Professional Documents
Culture Documents
Windows Server 2003: Unleashed
Windows Server 2003: Unleashed
Windows Server 2003: Unleashed
Microsoft ®
UNLEASHED
Second Edition
Rand Morimoto
Kenton Gardinier
Michael Noel
Omar Droubi
Presented by:
When a new computer service, application, or operating • Using the Volume Shadow
system platform is introduced into a network, it always Copy Service
requires attention in the area of backup and disaster recovery
• Windows Server 2003 Service
planning. Administrators are faced with the task of creating a
Backup Options
disaster recovery plan, which can seem to be an intimidating
task. Disaster recovery planning is analogous to the age-old • Media Management for
question, “What came first: the chicken or the egg?” How Windows Server 2003 Backup
does it compare? For a disaster recovery plan, the question and the Remote Storage
may be “What comes first: the backup plan or the recovery
Service
plan?” At least in this case, the answer is simple: They
complement one another, so they should be planned in • Windows Server 2003 Startup
parallel. Troubleshooting Utilities
Before a backup plan can be created, administrators must
understand what types of failures or disasters they need to
plan for and the recovery requirements for each of these fail-
ures. Learning first what is necessary for a recovery gives
administrators a list of all the elements they may need to
back up for recovery when a particular failure is encountered.
Reproduced from the book Microsoft Windows Server 2003 Unleashed, 2nd Edition. Copyright 2005,
Sams Publishing. Reproduced by permission of Pearson Education, Inc., 800 East 96th Street, Indianapolis,
IN 46240. Written permission from Pearson Education, Inc. is required for all other uses.
42 0672326671 CH32 5/12/04 1:43 PM Page 1004
When they know what needs to be backed up, they can then create the backup plan. So it
is recommended that administrators research each server service and application to under-
stand what is necessary for recovery so that their backup plan will target the correct infor-
mation.
This chapter covers disaster recovery planning, providing tips, tricks, and best practices on
implementing a backup and recovery strategy. In addition, it also provides step-by-step
instructions for using tools built into Windows Server 2003.
Elements of a Disaster
Disasters come in many shapes and forms. This chapter covers backing up Windows Server
2003, but it would not be complete unless we at least outlined all the different areas that
should be investigated and addressed when tasked with creating a disaster recovery plan
for a computer and networking infrastructure. Knowing what sorts of disasters to plan for
is the first step in disaster recovery planning. The following sections describe a few basic
disaster types.
Power Outage
Power outages can occur at any time unexpectedly. Some power outages are caused by bad
weather and other natural disasters, but other times they can be caused by high power
consumption. In the summer of 2001, many businesses located in northern California in
the United States were left without power because the power company could not reroute
power from the rural areas to the highly utilized areas such as Silicon Valley. Many busi-
nesses were unable to function because the core of their work was conducted on
computers.
42 0672326671 CH32 5/12/04 1:43 PM Page 1005
Network Outage
Organizations that use computer networks internally or externally to the Internet are all
susceptible to network outages, causing loss of productivity and possibly revenue.
Problems include a network line being mistakenly cut, the Internet service provider being
purchased or sold, and a new organization inadvertently disconnecting the main connec-
tion for the office. Or, a network router or other network equipment, including hubs,
32
switches, network interface cards, or even network cables, can fail.
Hard Drive Failure Hard drives have been singled out as a possible cause of server hard-
ware failure. Windows Server 2003 supports hot-swappable hard drives, but only if the
server chassis and disk controllers support such a change. Windows Server 2003 supports
two types of disks: basic disks, which provide backward compatibility, and dynamic disks,
which allow software-level disk arrays to be configured without a separate hardware-based
disk array controller. Also, both basic and dynamic disks, when used as data disks, can be
moved to other servers easily to provide data or disk capacity elsewhere if a system hard-
ware failure occurs and the data on these disks needs to be made available as soon as
possible.
NOTE
If hardware-level RAID is configured, the controller card configuration should be backed up using
a special vendor utility, or it may need to be re-created from scratch if the disks are moved to a
new machine.
Software Corruption Software corruption can occur at many different levels. There could
be software corruption in a file’s access control list (ACL), an operating system’s file, or an
application could have mistakenly overwritten files or folders. Systems providing access to
databases are also susceptible to database corruption, so special care should be taken to be
sure the databases are frequently backed up and that proper backup and restore techniques
are understood.
plan to back up and be able to document them from top to bottom. This process involves
a discovery that includes mapping out both computer technology systems in place as well
as business processes used in the organization. While systems can be recovered and
replaced, if any changes occur after the recovery, users need training on or communica-
tion about such changes. Therefore, the process of learning about the environment
involves understanding the technology and the business processes in use in the organiz-
ation.
For example, a company that sells products via telephone or through a Web site may
depend heavily on the database server that stores all the shipments, orders, and inventory;
but it may not rely so heavily on the email server, which is used to send out marketing
and order confirmation email messages. If, in the former example, the database server
became unavailable in the middle of the afternoon, impact on the business could be
tremendous because Web site orders would not be available. Phone orders would also
suffer because orders may be taken for products that are out of stock. If the email server
fails, it would need to be repaired and brought back online, but no loss of revenue would
come as a direct result.
42 0672326671 CH32 5/12/04 1:43 PM Page 1007
Every environment is different, so no single answer can be given when it comes to priori-
tizing the environment. The best advice is to plan carefully. Only the top few services and
applications in the prioritized list will become part of the bare minimum services list.
32
up and running for the business to continue to function. For example, a bare minimum
computer service for a retail outlet could be a server that runs the retail software package
and manages the register and receipt printer. For an engineering consulting firm, it could
be the engineers’ workstations and the CAD/CAM applications, the file server that stores
the blueprints, and the network plotter.
Before the executives can make a decision on how they want to fund the IT department
for disaster recovery planning, they should have all the pertinent information to make the
most informed decision. When a D/R solution or information is proposed to management,
the solution should contain costs associated with additional hardware, complex configura-
tions, and a service-level agreement (SLA) estimating how long it will take to recover the
service should a failure occur. Also, different options should be presented to show how
different failure scenarios can be accommodated. For example, a spare server with the
same specs as a production server can be used to test patches and application updates
before they are applied on the production server, thus reducing risks associated with
untested updates. This spare server can also be used if a component on the production
server fails; the exact component can be swapped out with the spare server, if not the
entire server itself.
42 0672326671 CH32 5/12/04 1:43 PM Page 1008
It is a good idea to present the preferred D/R solution but also a few alternative lower-cost
solutions as well. Most likely, the lower-cost solutions will also bring longer downtime
intervals, but they may seem reasonable to the executives funding the solution. Getting
the budget approved for a secondary D/R plan is better than getting no budget for the
preferred plan. The staff should always try to be very clear on the service-level agreements
and try to document or have a paper trail concerning D/R solutions that have been
accepted or denied. If a failure that could have been planned for occurs but budget was
denied, IT staff members or IT managers should make sure to have all their facts straight
and documentation to prove it. In the end, regardless of who denied the budget and who
chose which failure to plan for, IT staff will always take the blame, so they should push to
get the best plan approved.
NOTE
For complete information on documenting the Windows Server 2003 environment, refer to
Chapter 24, “Documenting a Windows Server 2003 Environment.”
help IT staff follow a particular server build process to ensure that when new servers are
added to the network, they all meet company server standards.
Hardware Inventory
Documenting the hardware inventory on an entire network might not always be neces-
sary, but it can be beneficial nonetheless. Many tools are available, such as Microsoft
32
Systems Management Server (SMS), that can assist with hardware inventory by automating
much of the process of gathering and recording the necessary information. These tools are
especially useful in larger organizations. The amount and type of information the organi-
zation collects will vary, and can include every system or device, select network environ-
ment components, or specific information such as serial numbers or processor speed.
Network Configurations
Network configuration documentation is essential when network outages occur. Current,
accurate network configuration documentation and network diagrams can help simplify
and isolate network troubleshooting when a failure occurs.
WAN Connection
WAN connectivity should be documented for enterprise networks that contain many sites
to help IT staff understand the enterprise network topology. This document helps the staff
figure out how long an update made in Site A will take to reach Site B. This document
should contain information about each WAN link, including circuit numbers, ISP contact
names, ISP tech support phone numbers, and the network configuration on each end of
the connection. It can be used to troubleshoot and isolate WAN connectivity issues.
Recovery Documentation
Recovery documentation, such as the server build document mentioned previously, can
become reasonably complex and focused on a particular task. Recovery documentation
aids an administrator in recovering from a failure for a particular server, server platform,
specific service, or application. Recovery documentation will be covered in Chapter 33,
“Recovering from a Disaster.”
42 0672326671 CH32 5/12/04 1:43 PM Page 1010
Updating Documentation
One of the most important, yet sometimes overlooked, tasks concerning documentation is
the updating of documentation. Documentation is tedious, but outdated documentation
can be worthless if many changes have occurred since the document was created. For
example, if a server configuration document was used to re-create a server from scratch
but many changes were applied to the server after the document was created, the correct
security patches may not be applied, applications may be configured incorrectly, or data
restore attempts could be unsuccessful. Whenever a change will be made to a network
device, printer, or server, documentation outlining the previous configuration, proposed
changes, and rollback plan should be created before the change is approved and carried
out on the production device. After the change is carried out and the device is functioning
as desired, the documentation associated with that device or server should be updated.
Assigning only primary and secondary resources to specific devices or services can help
improve the overall security and reliability of the device. By limiting who can back up and
restore data, and possibly who can manage the device, to just the primary and secondary
qualified staff members, the organization can rest assured that only competent individuals
are working on systems they are trained to manage. Even though the backup and restore
responsibilities lie with the primary and secondary resources, the backup and recovery
32
plans should still be documented and available to the remaining IT staff.
Before an SLA can be defined, the IT staff member responsible for a device must under-
stand what is necessary to recover that device from any type of failure. Also, that person
must limit the SLA to only the failure types planned for in the approved disaster recovery
solution. For example, say a site outage is not planned for. The SLA may state that, if the
device fails, it can be recovered using spare hardware and be back online in two hours or
less. On the other hand, if a site failure occurs, there is no estimated recovery time because
offsite backup media may need to be collected from an outside storage provider and hard-
ware may need to be purchased or reallocated to re-create the device. The more specific
the SLA is, the better the chance of covering every angle.
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”C: Windows Server 2003,
➥Enterprise” /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS=”Boot Mirror C: - secondary plex”
The preceding example is taken directly from a Boot.ini file from a Windows Server 2003
system using software-level RAID 1 for the system partition. The secondary plex is just a
reference, but the disk controller and disk volume information point the boot loader to
connect to the correct remaining partition.
Sometimes a boot floppy is necessary, especially if the boot and system volumes are differ-
ent and the boot files are inaccessible. In a situation like this, a boot floppy is priceless. To
create a boot floppy, simply format a floppy disk, and then from the local server console,
copy the Boot.ini, NTLDR, and NTDETECT files to the floppy disk. When the BIOS cannot
locate the boot loader files, this floppy can be used to boot the system and point the
system to the correct volume containing the operating system files.
Backing Up the Windows Server 2003 Operating System and Services 1013
services. To provide the most disaster recovery options, many services have their own
backup tools and may require additional attention. This section discusses ways to back up
a Windows Server 2003 system to prepare for complete server failure or to be able to
recover to a previous state. This section also outlines specific Windows Server 2003
services that have tools to aid in the backup recovery process.
32
Backing Up Boot and System Volumes
A backup strategy for every Windows Server 2003 system should always include the boot
and system disk volumes. On many installations, the boot and system volume are one and
the same, but sometimes they are located on completely separate volumes, usually on
dual-boot computers. For the rest of this section, we will assume that they are both on the
same partition, and we will refer to it as the system volume. This volume contains all the
files necessary to start the core operating system. It should be backed up before and after a
change is made to the operating system and once every 24 hours if possible.
When applications are installed, they will, by default, install on the system partition
unless a different partition is specified during installation. On average, the amount of data
on the system volume, with applications and services installed, is anywhere from 1GB to
5GB. System volume usage can be on the high end when administrators forget to purge or
archive logs such as the Web and FTP logs, if they are used on the system.
NOTE
When system volumes are backed up, the system state should be backed up at the same time to
simplify recovery if a server needs to be rebuilt from scratch.
state, the critical data is certainly being backed up. A few services provide alternative
backup and restore options. The procedures for backing up these services are outlined in
the section titled “Using the Windows Server 2003 Backup Utility (ntbackup.exe)” later in
this chapter.
How the server is configured determines what else, other than the three items listed previ-
ously, will be contained in the system state. On a domain controller, the system state also
contains the Active Directory database and the SYSVOL share. On a cluster, it contains the
cluster quorum data. When services such as Certificate Server and Internet Information
Server, which contain their own service-specific data, are installed, these databases are not
listed separately but are backed up with the system state.
Even though the system state contains many subcomponents, using the programs
included with Windows Server 2003, the entire system state can be backed up only as a
whole. When recovery is necessary, however, there are several different options.
Recovering data using a system state backup will be covered in Chapter 33.
The system state should be backed up every night to prepare for several server-related fail-
ures. A restore of a system state is very powerful and can return a system to a previous
working state if a change needs to be rolled back or if the operating system needs to be
restored from scratch after a complete server failure.
The Restore mode password is server-specific and created on each domain controller. If the
password is forgotten, and the domain controller is still functional, it can be changed
using the command-line tool ntdsutil.exe, as shown in Figure 32.1. The example in Figure
32.1 changes the password on the remote domain controller named dc1.companyabc.com.
42 0672326671 CH32 5/12/04 1:43 PM Page 1015
32
FIGURE 32.1 Changing the Active Directory Restore mode password using ntdsutil.exe.
ntbackup.exe utilizes the Volume Shadow Copy service to back up opened files and truly
create a complete point-in-time system backup. A new feature to the Backup utility is the
Automated System Recovery option, which can be used to restore a server from scratch,
including re-creating disk volumes. One major limitation of the utility is that it can back
up only open files and the system state, and create an ASR backup of the local server.
Remote Storage
The Windows Server 2003 Remote Storage service provides hierarchical storage manage-
ment for the data stored on volumes. This service can be configured to migrate data from
a volume to remote storage media based on when a file was last accessed or when a
42 0672326671 CH32 5/12/04 1:43 PM Page 1016
predetermined free disk space threshold is reached. When a particular file or folder is
migrated to remote storage media, the file is replaced with a link called a junction point.
When this link is accessed by the system or an end user, the data is migrated from the
remote media back to the volume and the file access date is updated.
Remote Storage is not really intended to be a backup solution because the remote storage
media can still be the single location of the migrated data; however, if a complete server
failure occurs, the data on the remote storage media is recoverable. Windows Server 2003
Backup can be used to read and restore the data on the remote storage media; however,
the original location of the data will not be preserved unless the Remote Storage service
and database are restored first. For more details on Remote Storage, refer to the “Using
Remote Storage” section later in this chapter.
VDS gives administrators more flexibility and control over the disk subsystem. Specifically,
external disks used for disk virtualization can be easily managed and maintained just as
easily as if the storage were local to the server.
Although VDS is not considered a backup and restore utility, it is a service that administra-
tors have long awaited for backup and recovery purposes. For instance, administrators can
more easily allocate and deallocate storage either through a script or the GUI that can be
used for storing backup snapshots.
42 0672326671 CH32 5/12/04 1:43 PM Page 1017
NOTE
Many organizations are using VDS to create storage volumes for backup snapshots to disk. These
snapshots are then backed up to tape during the nightly backup routine. This allows administra-
tors to easily take snapshots periodically during the day to further safeguard data without sacrific-
ing performance or availability.
32
By default, Windows Server 2003 incorporates basic and dynamic VDS providers, and
many VDS providers can be obtained from hardware vendors. These third-party VDS
providers supply LUN discovery and management services.
Modes of Operation
The Windows Backup utility can run in two separate modes: Wizard and Advanced.
Wizard mode provides a simple interface that allows a backup to be created in just a few
easy steps:
1. Choose to back up or restore files and settings.
3. Choose what data to back up only if you do not choose the option to back up every-
thing.
4. Specify the backup media, tape, or file.
That is all it takes to use Wizard mode, but features such as creating a scheduled backup
and choosing to disable Volume Shadow Copy can be performed only using Advanced
mode.
42 0672326671 CH32 5/12/04 1:43 PM Page 1018
Advanced mode provides greater granularity when it comes to scheduling and controlling
backup media security and other backup options. In the following sections concerning
Windows Server 2003 Backup, we will use Advanced mode.
Advanced Mode
Running the Windows Server 2003 Backup utility in Advanced mode enables administra-
tors to configure all the available options for backups. Scheduled backups can be created;
specific wizards can be started; and advanced backup options can be configured, such as
verifying backup, using volume shadow copies, backing up data in remote storage, and
automatically backing up system-protected files.
2. If this is the first time you’ve run Backup, it will open in Wizard mode. Choose to
run it in Advanced mode by clicking the Advanced Mode hyperlink. You can option-
ally uncheck the Always Start in Wizard Mode option to always start in Advanced
mode.
3. Click the Backup Wizard (Advanced) button to start the Backup Wizard.
5. On the What to Back Up page, select Back Up Selected Files, Drives, or Network Data
and click Next to continue.
6. On the Items to Back Up page, expand Desktop\My Computer in the left pane and
choose each of the local drives and the system state, as shown in Figure 32.2. Then
click Next to continue.
7. Choose your backup media type and choose the correct media tape or file. If you’re
creating a new file, specify the complete path to the file, and the backup will create
the file automatically. Click Next to continue.
8. If the file you specified resides on a network drive, ensure that there is enough free
space to accommodate the backup size.
32
9. If you chose tape for the backup, choose the media for the backup and choose to use
a new tape.
10. Click the Advanced button on the Completing the Backup Wizard page to configure
advanced options.
11. Choose the backup type and choose whether to back up migrated remote storage
data. The default settings on this page will fit most backups, so click Next to
continue.
12. Choose whether a verify operation will be run on the backup media and click Next.
Disabling Volume Shadow Copy would be an option if a backup were just backing
up local volumes, not the system state.
13. Choose the Media Overwrite option of appending or replacing the data on the
media and click Next.
14. On the When to Back Up page, choose to run the backup now or to create a sched-
ule for the backup. If you chose Now, skip to step 18.
15. If a schedule will be created, enter a job name and click the Set Schedule button.
16. On the Schedule Job page, select the frequency of the backup, start time, and start
date, as shown in Figure 32.3, and click OK when completed. You can set additional
configurations using the Settings tab.
17. On the Set Account Information page, enter the user account name and password
that should be used to run the scheduled backup and click OK when completed.
19. Click Finish to save the scheduled backup or immediately start the backup job.
20. When the backup is complete, review the backup log for detailed information and
click Close on the Backup Progress window when finished.
To perform an ASR backup, an administrator needs a blank floppy disk and a backup
device; either a tape device or disk will suffice. One point to keep in mind is that an ASR
backup will back up each local drive that contains the operating system and any applica-
tions installed. For instance, if the operating system is installed on drive C: and MS Office
is installed on drive D:, both of these drives will be completely backed up because the
Registry has references to files on the D: drive. Although this can greatly simplify restore
procedures, it requires additional storage and increases backup time for an ASR backup.
Using a basic installation of Windows Server 2003 Enterprise server with only basic
services installed, an ASR backup can average 1.3GB to less than 4GB or 5GB.
ASR backups should be created for a server before and after any hardware changes are
performed or when a major configuration change occurs with the system. ASR backups
contain disk information including basic or dynamic configuration and volume set type.
They save volume or partition data so that when an ASR restore is complete, only the data
stored on storage volumes needs to be recovered.
1. Log on to the server using an account that has the right to back up the system. (Any
Local Administrator or Domain Administrator has the necessary permissions to
complete the operation.)
42 0672326671 CH32 5/12/04 1:44 PM Page 1021
3. If this is the first time you’ve run Backup, it will open in Wizard mode. Choose to
run it in Advanced mode by clicking the Advanced mode hyperlink.
4. Click the Automated System Recovery Wizard button to start the Automated System
Recovery Preparation Wizard.
32
5. Click Next after reading the Automated System Recovery Preparation Wizard
welcome screen.
6. Choose your backup media type and choose the correct media tape or file. If you’re
creating a new file, specify the complete path to the file, and the backup will create
the file automatically. Click Next to continue.
7. If you specified a file as the backup media and it resides on a network drive, click OK
at the warning message to continue.
8. If you chose tape for the backup, choose the media for the backup and choose to use
a new tape.
9. Click Finish to complete the Automated System Recovery Preparation Wizard and
start the backup.
10. After the tape or file backup portion completes, the ASR backup prompts you to
insert a floppy disk to hold the recovery information. Insert the disk and click OK to
continue.
11. Remove the floppy disk as requested and label the disk with the appropriate ASR
backup information. Click OK to continue.
12. When the ASR backup is complete, click Close on the Backup Progress windows to
return to the backup program or click Report to examine the backup report.
NOTE
The information contained on the ASR floppy disk is also stored on the backup media. The ASR
floppy contains only two files, asr.sif and asrpnp.sif, that can be restored from the backup media
and copied to a floppy disk if the original ASR floppy cannot be located.
ASR backs up only the system and boot partitions. ASR backups, on average, are between
1.3GB to 5GB. To prevent ASR backups from getting too large, user data and file shares
should be kept off the system and boot volumes.
Although this service does not provide filesystem fault tolerance, using Remote Storage to
manage a volume can improve reliability and recoverability by keeping disk space avail-
able and by reducing the amount of data that needs to be backed up or restored when a
disk failure occurs. To install and configure the Remote Storage service, refer to Chapter
30, “Filesystem Fault Tolerance.”
If only a single copy of the media master set is made, the remote storage media data
would be lost if a site failure occurred. To prevent this from happening, all remote storage
media master sets should be copied once or up to two times for redundancy and offsite
storage. To enable remote storage master media set copies, at least two or more drives
enabled for Remote Storage must be available.
To set the number of media copies for Remote Storage, follow these steps:
1. Log on to the server using an account that has the right to back up the system. (Any
Local Administrator or Domain Administrator has the necessary permissions to
complete the operation.)
3. In the left pane of the console, right-click Remote Storage and select Properties.
5. Under the Number of Media Copy Sets, choose 0, 1, or 2 to configure the number of
copies. Remember that this option will be enabled only if more than one drive for
remote storage media is available on the system.
6. Click OK to save the option, close the Remote Storage console, and log off the server.
32
Using the Volume Shadow Copy Service
As a new addition to Windows Server 2003, the Volume Shadow Copy Service (VSS) adds
the ability to quickly restore data that was deleted from a volume locally or through a
network-mapped drive or network file share. Over time, there will be several add-ons to
Windows Server 2003 that will extend the functionality of VSS; however, what is built into
the operating system already provides a series of data recovery functions. If an organiza-
tion has available disk capacity, VSS should be enabled as a standard setting for a Client
Services–focused networking environment.
1. Log on to the desired server using an account with Local Administrator access.
6. Right-click Disk Management, select All Tasks, and click Configure Shadow Copies.
7. On the Shadow Copies page, select a single volume for which you want to enable
shadow copies and click Settings.
8. The Settings page allows you to choose an alternate volume to store the shadow
copies. Select the desired volume for the shadow copy.
9. Configure the maximum amount of disk space that will be allocated to shadow
copies.
42 0672326671 CH32 5/12/04 1:44 PM Page 1024
10. The default schedule for shadow copies is twice a day at 7:00 a.m. and 12:00 p.m. If
this does not meet your business requirements, click the Schedule button and
configure a custom schedule.
11. Click OK to enable shadow copies on that volume and return to the Shadow Copies
page.
12. If necessary, select the next volume and enable shadow copying; otherwise, select
the enabled volume and immediately create a shadow copy by clicking the Create
Now button.
13. If necessary, select the next volume and immediately create a shadow copy by click-
ing the Create Now button.
14. After the shadow copies are created, click OK to close the Shadow Copies page, close
the Computer Management console, and log off the server.
Limitations
The Volume Shadow Copy service should not be considered a tool for backing up and
restoring servers to previous states. The Windows Server 2003 Backup utility should be
used to back up the system volume and system state. Volume Shadow Copy works well for
data volumes, and that is what Volume Shadow Copy backups should be focused toward.
For system drives, Volume Shadow Copy may be used to restore some of the files on the
system to a previous state, but Windows File Protection does a reasonably good job of
protecting operating system files without volume shadow copies.
To use vssadmin.exe to delete the oldest shadow copy on a volume, perform the following
steps:
1. Log on to the desired server using an account with Local Administrator access.
32
4. Type vssadmin.exe delete shadows /For=C: /Oldest /Quiet and then press Enter
to delete the oldest shadow copy for the C volume.
5. Type exit and press Enter to close the command prompt and log off the server.
To schedule this operation, create a text document using Notepad, type the command in
step 4, and then press Enter. Save the file with a .bat or .cmd extension. Finally, open the
Control Panel, select Scheduled Tasks, and create a new task to execute this file during the
desired schedule.
Certificate Services
Installing Certificate Services creates a Certificate Authority (CA) on the Windows Server
2003 system. The CA is used to manage and allocate certificates to users, servers, and
workstations when files, folders, email, or network communication needs to be secured or
encrypted.
deleted, all certificates allocated from this server become invalid or unusable. To avoid this
problem, the certificates and Certificate Services database should be backed up frequently.
Even if certificates are rarely allocated to new users or machines, backups should still be
performed regularly.
Certificate Services can be backed up in three ways: by backing up the CA server’s system
state, using the Certificate Authority Microsoft Management Console (MMC) snap-in, or
using the command-line utility Certutil.exe. Backing up Certificate Services by backing up
the system state is the preferred method because it can be easily automated and scheduled.
But using the graphic console or command-line utility adds the benefit of being able to
restore Certificate Services to a previous state without restoring the entire server system
state or taking down the entire server for the restore.
To create a backup of the Certificate Authority using the graphic console, follow these
steps:
1. Log on to the Certificate Authority server using an account with Local Administrator
rights.
2. Open Windows Explorer and create a folder named CaBackup on the C: drive.
4. Expand the Certificate Authority icon and select the desired CA server.
5. From the console window, select the Action pull–down menu and select All Tasks,
BackUp CA.
7. On the Items to Back Up page, check the Private Key and CA Certificate box and the
Certificate Database and Certificate Database Log box, as shown in Figure 32.4.
8. Specify the location to store the CA backup files. Use the folder created in the begin-
ning of this process. Click Next to continue.
9. When the CA certificate and private key are backed up, this data file must be
protected with a password. Enter a password for this file, confirm it, and click Next
to continue.
32
NOTE
To restore the CA private key and CA certificate, you must use the password entered in step 9.
Store this password in a safe place, possibly with the Master account list.
NOTE
Active Directory–integrated zones will not have a valid backup file in the DNS/backup folder. To
back up an Active Directory-integrated zone, perform a system state backup on any AD domain
controller running DNS and hosting the zone.
Because the WINS database is populated by servers and workstations dynamically, in some
cases backing up may not be necessary. When WINS contains several static mappings, a
WINS backup is essential because records will not be re-created automatically if the WINS
database is corrupted or rebuilt from scratch. Also, even if only dynamic records populate
the database, each device registers with WINS only on startup and then periodically, so the
record may not be re-created in time. This results in NetBIOS-dependent clients failing to
locate the proper server or workstation.
42 0672326671 CH32 5/12/04 1:44 PM Page 1028
To create a backup using the WINS console, perform the following steps:
1. Log on to the WINS server using an account with Local Administrator access.
3. If the local WINS server does not appear in the window, right-click WINS in the left
pane and select Add Server.
4. Type in the NetBIOS or fully qualified domain name of the WINS server and
click OK.
7. In the lower section of the General tab, type in the path where the WINS backup
should be stored. Check the box to enable WINS database backup during server shut-
down, as shown in Figure 32.5.
9. Right-click the WINS server in the left pane and select Back Up Database.
10. When the Browse for Folder window opens, select the appropriate folder to back up
the WINS database and click OK to perform the backup.
11. A pop-up window appears stating whether the backup was successful. If it was, click
OK, close the WINS console, and log off the WINS server.
42 0672326671 CH32 5/12/04 1:44 PM Page 1029
12. If the backup failed, check Permissions in the specified directory to ensure that the
logged-on user and system account have at least Modify privileges. Then attempt the
backup again.
32
The Dynamic Host Configuration Protocol (DHCP) server is responsible for assigning IP
addresses and options to devices on the network in need of network configuration. DHCP
allocates IP configurations, including IP addresses, subnet masks, default gateways, DNS
servers, WINS servers, and for RIS servers, TFTP servers and boot filenames. Other IP
options can be configured, depending on the organization’s needs.
These IP address scope properties and options are stored in the DHCP database. This data-
base also stores the information concerning IP address leases and reservations. The DHCP
database is backed up with a server system state backup, but it can also be backed up using
the DHCP console.
To back up the DHCP database from the console, follow these steps:
1. Log on to the DHCP server using an account with Local Administrator access.
3. If the local DHCP server does not appear in the window, right-click DHCP in the left
pane and select Add Server.
4. Type in the fully qualified domain name for the DHCP server and click OK.
5. Right-click the DHCP server in the left pane and select Properties.
7. In the Backup Path field, the default location for the DHCP database is already popu-
lated. If this location is acceptable, click OK. If it is not the correct location, type in
or browse for the appropriate backup folder.
8. Right-click the DHCP server in the left pane and choose Backup.
9. Select the folder specified in the DHCP Backup Location field in the DHCP Server
Advanced property page.
10. When the backup is complete, no confirmation pop-up window will appear. If it
fails, an error will be displayed. Close the DHCP console and log off the server.
replicate with one another using the File Replication Service. Domain DFS stores the DFS
root, link, target, and replication information in Active Directory. When a standalone DFS
root is used, the configuration is stored in the DFS root server’s Registry. Backing up the
system state of a standalone DFS root server backs up the DFS configuration. For domain
DFS roots, backing up the system state of a domain controller accomplishes this task. More
information on DFS can be found in Chapter 30.
A command-line utility called Dfscmd.exe can be used to list standalone or domain DFS
root information, including root targets, links, and link targets. This information can be
saved to a file and be used to restore this information if the DFS configuration is lost. This
utility does not list, record, or re-create replication connections for domain DFS roots and
targets that are configured for replication.
To create a file containing DFS root configurations, perform the following steps:
1. Log on to either the standalone DFS root server or a server in the domain using an
account with privileges to create domain DFS roots and links.
2. Click Start, Run and then type cmd.exe. Press Enter when you’re done to open the
command prompt.
3. To create a file containing all the root and link targets associated with a domain DFS
root called \\Companyabc.com\Apps, type
Dfscmd.exe /View \\Companyabc.com\Apps /Batchrestore > DFSrestore.bat and
press Enter. This will create a file that can be used to restore additional root targets
and create links and link targets when the initial DFS root target is re-created.
NOTE
Dfscmd.exe is a great tool because it can be used to back up DFS configuration information, but
it cannot create the initial DFS root target, nor can it copy replication information for domain
DFS targets that are configured for replication. To back up domain DFS completely, perform a
backup of the Active Directory database by backing up the system state of a domain controller in
the appropriate domain.
To back up the IIS metabase using the IIS console, perform the following steps:
1. Log on to the IIS server using an account with Local Administrator access.
2. Click Start, All Programs, Administrative Tools, Internet Information Services (IIS)
Manager.
3. If the local IIS server does not appear in the window, right-click Internet Information
32
Services in the left pane and select Connect.
4. Type in the fully qualified domain name for the IIS server and click OK.
5. Right-click the IIS server in the left pane and select All Tasks, Backup/Restore
Configuration.
6. The Configuration Backup/Restore window lists all the automatic IIS backups that
have been created. Click the Create Backup button.
7. Enter the backup name and, if necessary, check the Encrypt Backup Using Password
box. Enter and confirm the password, and click OK when you’re finished, as shown
in Figure 32.6.
Before a change is made to the IIS configuration, a backup should be manually created
first. When the change is completed, the administrator should either perform another
backup or choose the option to save the configuration to disk. The administrator can save
new IIS configuration changes to disk by right-clicking the IIS server, selecting All Tasks,
and then choosing Save Configuration to Disk. This option works correctly only after a
change has been made that has not yet been recorded in the IIS metabase.
If the Remote Storage service is installed, the administrator can back up the data associ-
ated with the remote storage media and migrated data by simply backing up the data
contained in the following directories:
%systemroot%\System32\Ntmsdata
%systemroot%\System32\Remotestorage
If the Remote Storage service is running, the data in the Remote Storage folder cannot be
backed up unless the system state is backed up.
NOTE
The Remote Storage database is backed up only when the system state is backed up using an
account with Administrative access on the server.
To back up the Removable Storage media information, back up the following directory:
%systemroot%\System32\Ntmsdata
Media Pools
The Windows Server 2003 Removable Storage service organizes media within media pools
so that policies and permissions can be applied and different functions can be performed.
For example, the backup media pool is allocated for media created using Windows Server
2003 Backup. Only users granted the privilege to back up or restore the system, or admin-
ister the removable media service, have access to this media pool.
42 0672326671 CH32 5/12/04 1:44 PM Page 1033
Free Pool
The free pool contains media that can be used by any backup or archiving software that
utilizes the Windows Server 2003 Removable Storage service. Media in this pool are
usually blank media or media marked as clean, and can be overwritten and reallocated.
32
The remote storage pool is used on a server only if the Remote Storage server has been
installed. This pool stores media allocated for the Remote Storage service. If no tape is
found, the device reallocates media from the free pool.
Imported Pool
When media are inserted into a tape device and inventory is run, if the media are not
blank and not already allocated to the remote storage pool or backup media pool, they are
stored in the imported media pool. If the media are known to have been created with
Windows Server 2003 Backup, opening the backup program and performing a catalog
should be sufficient to reallocate this media to the backup pool set.
Backup Pool
The backup pool contains all the media allocated to the Windows Server 2003 Backup
program.
Recovery Console
The Recovery Console provides an alternative bootup method when Safe mode and
normal boot does not work. The Recovery Console can be installed after the operating
system has already been loaded, or it can be called while booting a system from the
Windows Server 2003 setup CD.
42 0672326671 CH32 5/12/04 1:44 PM Page 1034
1. Log on to the desired server using an account with Local Administrator access.
3. Type cmd.exe in the Start, Run dialog box and click OK to open a command prompt.
4. Change the drive focus in the command prompt to the drive letter of the CD-ROM
drive.
6. Type winnt32.exe /cmdcons and press Enter. This command will start the Recovery
Console setup, as shown in Figure 32.7.
7. Click Yes to begin the installation of the Recovery Console. After the installation is
finished, click OK. When the installation is complete, the boot.ini file will contain
an option to boot into the Recovery Console when the system is starting up.
Summary
When it comes to disaster recovery planning and backing up a Windows Server 2003
system, there are many issues to consider. Specialized utilities can be leveraged for specific
backup tasks, but for complete server backup, the command-line utility ntbackup.exe can
take care of most of the Windows Server 2003 backup requirements.
32
Best Practices
• Make sure that disaster recovery planning includes considerations for the physical
site, power, entire system failure, server component failure, and software corruption.
• Identify the different services and technologies, points of failure, and critical areas;
then prioritize in order of importance.
• Make sure that the D/R solution contains costs associated with additional hardware,
complex configurations, and a service-level agreement estimating how long it will
take to recover the service should a failure occur. Different options should also be
presented.
• Document the server configuration for any environment regardless of size, number
of servers, or disaster recovery budget.
• Back up system volumes and the system state at the same time to simplify recovery
if a server needs to be rebuilt from scratch.
• Perform an ASR backup after the server is built, updated, configured, and secured.
Also, perform an ASR backup when hardware configurations change and periodically
otherwise.
• Set an appropriate size limit for the shadow copies. Volumes that have many files
changed daily should have larger limits than volumes whose data does not change
very often.
• Schedule shadow copies to run more often on heavily used drives, at least twice
a day.
• Keep the number of stored volume shadow copies to a minimum to keep manage-
ment simple.
• Don’t restore Active Directory–integrated zones using a backup file. Instead, the
zones should be created empty and the domain controller should re-create the
records.
• Ensure that the Remote Storage database will be backed up by backing up the system
state.