Subscribe to Windows IT Pro
August 19, 2002 12:00 AM

Win2K Disaster Recovery

Step-by-step instructions to help you recover your data
Ed Roth
Windows IT Pro
InstantDoc ID #25954
Rating: (0)

Restore the Normal Backup Sets
Select the Restore tab from the main NTBackup interface. From here you can highlight each piece of cataloged media to see a list of available backup sets. Select the most recent Normal backup sets for all volumes on your system. To make the selection process easier, click the Method column label to sort each set by backup method. Each backup set you want to restore should have a check mark in the box next to the volume name, and the method for each set should be Normal, as Figure 3 shows. Because NTBackup always uses the Copy method to back up the System State data, you don't need to restore this data at this point because the most recent System State backup occurred with the last Differential backup.

After you select which data you want to restore, select Original location in the Restore files to drop-down box and ensure that Always replace appears beneath the If files already exist text. Next, click Start Restore to open the Confirm Restore dialog box, then click the Advanced button to ensure that NTBackup will properly handle your restored files. Most important, assuming you're using NTFS volumes, make sure that you select the option to restore the appropriate security with your files. Other options will depend on whether you're using Removable Storage, Junction Points, Volume Mount Points, or File Replication Service (FRS) in your environment. Make your selections, then click OK twice to begin the restore process. If the correct media isn't in the drive, NTBackup will prompt you to insert it.

Restore the Differential Backup Sets and System State Data
After you successfully restore the Normal backup sets, NTBackup will prompt you to reboot your server. During the reboot, press F8 when Starting Windows is displayed to open the Windows 2000 Advanced Options Menu. Select Directory Services Restore Mode, which lets you perform a nonauthoritative restore of AD. (When and why you should perform an authoritative restore is outside the scope of this discussion, and the need to do so shouldn't coincide with a disaster-recovery operation. For information about performing an authoritative restore and a nonauthoritative restore of AD, see Sean Daily, "Repairing and Recovering AD," page 53.) Log on using an account with appropriate permissions to restore data.

Open NTBackup and select the Restore tab. The media you cataloged will still be present. This time, locate and select the most recent System State and Differential backup sets. The previous operation might have restored settings related to how NTBackup operates, so you might need to revisit the Options dialog box to make sure that restored files will overwrite the files on disk.

After you've made your selections and you're satisfied with your restore location and overwrite settings, click the Start Restore button. NTBackup will display a warning message about overwriting the System State. Click OK on the warning dialog box, then select the Advanced Restore Options button. When performing a nonauthoritative restore of AD, you must select the Restore junction points and restore file and folder data under junction points to the original location option. Verify that the other settings in the Options dialog box meet your needs, then click OK twice to begin the restore. NTBackup will prompt you to insert appropriate media if it isn't already in the drive and ask you to reboot the server following the restore.

Restore Open Files
The server is now online and you've restored all your data, but a few steps remain to finish the recovery process. You will recall that you wrote a quick script to back up the DHCP and WINS database files in the \%systemroot%\svcbak directory. To restore those two services to their predisaster state, you need to reverse the initial process you used to back them up.

For the DHCP database files, perform the following steps:

  1. Stop the DHCP service by typing at the command prompt
    2. net stop dhcpserver
  2. Delete all files from the \%systemroot%\system32\dhcp directory.
  3. Copy all files from the \%systemroot%\svcbak\dhcp directory to the \%systemroot%\system32\dhcp directory.
  4. Restart the DHCP service by typing at the command prompt
    5. net start dhcpserver

For WINS, perform the following steps:

  1. Stop the WINS service by typing at the command prompt
    2. net stop wins
  2. Delete all files from the \%systemroot%\system32\wins directory.
  3. Copy all files from your chosen WINS backup location to the \%systemroot%\system32\wins directory.
  4. Restart the WINS service by typing at the command prompt
    5. net start wins

Test the Server and Services
After you restart the services, use their respective consoles to verify the services are behaving properly; if possible, make sure the services are responding appropriately to client requests. Also, verify the functionality of other critical services and file systems on the server. If any problems exist, you'll hear about them from your users. By looking for any mistakes that require another restore from tape, you can head off problems now.

If You Really Need to Know, Test It
The procedure I've outlined for restoring your data after a disaster should serve as a model for drafting your own recovery process. A solid backup strategy and offsite storage of media and recovery documentation are keys to ensuring the recoverability of your servers. Slight variations in your environment might necessitate modifications to this process.

The only way to know exactly what's required for a foolproof recovery is to step through the process at least once (using a test server, not a production server), document all phases of the process, and create a collection of everything you used (e.g., tape drive and SCSI drivers, documentation of your server's disk configuration) to ensure a successful recovery. If possible, place these items, as well as a step-by-step procedure for executing the recovery, in a recovery kit and place the kit at your offsite media storage location. If you don't have the time to create your own document, perhaps you can use this article as a generic substitute.

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
  • Trevor Paynting
    8 years ago
    Jan 15, 2004

    Ed Roth's article "Win2K Disaster Recovery" (September 2002, http://www.winnetmag.com, InstantDoc ID 25954) was interesting. Could I use a similar procedure to restore a Windows NT Server 4.0 system, particularly an NT 4.0, Terminal Server Edition (WTS) machine? Also, does NT 4.0 have a utility that's similar to Windows 2000's Microsoft System Information (msinfo32.exe)?




    For the most part, the strategy outlined in "Win2K Disaster Recovery" pertains to NT Server 4.0, too. However, the number of differences in functionality, terminology, and appearance among the versions of NTBackup software included with the respective OSs might make following the Win2K-specific backup application instructions tough. If you can correlate the important operations, you'll be able to make the backup work. For example, the NTBackup software that NT 4.0 includes doesn't have a System State backup option, but you can tell it to back up the local registry. In addition, in NT 4.0 you need to use Windows Microsoft Diagnostics (WinMSD—winmsd.exe), the precursor to msinfo32.exe, to gather system configuration information, and you need to back up the WINS database without the assistance of the Net Shell utility, which NT doesn't support. Perhaps the most important operation regardless of OS or backup software is to test the process to see how well you can recover a test server and make adjustments as necessary.


    —Ed Roth

  • David Jenkins
    9 years ago
    Mar 19, 2003

    I must be missing something fundemental but I have not been able to restore a system from backup. This document goes from restoring data to "it's working". Is there a resource that actually gives step by step. This article sure didn't.

  • Jakob Hussfelt
    10 years ago
    Dec 10, 2002

    Ed Roth is discussing an interesting subject here. I want to point out a nice feature with Windows 2000 that makes part of Listing 1 a bit superfluous (a candidate for correction?) though.

    Listing 1 contains a few lines for making a backup copy of the DHCP database. This was needed in Windows NT 4.0, but is since Windows 2000 a system automated process we don't have to care much about. A Windows 2000 machine by default makes a backup copy of the DHCP database every 60 minutes to %SystemRoot%\\system32\\dhcp\\backup\\Jet. The interval (specified in minutes) can be configured by the administrator altering the registry value HKLM\\SYSTEM\\CurrentControlSet\\Services\\DHCPServer\\Parameters\\BackupInterval and then restarting the DHCP Server service.

    Note that you would still want to include the directory %SystemRoot%\\system32\\dhcp\\backup\\Jet in your regular file backups.

  • Ed Roth
    10 years ago
    Oct 30, 2002

    You make an excellent point. Sometimes we focus so much on not losing any data that we don't think about intentionally deleted files and the repercussions of reintroducing them. I should have mentioned this problem in the article.

  • Kees Schouten
    10 years ago
    Oct 30, 2002

    In "Win2K Disaster Recovery" (September 2002, InstantDoc ID 25954), Ed Roth described how to restore a system by using a normal backup and a differential backup. I'm not familiar with the NTBackup program, but I don't think it's fundamentally different from other backup programs (we use Computer Associates'--CA's--ARCserve). After you restore a normal backup and a differential backup, the system might not be an exact copy of the system before the crash. Files that were deleted after the normal backup and before the differential backup will be on the system after the restore operation. This reintroduced data could be a real problem if your software relies on time-stamped files. To solve this problem, you should generate a complete filelist right before the differential backup. After restoring the differential backup, you should compare the restored filelist with an actual filelist. Another solution is to use object auditing and check the Security logs for deleted objects.

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.