Title: Small Business Server Disaster Recovery Myths, Mystery & Magic
1(No Transcript)
2Small Business Server Disaster Recovery
- Wayne Small SBS-MVP
- Technical Director
- Correct Solutions Pty Ltd
- SBSfaq.com
3SBS Disaster RecoveryIt all works like normal
on one server, or multiple servers
Illustration Courtesy of SBSmigration.com
4SBS Disaster RecoveryIt all works like normal
use one server, or multiple servers
- SBS 2003 or R2 can be recovered, repaired, or
replaced without impact to the domain using only
a Full Server and System State restore via the
included SBS Backup program. - More options can be better
- All remaining discussion on this topic relates
more to risk mitigation, or faster recovery time. - Application tuned incremental recovery options
exist. - Drive Imaging or 3rd Party Backup products are
best viewed as optional, but valuable.
5SBS is a Bad DR Risk?Myth SBS Domain DC Options
- Probably this concern is very overblown
- Most continuity options DR strategies from
non-SBS domain and servers apply to SBS as well - Any single server environment has challenges,
- but this is what the budget limited market needs
for now. - SBS domain allows adding separately licensed
servers. - Typically this has a lower cost than non-SBS!
- Multi-Server, Multi-DC, Fault-Tolerant options
are available - 1 Hurdle in SBS DR is unrelated to SBS licensing
- Namespace dependent application server
- plus
- Coincidental DC/Exchange on one box
6Windows Small Business Server 2003
- SBS 2003 Standard Edition
- Windows 2003 Server Domain Controller
- Exchange 2003 Server
- Fax / Print File Server
- Sharepoint Server / Collaboration
- Remote Web Workplace
- Automated Deployment and Management Tools
- Monitoring and Remote Management
- Extremely nice OS CALs price point
- New in R2 WSUS 3.0 Management Integrated to
MMC 3.0 - SBS 2003 Premium Edition
- SQL Server 2000 R2 2005 Workgroup
- ISA Server 2000 or 2004 R2 2004
7Migration DR Methods too often Abandon the SBS
Domain
Production Domain
New Domain
Illustration Courtesy of SBSmigration.com
8SBS 2003 Server Responsibilities
Illustration Courtesy of SBSmigration.com
9(No Transcript)
10SBS Disaster Recovery Myths
- SBS Domain DC Options
- Hardware Device Dependency
- Different Hardware Recovery
- Myths System Repair Options
- Recovery and Maintenance Planning
11Only 1 DC in SBS Domain? Myth SBS Domain DC
Options
- All SBS versions allow multiple-DCs
- SBS is constrained to retain all FMSO roles
- Only one SBS may permanently operate in a single
domain.
All SBS
12SBS cant Join Existing Domain? Myth SBS Domain
DC Options
- SBS 2003 CD1 Setup boot (including OEM releases)
allow SBS to install into an existing compliant
domain - EULA allows Time-limited use of a second SBS 2003
in an SBS domain for transitions / upgrades - In-Place Upgrade of existing 200x DC can allow
SBS 2003 or R2 to install into existing domain - ADMT migration from an existing domain preserves
object SIDs, but not the domain itself.
SBS 2003
13SBS FSMO Constraints are a Risky and Major
Recovery Problem? Myth SBS Domain DC Options
- Flexible Server Management Operations (FSMO)
roles are system operation authority which can be
movedby transfer or seizure. - All DCs in a common domain maintain identical
full catalog copies of that AD domain by default - Global Catalog (GC) roles are not required to
distribute a complete replica inside a single
domain model
SBS 200x
Win 200x
14Cant Recover Domain from Dead DC or SBS? Myth
SBS Domain DC Options
- Graveyard Swing Migration can successfully pull
back not only a server but a domain - A recovery server replaced by Swing Migration
with a clean server preserves the domain - Dead solo DC is not the end of the domain
- Backup DC and recovery of AD on a dead DC provide
very similar recovery options
SBS 200x
Win XP/200x
15AD Swing Migration MethodMigration based on
Disaster Recovery Techniques
Illustration Courtesy of SBSmigration.com
16SBS Disaster Recovery Myths
- SBS Domain DC Options
- Hardware Device Dependency
- Different Hardware Recovery
- System Repair Options
- Recovery and Maintenance Planning
17IDR Recovery Automation is Most Reliable?
Myths Hardware Device Dependency
- Independent Disaster Recovery (IDR) is a
generalize name for 3rd party product automation
for boot to restore or click to restore - Many IDR solutions require identical hardware
- IDR systems can have fragile requirements,
truly must be tested. - IDR product marketing should be validated!
- Testing IDR can be tricky unless you have
- Access to identical hardware
- Alternative Drive to substitute for test restore
- Time Budget to take the business offline
SBS 200x
Win XP/200x
18Best DR plan needs On-Site Duplicate Cold
Hardware? Myths Hardware Device Dependency
- Myth is that you can only be really prepared with
identical cold server on-site - This is only one DR approach, one DR issue, one
resolution path - Practical answer is that this solves some
problems that have alternative options, but may
introduce a confusion - Live network protection can be just as effective
- Planning for identical hardware recovery steps is
a bad planits an exception.
SBS 200x
Win XP/200x
19Replace SBS NIC not Allowed Without Microsoft
Support? Myths Hardware Device Dependency
- SBS 4.x versions did indeed bind the licensing
engine to the GUID of the primary NIC - SBS 2000 and later dropped that feature
- SBS NIC Replacement is allowed, but remains as
complicated as any scenario of NIC replacement in
a DC.
SBS 200x
Win XP/200x
20SBS Disaster Recovery Myths
- SBS Domain DC Options
- Hardware Device Dependency
- Different Hardware Recovery
- System Repair Options
- Recovery and Maintenance Planning
21Drive Image Restore to New Hardware Wont Work
for DR? Myths Different Hardware Recovery (1 of
3)
- Alien image restore works, but has issues
- Boot critical conditions must be met
- Compatible HAL
- Accurate boot.ini, consistent Boot Device order
- Boot critical drivers installed
- Repair resolution paths are available
- Look at new 3rd party drive imaging products
SBS 200x
Win XP/200x
22Restore of System State to new Hardware is
Unreliable? Myths Different Hardware Recovery
(2 of 3)
- It works A Disaster Recovery specialist needs
this skill to be successful and empowered. - Domain Controllers (including SBS) present
challenges, special concerns for AD restore,
Exchange, SQL, Monitoring - Baseline install or (same hardware) ASR disk
adequately prepared for an overlay restore of
alien System State. - Segmented Multi-Step restore may be necessary,
better to have skill than rely only upon an
automation tool. - ASR Disks dont work for bare metal restore to
different hardware
SBS 200x
Win XP/200x
23Drive-Slide Relocation to new Server Hardware
will Usually fail? Myths Different Hardware
Recovery (3 of 3)
- Another of the three abandoned step-children of
related misconceptions on System State, drivers
and boot configurations - Same rules apply as with alien disk cloning or
alien System State restores
SBS 200x
Win XP/200x
24SBS Disaster Recovery Myths
- SBS Domain DC Options
- Hardware Device Dependency
- Different Hardware Recovery
- System Repair Options
- Recovery and Maintenance Planning
25Windows Service Pack Reinstall will Repair a
BSOD? Myths System Repair Options
- Reinstalling a Service Pack generally will not
repair missing files and registry entries for an
Operating System - Windows 200x and XP introduced Service Pack files
stored in a local cache folder, therefore
already available. - In-Place Upgrade as a repair will be helpful
- Reinstalling Application SPs generally is helpful
for a repair
SBS 200x
Win XP/200x
26You can Boot or Restore Windows to a Known Good
Condition?Myths System Repair Options
- Windows 2003 is the only OS version that actually
can accomplish thiswith caveat bare metal
restore. - Short-Filename (SFN) restore breaks cause
fracture of registry/filepath alignment - Windows 2000, XP, NT, 9x/ME cannot restore
file-by-file to a known conditionnot with NT
Backup or 3rd Party the flaw is in the Windows
API - Cold Drive Imaging is the only consistent
solution for true restore to previous good
condition
SBS 200x
Win NT/ME/9x
Win XP/200x
27ASR Recovery Disk is Required to Make a Complete
Restore? Myths System Repair Options
- ASR disk is a restore accelerator, but not
required. - The backup set made with an ASR is no different
than what is created without requesting the ASR - ASR disk is machine specific, so not valuable in
restore to replacement server
SBS 2003
Win 2003
28Its Best to Build Clean New Domain if SBS is too
Dirty to Fix? Myths System Repair Options
- This likely will lead to reconfiguration on all
PCs - Workstation impact of new domain must be
considered. - Actual corruption of Active Directory is rare and
generally should not be assumed. - Saving the AD domain is almost always the
preferable course, and it isnt hard. - Mis-configured Group Policies make for bizarre
behavior - Group Policies are typically simple to repair or
replace, but this is widely misunderstood. - Applications and databases can be moved as data
SBS 200x
Win NT
Win 200x
29SBS Disaster Recovery Myths
- SBS Domain DC Options
- Hardware Device Dependency
- Different Hardware Recovery
- System Repair Options
- Recovery and Maintenance Planning
30One Big C Partition is Best? Myths Recovery and
Maintenance Planning
- Oh, Please No!!
- Disaster Recovery from one large partition is
much more complicated, time consuming and
generally more at the risk of data loss - Repairs may involve rolling back data for no
reason other than uncertainty about the partition - Best Scenario is isolated partitions for
- System Boot
- Client/Server Application Databases
- User Files
SBS 200x
Win NT
Win 200x
31OEM Media can Only Build New Domain Installation?
Myths Recovery and Maintenance Planning
- Actually, this is rarely the case Request OS
installation media rather than preconfigured
recovery disks. - Most OEMs will provide standard install mediayou
should always order itand a standard floppy
drive - OEM media cannot be used for in-place upgrade
repairs of non-OEM installations
SBS 200x
Win 200x
32Boot-Time Rollback Options can SP or Patch Update
Failure? Myths Recovery and Maintenance
Planning
- Dont count on it!
- Boot to Last Known Good Condition recovers only
previous System Registry settings, but not other
registry hives or any driver files - Only a System State Restore offers general
roll-back, and not even that will always workbut
it usually does - 3rd Party product solutions could help with
sector based delta roll-back on drive writes
SBS 200x
Win XP/200x
33(No Transcript)
34SBS Disaster Recovery Mysteries
- Boot Failures
- Running Setupas a Repair Step
- Exchange Store Repair Mount
- SBS Backup Services
35Crashed RAID5 not dead yet?
- Mystery
- RAID5 drive volume set become unrecoverable if
more than N 1 drives go offline? - Busted
- A hardware RAID can typically be recovered by a
proprietary step to force the configuration to
ignore a fault flag. The drive set can be mounted
in the last stored condition, which may or may
not be reliable. - A hot spare usually protects from such issues
SBS 200x
Win 200x
36Boot Failure Analysis
- Mystery
- Resolution of a Boot Failure is difficult
unpredictable - Busted (If I can do anything about it!)
- Actually not that hard, if you determine where in
the boot cycle the failure is occurring. How to
know that? - Hardware Boot (BIOS Control transition to Device
Selection) - Master Boot Record (Device based transition to OS
boot loader) - OS Loader (OS specific bootstrap sequence to
detect critical hardware present, preload
drivers, registry and then pass control to
initial them) - Kernel Phase (Windows NT family initialization of
core drivers and services with a pre-determined
outcome) - GUI Logon
- Infrastructure Completion
SBS 200x
Win XP/200x
37Is BSOD Really Death with SBS?
- Mystery
- Many BSOD or boot failures cannot be repaired on
SBS with damaging AD configuration? - Busted
- Its true, some repairs can damage AD or
Application configurations. - This doesnt mean you cant repair, it means its
a two step repair - Repair to regain configuration boot success
- Restore System State condition
SBS 200x
AD/Exch 200x
Win XP/200x
38SBS Disaster Recovery Mysteries
- Boot Failures
- Running Setupas a Repair Step
- Exchange Store Repair Mount
- SBS Backup Services
39SBS Domain Rises from the Ashes?
- Mystery
- It really cant be possible to repair a
non-bootable SBS server without reconstructing it
from scratch or having a System State backup? - Busted
- You really can repair components and applications
individually on an SBS. - You do need to learn the interrelationship of
SQL, Exchange, IIS, Sharepoint and AD - Recovery of the configuration and data would
regardless allow a rebuild with Swing.
SBS 200x
Exch 200x
Win 200x
40OEM Install Tools Required?
- Mystery
- Must you use OEM tools to reinstall an SBS for
the server to find text mode setup boot drivers? - Busted
- No.
- Windows can restore any configuration if you have
the drivers for the boot devices. The tools
provided by OEMs are generally intended to
automate installation sequences that can be
performed without special tools or media.
SBS 200x
Exch 200x
Win 200x
41Product Activation
- Mystery
- Does Product License Activation prevent you from
replacing a SBS server/motherboard? - Busted
- No.
- OEM vendors can/may allow replacement of hardware
under warranty. Non-OEM products can be
reactivated if the use conforms to product
licensing (replacing previous server).
SBS 200x
Win XP/200x
42SBS Disaster Recovery Mysteries
- Boot Failures
- Running Setupas a Repair Step
- Exchange Store Repair Mount
- SBS Backup Services
43Store Mount Failed After DR
- Mystery
- An Exchange Information Store wont mount, but
does it have data corruption? - Busted
- Maybe? It could be corruption, but it could also
be one of many different issues recently changed - Anti-Virus scanner acting upon Exchange system
files - Incorrect Permissions on the Exchange folders
- Transfer of Information Store from higher level SP
SBS 200x
Exch 200x
Win 200x
44Microsoft Exchange Data Repair
- Mystery
- Is there is a predictable path to recovery for
Exchange Databases, or is it not worth attempting
because there will be data loss regardless? - Busted
- MS KBs reinforce dubious assumptions of lossy
repairs - For a single server Exchange Organization, it
isnt unusual that recovery to a recent backup,
or hard repair to a recent condition is quite
acceptable - First, try creating a new empty store
- Repair a copy of the original database
SBS 200x
Exch 200x
Win 200x
45Microsoft Exchange Log Files Crisis?
- Mystery
- Is it critical to have all the Exchange Log files
and Database files in order to recover the
Information Store intact? - Busted
- No. Exchange Logs in a relatively small scale
environment are posted immediately, therefore
they represent history, not uncommitted
information. You can recovery without logs.
SBS 200x
Exch 200x
Win 200x
46SBS Disaster Recovery Mysteries
- Boot Failures
- Running Setupas a Repair Step
- Exchange Store Repair Mount
- SBS Backup Services
47SBS Backup Skips Over Files?
- Mystery
- MS Backup isnt a complete System State recovery
because it skips critical system files? - Busted
- No. NT Backup (aka SBS Backup) skips files that
are not required because they are generated
dynamically, or not essential to recovery.
SBS 200x
Win XP/200x
48Volume Shadow Copy Required?
- Mystery
- MS Backup of Exchange isnt complete because it
doesnt use Volume Shadow Copy? - Busted
- No. Volume Shadow Copy is an alternative to the
method of backup that was used historically with
Exchange. If VSS cant support the circumstance,
the traditional method is used.
SBS 2003
Win 2003
49SBS Backup SQL Aware or Not?
- Mystery
- MS backup of SQL databases are not possible
because theres no SQL agent? - Busted
- No. SBS 2003 can perform a VSS backup which
provides backup to that point in time when the
database recovery model is set to simple. - More info MS KB 828481
- However, transaction level recovery not included
in simple model - Optional Use Enterprise Manager first to backup
to disk
SBS 200x
SQL 200x
Win 200x
50(No Transcript)
51SBS Disaster Recovery Magic
- Boot on totally different hardware
- Repair Corrupted IIS or Website Problems
- Recover AD from dead Domain Controller
- Fix Administrator Lock-Out
- Fix a Replica DC that is not functional
52How to Prepare for Recovery in the Future Without
Identical Hardware?
- Preinstall a bootable PCI drive controller driver
- You will always have that controller as a boot
option - Crisis Resolution Magic
- Lift and Drop of a complete system drive (aka
the entire C drive contents as is) onto totally
different hardware can be handled easily - A trivial bit of planned preparation requiring
less than 15 minute preparation, perhaps an hour
to implement as a recovery if needed.
SBS 200x
Win NT
Win XP/200x
53Website Microsoft Exchange Doesnt Work, and
yet I cant Imagine Reinstalling IIS on an SBS
server ?
- And yet this is not only possible, its actually
quite an interesting project if you have two
hours to spare. But as often as not, its not
even required. - Crisis Resolution Magic
- The biggest challenge is being able to tell when
its needed. - Uninstall Exchange and IIS
- Reinstall IIS, then Exchange
- Rerun SBS Setup to install Server Tools
- Include Sharepoint in reinstall
SBS 200x
Win XP/200x
54Fix Frustrating Conditions with Hung Server or
Administrator Lock-out
- Simple changes to Group Policies, Security
Groups, or a folder permission can break or
correct some shocking or odd scenarios that look
like a disaster - Crisis Resolution Magic Dont abandon itfix
it!! - Deny the Administrator from log on locally
- Access denied to the GP Management Console
- Access denied to the Sysvol
- Server hangs on applying Personal Settings
- Server hangs on applying Network Settings
- Server hangs on Welcome to Windows
SBS 200x
Win 200x
55Replica DC didnt Maintain Network as Expected,
Domain Down Still?
- Added a replica Domain Controller to my SBS
network, but when my SBS went offline, everything
still didnt work despite that other DC. - Crisis Resolution Magic
- DNS
- FSMO Roles
- Global Catalog
- Forwarders
- UNC References, particularly in the Netlogon and
Group Policies - Sysvol never replicated due to non-functional
replication, prior Journal Wrap on the SBS
SBS 200x
Win 200x
56Replica DC but it has no Sysvol (therefore
non-functional), so does That Mean a Scratch
Rebuild is Only Option or Could that be Fixed?
- Actually, theres really no reason to rebuild
from scratch if you have the NTDS folder itself
intact, even if the Sysvol is missing. - Crisis Resolution Magic
- Rebuilding Sysvol is definitely a better
alternative to rebuilding domain from scratch. - DcGPOfix /targetboth
- Few SBS domains have customized Group Policies so
reinstall SBS setup to restore the policies.
SBS 200x
Win 200x
57Graveyard Swing Migration Disaster Recovery
with a Server That Wont Even Boot?
- You can recover Active Directory from a Domain
Controller, even if it has a severely damaged
software or system registry and therefore wont
boot, if only to save the AD and build a
replacement server in the same domain. - Crisis Resolution Magic
- Restore or in-place upgrade repair the DC.
- Even if the applications are broken, you can make
the DC operationalthen Swing! - Reconstruct a replacement server
SBS 200x
Exch 200x
Win 200x
58Jeff Middleton SBS-MVP Jeff_at_SBSmigration.com
www.SBSmigration.com
Wayne Small SBS-MVP Wayne_at_SBSfaq.com www.SBSfaq.co
m
59Resources for this session topic
- Includes Chapters
- by Jeff Middleton
- Swing Migration
- Disaster Recovery
- Other topics by 13 additional authors
60Resources
61(No Transcript)