As good old Ben Franklin was known to say, "Failure to prepare is preparing to fail." This is truer than ever with modern operating systems, and while Windows 2000 includes a number of exceptionally useful recovery modes and tools, you still need to prepare for potential problems. Some of these techniques are covered in detail in other chapters and are discussed here only briefly, while others are covered here at length.
A fault-tolerant system is one that is prepared to continue operating in the event of key component failures. This technique is very useful for servers running critical applications. Here are a few of the many ways to ensure fault tolerance in a system:
Back up the system and system state regularly using a good Windows 2000 backup program. If a hard disk fails and must be replaced and you're not using some sort of RAID array, the data and system can be restored from backup. (If you lose the system entirely, you'll need to install Windows 2000 on it before restoring the original system.) See Chapter 34 for details on using the Windows 2000 backup program. Appendix E covers an assortment of third-party backup tools for the enterprise.
Windows 2000, like Microsoft Windows NT, can create an emergency repair disk (ERD) to help rescue the system in the event of a disaster. The ERD contains important information that can be used to fix system files, the boot sector, and the startup environment. The ERD is easy to make, and it is very useful in the event of a disaster.
TIP
In Windows 2000, you may have noticed that you didn't get prompted to create an emergency repair disk during installation, as you do during Windows NT setup. In fact, the entire procedure has changed. Now, to create an emergency repair disk, you run Windows 2000's Backup program.
To make a fresh emergency repair disk, you will need a floppy that you don't mind being formatted. Always use a freshly formatted floppy to create an ERD. It's also a good idea to have a backup of your ERD, so always keep at least one generation back. We also like to keep an original ERD created immediately after the installation process as a kind of ultimate fallback position. To make an ERD, follow these steps:
Figure 33-1. The Windows 2000 Backup window.
NOTE
The emergency repair disk is not bootable; it must be used in conjunction with the Windows 2000 setup disks.
REAL WORLD Using the Emergency Repair Disk Effectively
What, exactly, is on the emergency repair disk? Well, certainly not all the stuff that used to be there in Windows NT. Instead of trying to fit all of the files necessary to recover your system onto a single floppy, a task that had become more than a little problematic, Windows 200 now copies only the MS-DOS subsystem initialization files, Autoexec.nt and Config.nt, as well as a single file, Setup.log, which points to the location of the repair files are on your server.Unfortunately, with this change, it's a little more difficult to maintain multiple generations of repair information. Get in the habit of saving a copy of the %windir%\repair directory onto a secondary or even tertiary location before updating the emergency repair disk. This will give you a fallback should you inadvertently update the information before you're sure it's stable. If you need to go back to earlier information, just copy it back into the %WinDir%\repair directory (probably by using the Recovery Console, discussed later in this chapter and in Chapter 37).
Whenever you make a major change to your system, it's a good idea to make a fresh copy of the ERD before you make the change. This lets you have a fallback position if something goes wrong. If something doesn't work right, you can quickly restore the previous configuration. Once you've confirmed that the new configuration is stable and working, then and only then should you update your ERD for that server. Before you make a new emergency repair disk, copy the entire %WinDir%\repair directory tree to your failsafe location. At worst, you can recover from that failsafe location.
What constitutes a major change? Adding, removing, or otherwise modifying the hard disks or their partitions, formats, configurations, and so on, for one. Any time you make a change to the hard disk configuration, you'll definitely want to make a fresh ERD just before you make the change. Another major change would be the addition of a new component to the server, such as adding Microsoft Exchange Server or Microsoft SQL Server. Any changes made from Control Panel are candidates for redoing the ERD as well.
Windows 2000 includes a set of four disks that can be used to boot the computer if you cannot boot from the hard disk. If the system supports booting from a CDROM using the El Torito standard, you can boot from the Windows 2000 CD-ROM. Otherwise, you need these disks to boot the system in the case of an emergency.
If you have lost the original disks or need to create another set, you can do so. You will need four 1.44-MB floppy disks. While it would be really handy to use a single Zip disk instead, booting from a Zip disk is not supported. (OK, if your Zip drive is drive A: you can use your Zip drive, but you'll still need four disks—they'll just be mostly empty). Follow these steps to create new setup disks:
We know; you're thinking that you just did this, but there is yet another floppy disk you can create for safety and recovery convenience. It's a plain old boot disk. Although a Windows 2000 boot disk doesn't get you to a command prompt, as a Windows 95 or Windows 98 boot disk does, it does permit you to boot the system under the following circumstances (provided that your actual Windows 2000 installation isn't damaged in any other way):
The boot disk can also be used to boot from the shadow drive of a broken mirror set, although you may need to edit the Boot.ini file on the boot disk.
REAL WORLD Why MS-DOS Boot Disks Won't Help
More than one person new to Windows 2000 has accidentally deleted or corrupted a key file required to boot the system and tried to recover by digging out an old MS-DOS boot floppy. Alas, it doesn't work.The files you need to get your hard drive back to booting condition aren't even on an MS-DOS floppy. When you install Windows 2000, it modifies the system's boot sector to look for and run a file called Ntldr. When you format a floppy under MS-DOS, even when you make it a system disk, this file doesn't get created, since MS-DOS doesn't know anything about Windows 2000.
As such, a boot disk is occasionally useful, and since it's easy to make and floppy disks grow on trees (although these trees are rarely seen outside of the Microsoft campus), you might as well make one. The boot disk is not generic for every Windows 2000 machine. However, if you have a standard configuration across several machines, this disk will work for all of the machines that use the same partition and disk controller as their Windows 2000 boot partition. Follow these steps to create a boot disk:
TIP
If you're currently using a Windows 2000 computer, you can simply format a disk using Windows 2000's Format utility and then proceed to step 6.
TIP
To find out what drive file you're using for the SCSI adapter, open the Computer Management snap-in from the Administrative Tools folder on the Programs menu. Then click Device Manager in the console tree, select the SCSI adapter, and click the Properties toolbar button. Click the Driver tab, and then click the Driver Details button. The driver file is listed in the Driver File Details dialog box.
REAL WORLD ARC Naming Conventions
Understanding how the hard disks and partitions are named on your system is not a trivial task, unfortunately. To provide a uniform naming convention across multiple platforms, Microsoft uses a fairly arcane designation for all of the disks and partitions on your computer. Called ARC—short for Advanced RISC Computing—this is a generic naming convention that can be used in the same way for both Intel-based and RISC-based computers.The convention describes the adapter type and number, the disk number, the rdisk number, and finally the partition number. The format is as follows:
<adaptertype>(x)disk(y)rdisk(z)partition(n)where <adaptertype> can be either scsi, multi, or signature. Use multi for all non-SCSI adapters and for SCSI adapters that use a BIOS—as most adapters used with Intel-based processors do. The (x) will be the adapter number, starting at zero. If <adaptertype> is signature, (x) will be an 8-character drive signature.
The value for (y) will be the SCSI ID of the disk for SCSI adapters. For multi this will always be zero. The number for (z) will be zero for scsi, and it will be the ordinal number of the disk for multi, starting with zero. Finally, the partition number (n) will be the number of the partition on the target disk. Here the partitions start at one, with zero reserved for unused space.
One of the most useful new recovery features in Windows 2000 is the Recovery Console. This is basically an enhanced, NTFS-enabled, secure command prompt that can be used to copy files, start and stop services, and perform other recovery actions if you can't boot the system using Windows 2000's new safe mode. The Recovery Console is always available for use via the four Windows 2000 setup disks or the CD-ROM; however, you can also install it as an option on the Boot menu for use in those instances when you can't boot using Windows 2000 safe mode. You'll still need to use the boot disk if you can't get to the Boot menu or if the Recovery Console is damaged. To install the Recovery Console, follow these steps:
Figure 33-2. The Windows 2000 Setup window.
You can specify how you want Windows 2000 to deal with system crashes by changing a few options in the System tool in Control Panel. To do so, follow these steps:
Figure 33-3. The Startup And Recovery dialog box.
An excellent way to recycle an old, small drive that's not good for much else is to use it as an external recovery drive. This drive needs to be only about 700 MB at a minimum. The recovery drive can even be used for several servers if you set it up as a portable device. Using a recovery drive in this way offers a somewhat cheaper alternative to mirroring the drive.
To create the recovery drive, install a minimal Windows 2000 Server on the drive, configuring your swap file to be on that drive. Make sure that the installation includes the tape driver you will be using for tape backup. Create a bootable Windows 2000 floppy disk, following the procedure outlined earlier in the section "Creating a Boot Disk," and edit the Boot.ini file on it to point to the SCSI address of the recovery drive.
When a system failure occurs, simply cable the recovery drive to the server and boot from the boot disk that points to the recovery drive. If the recovery drive has sufficient user accounts and software to keep your system running, you can run off the recovery drive until you can schedule a full-scale repair or replacement of the failed drive. When you are able to take the system down and replace the failed drive, all you need to do is restore your backup tape to it and restart the server. You can even do the restore in the background while you continue to run off the recovery drive if necessary.