the proper server or workstation. To create a backup using the WINS console, perform the following steps:
Dynamic Host Configuration ProtocolThe Dynamic Host Configuration Protocol (DHCP) server is responsible for assigning IP addresses and options to devices on the network in need of network configuration. DHCP allocates IP configurations, including IP addresses, subnet masks, default gateways, DNS servers, WINS servers, and for RIS servers, TFTP servers and boot filenames. Other IP options can be configured, depending on the organization's needs. These IP address scope properties and options are stored in the DHCP database. This database also stores the information concerning IP address leases and reservations. The DHCP database is backed up with a server system state backup, but it can also be backed up using the DHCP console. To back up the DHCP database from the console, follow these steps:
Distributed File SystemThe Distributed File System (DFS) is a Windows Server 2003 service that improves file share availability by providing a single unified namespace to access shared folders hosted across different servers. When domain DFS roots are used, DFS targets can be configured to replicate with one another using the File Replication Service. Domain DFS stores the DFS root, link, target, and replication information in Active Directory. When a standalone DFS root is used, the configuration is stored in the DFS root server's Registry. Backing up the system state of a standalone DFS root server backs up the DFS configuration. For domain DFS roots, backing up the system state of a domain controller accomplishes this task. More information on DFS can be found in Chapter 30. A command-line utility called Dfscmd.exe can be used to list standalone or domain DFS root information, including root targets, links, and link targets. This information can be saved to a file and be used to restore this information if the DFS configuration is lost. This utility does not list, record, or re-create replication connections for domain DFS roots and targets that are configured for replication. To create a file containing DFS root configurations, perform the following steps:
Note Dfscmd.exe is a great tool because it can be used to back up DFS configuration information, but it cannot create the initial DFS root target, nor can it copy replication information for domain DFS targets that are configured for replication. To back up domain DFS completely, perform a backup of the Active Directory database by backing up the system state of a domain controller in the appropriate domain. Internet Information ServicesInternet Information Services (IIS) is Windows Server 2003's Web and FTP server. It is included on every version of the Windows Server 2003 platform but is not installed by default. IIS stores configuration information for Web and FTP site configurations and security in the IIS metabase. The IIS metabase can be backed up by performing a system state backup of the server running IIS, but it can also be backed up using the IIS console. The IIS metabase should be backed up separately before and after an IIS configuration change is made to ensure a successful rollback and to have the latest IIS configuration data backed up after the update. To back up the IIS metabase using the IIS console, perform the following steps:
Before a change is made to the IIS configuration, a backup should be manually created first. When the change is completed, the administrator should either perform another backup or choose the option to save the configuration to disk. The administrator can save new IIS configuration changes to disk by right-clicking the IIS server, selecting All Tasks, and then choosing Save Configuration to Disk. This option works correctly only after a change has been made that has not yet been recorded in the IIS metabase. Backing Up the Remote Storage ServiceThe Remote Storage service keeps track of managed volume configurations and migrated data using the Remote Storage database. To back up the Remote Storage database, the administrator needs to back up the information in the system state. If the Remote Storage service is installed, the administrator can back up the data associated with the remote storage media and migrated data by simply backing up the data contained in the following directories: %systemroot%\System32\Ntmsdata %systemroot%\System32\Remotestorage If the Remote Storage service is running, the data in the Remote Storage folder cannot be backed up unless the system state is backed up. Note The Remote Storage database is backed up only when the system state is backed up using an account with Administrative access on the server. Backing Up the Removable Storage ServiceThe two services Remote Storage and Removable Storage sound similar and sometimes are mixed up with one another. The Remote Storage service is used to manage a volume. The Removable Storage service is used to manage removable media, such as tapes and optical media. To back up the Removable Storage media information, back up the following directory: %systemroot%\System32\Ntmsdata |