Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Small Business Server Disaster Recovery Myths

advertisement 
Small Business Server
Disaster Recovery
Wayne Small SBS-MVP
Technical Director
Correct Solutions Pty Ltd
SBSfaq.com
SBS Disaster Recovery
It all works like normal – on one server, or multiple servers
Illustration Courtesy of SBSmigration.com
SBS Disaster Recovery
It all works like normal – use one server, or multiple servers
SBS 2003 or R2 can be recovered, repaired, or
replaced without impact to the domain using only
a Full Server and System State restore via the
included SBS Backup program.
More options can be better…
All remaining discussion on this topic relates more to
risk mitigation, or faster recovery time.
Application tuned incremental recovery options exist.
Drive Imaging or 3rd Party Backup products are best
viewed as optional, but valuable.
SBS is a Bad DR Risk?
Myth: SBS Domain DC Options
Probably this concern is very overblown
Most continuity options & DR strategies from non-SBS
domain and servers apply to SBS as well
Any single server environment has challenges,
but this is what the budget limited market needs for now.
SBS domain allows adding separately licensed servers.
Typically this has a lower cost than non-SBS!
Multi-Server, Multi-DC, Fault-Tolerant options are available
#1 Hurdle in SBS DR is unrelated to SBS licensing
Namespace dependent application server
– plus –
Coincidental DC/Exchange on one box
Windows Small Business Server 2003
SBS 2003 Standard Edition
Windows 2003 Server Domain Controller
Exchange 2003 Server
Fax / Print & File Server
Sharepoint Server / Collaboration
Remote Web Workplace
Automated Deployment and Management Tools
Monitoring and Remote Management
Extremely nice OS & CALs price point
[ New in R2: WSUS 3.0 Management Integrated to MMC 3.0]
SBS 2003 Premium Edition
SQL Server 2000 [ R2: 2005 Workgroup ]
ISA Server 2000 or 2004 [ R2: 2004 ]
Migration & DR Methods too often
Abandon the SBS Domain
Production
Domain
New
Domain
Illustration Courtesy of SBSmigration.com
SBS 2003 Server Responsibilities
Illustration Courtesy of SBSmigration.com
SBS Disaster Recovery: Myths
SBS Domain DC Options
Hardware Device Dependency
Different Hardware Recovery
Myths: System Repair Options
Recovery and Maintenance Planning
Only 1 DC in SBS Domain?
Myth: SBS Domain DC Options
All SBS versions allow multiple-DCs
SBS is constrained to retain all FMSO roles
Only one SBS may permanently operate in a
single domain.
All SBS
SBS can’t Join Existing Domain?
Myth: SBS Domain DC Options
SBS 2003 CD1 Setup boot (including OEM releases)
allow SBS to install into an existing compliant domain
EULA allows Time-limited use of a second SBS 2003 in
an SBS domain for transitions / upgrades
In-Place Upgrade of existing 200x DC can allow SBS
2003 or R2 to install into existing domain
ADMT migration from an existing domain preserves
object SIDs, but not the domain itself.
SBS 2003
SBS FSMO Constraints are a Risky
and Major Recovery Problem?
Myth: SBS Domain DC Options
Flexible Server Management Operations (FSMO) roles
are system operation authority which can be moved…by
transfer or seizure.
All DCs in a common domain maintain identical full
catalog copies of that AD domain by default
Global Catalog (GC) roles are not required to distribute a
complete replica inside a single domain model
SBS 200x
Win 200x
Can’t Recover Domain from Dead DC or
SBS?
Myth: SBS Domain DC Options
“Graveyard Swing Migration” can successfully
pull back not only a server but a domain
A recovery server replaced by Swing Migration
with a clean server… preserves the domain
Dead solo DC is not the end of the domain
Backup DC and recovery of AD on a dead DC
provide very similar recovery options
SBS 200x
Win XP/200x
AD “Swing Migration” Method
Migration based on Disaster Recovery Techniques
Illustration Courtesy of SBSmigration.com
SBS Disaster Recovery: Myths
SBS Domain DC Options
Hardware Device Dependency
Different Hardware Recovery
System Repair Options
Recovery and Maintenance Planning
IDR “Recovery Automation”
is Most Reliable?
Myths: Hardware Device Dependency
Independent Disaster Recovery (IDR) is a generalize
name for 3rd party product automation for “boot to
restore” or “click to restore”
Many IDR solutions require identical hardware
IDR systems can have “fragile” requirements, truly must
be tested.
IDR product marketing should be validated!
Testing IDR can be tricky unless you have
Access to identical hardware
Alternative Drive to substitute for test restore
Time & Budget to take the business offline
SBS 200x
Win XP/200x
Best DR plan needs On-Site
Duplicate Cold Hardware?
Myths: Hardware Device Dependency
Myth is that you can only be really prepared with identical
cold server on-site
This is only one DR approach, one DR issue, one resolution path
Practical answer is that this solves some problems that
have alternative options, but may introduce a confusion
Live network protection can be just as effective
Planning for identical hardware recovery steps is a bad
plan…it’s an exception.
SBS 200x
Win XP/200x
Replace SBS NIC not Allowed
Without Microsoft Support?
Myths: Hardware Device Dependency
SBS 4.x versions did indeed bind the licensing
engine to the GUID of the primary NIC
SBS 2000 and later dropped that feature
SBS NIC Replacement is allowed, but remains
as complicated as any scenario of NIC
replacement in a DC.
SBS 200x
Win XP/200x
SBS Disaster Recovery: Myths
SBS Domain DC Options
Hardware Device Dependency
Different Hardware Recovery
System Repair Options
Recovery and Maintenance Planning
Drive Image Restore to New
Hardware Won’t Work for DR?
Myths: Different Hardware Recovery (1 of 3)
“Alien image restore” works, but has issues
Boot critical conditions must be met:
Compatible HAL
Accurate boot.ini, consistent Boot Device order
Boot critical drivers installed
Repair resolution paths are available
Look at new 3rd party drive imaging products
SBS 200x
Win XP/200x
Restore of System State
to new Hardware is Unreliable?
Myths: Different Hardware Recovery (2 of 3)
It works – A Disaster Recovery specialist needs this skill
to be successful and empowered.
Domain Controllers (including SBS) present challenges,
special concerns for AD restore, Exchange, SQL,
Monitoring
Baseline install or (same hardware) ASR disk adequately
prepared for an overlay restore of alien System State.
Segmented Multi-Step restore may be necessary, better
to have skill than rely only upon an automation tool.
ASR Disks don’t work for bare metal restore to different
hardware
SBS 200x
Win XP/200x
“Drive-Slide” Relocation to new
Server Hardware will Usually fail?
Myths: Different Hardware Recovery (3 of 3)
Another of the three abandoned step-children of
related misconceptions on System State, drivers
and boot configurations
Same rules apply as with alien disk cloning or
alien System State restores
SBS 200x
Win XP/200x
SBS Disaster Recovery: Myths
SBS Domain DC Options
Hardware Device Dependency
Different Hardware Recovery
System Repair Options
Recovery and Maintenance Planning
Windows Service Pack Reinstall will
Repair a BSOD?
Myths: System Repair Options
Reinstalling a Service Pack generally will not repair
missing files and registry entries for an Operating System
Windows 200x and XP introduced Service Pack files
stored in a local cache folder, therefore already available.
In-Place Upgrade as a repair will be helpful
Reinstalling Application SPs generally is helpful for
a repair
SBS 200x
Win XP/200x
You can Boot or Restore Windows
to a “Known Good Condition”?
Myths: System Repair Options
Windows 2003 is the only OS version that actually can
accomplish this…with caveat: bare metal restore.
Short-Filename (SFN) restore breaks cause fracture of
registry/filepath alignment
Windows 2000, XP, NT, 9x/ME cannot restore file-by-file
to a known condition…not with NT Backup or 3rd
Party… the flaw is in the Windows API
Cold Drive Imaging is the only consistent solution for
true restore to previous good condition
SBS 200x
Win XP/200x
Win NT/ME/9x
ASR Recovery Disk is Required to
Make a Complete Restore?
Myths: System Repair Options
ASR disk is a restore accelerator, but not required.
The backup set made with an ASR is no different than
what is created without requesting the ASR
ASR disk is machine specific, so not valuable in restore
to replacement server
SBS 2003
Win 2003
It’s Best to Build Clean New Domain
if SBS is too Dirty to Fix?
Myths: System Repair Options
This likely will lead to reconfiguration on all PCs
Workstation impact of new domain must be considered.
Actual corruption of Active Directory is rare and generally
should not be assumed.
Saving the AD domain is almost always the preferable
course, and it isn’t hard.
Mis-configured Group Policies make for bizarre behavior
Group Policies are typically simple to repair or replace,
but this is widely misunderstood.
Applications and databases can be moved as data
SBS 200x
Win 200x
Win NT
SBS Disaster Recovery: Myths
SBS Domain DC Options
Hardware Device Dependency
Different Hardware Recovery
System Repair Options
Recovery and Maintenance Planning
One Big C Partition is Best?
Myths: Recovery and Maintenance Planning
Oh, Please No!!
Disaster Recovery from one large partition is much more
complicated, time consuming and generally more at the
risk of data loss
Repairs may involve rolling back data for no reason other
than uncertainty about the partition
Best Scenario is isolated partitions for:
System Boot
Client/Server Application Databases
User Files
SBS 200x
Win 200x
Win NT
OEM Media can Only Build New
Domain Installation?
Myths: Recovery and Maintenance Planning
Actually, this is rarely the case: Request OS installation
media rather than preconfigured “recovery disks”.
Most OEMs will provide standard install media…you
should always order it…and a standard floppy drive
OEM media cannot be used for in-place upgrade repairs
of non-OEM installations
SBS 200x
Win 200x
Boot-Time Rollback Options can
SP or Patch Update Failure?
Myths: Recovery and Maintenance Planning
Don’t count on it!
Boot to “Last Known Good Condition” recovers only
previous System Registry settings, but not other registry
hives or any driver files
Only a System State Restore offers general roll-back,
and not even that will always work…but it usually does
3rd Party product solutions could help with sector based
“delta” roll-back on drive writes
SBS 200x
Win XP/200x
SBS Disaster Recovery: Mysteries
Boot Failures
Running Setup…as a Repair Step
Exchange Store Repair & Mount
SBS Backup Services
Crashed RAID5 not dead yet?
Mystery
RAID5 drive volume set become unrecoverable if
more than N – 1 drives go offline?
Busted
A hardware RAID can typically be recovered by a
proprietary step to “force” the configuration to
ignore a fault flag. The drive set can be mounted
in the last stored condition, which may or may
not be reliable.
A “hot” spare usually protects from such issues
SBS 200x
Win 200x
Boot Failure Analysis
Mystery
Resolution of a Boot Failure is difficult & unpredictable
Busted (If I can do anything about it!)
Actually not that hard, if you determine where in the
boot cycle the failure is occurring. How to know that?
1. Hardware Boot (BIOS Control transition to Device Selection)
2. Master Boot Record (Device based transition to OS boot loader)
3. OS Loader (OS specific bootstrap sequence to detect critical
hardware present, preload drivers, registry and then pass
control to initial them)
4. Kernel Phase (Windows NT family initialization of core drivers
and services with a pre-determined outcome)
5. GUI Logon
6. Infrastructure Completion
SBS 200x
Win XP/200x
Is BSOD Really Death with SBS?
Mystery
Many BSOD or boot failures cannot be repaired
on SBS with damaging AD configuration?
Busted
It’s true, some repairs can damage AD or
Application configurations.
This doesn’t mean you can’t repair, it means it’s
a two step repair:
Repair to regain configuration boot success
Restore System State condition
SBS 200x
Win XP/200x
AD/Exch 200x
SBS Disaster Recovery: Mysteries
Boot Failures
Running Setup…as a Repair Step
Exchange Store Repair & Mount
SBS Backup Services
SBS Domain Rises from the Ashes?
Mystery
It really can’t be possible to repair a non-bootable SBS
server without reconstructing it from scratch or having a
System State backup?
Busted
You really can repair components and applications
individually on an SBS.
You do need to learn the interrelationship of SQL,
Exchange, IIS, Sharepoint and AD
Recovery of the configuration and data would regardless
allow a rebuild with “Swing”.
SBS 200x
Win 200x
Exch 200x
OEM Install Tools Required?
Mystery
Must you use OEM tools to reinstall an SBS for the
server to find text mode setup boot drivers?
Busted
No.
Windows can restore any configuration if you have the
drivers for the boot devices. The tools provided by OEMs
are generally intended to automate installation
sequences that can be performed without special tools or
media.
SBS 200x
Win 200x
Exch 200x
Product Activation
Mystery
Does Product License Activation prevent you from
replacing a SBS server/motherboard?
Busted
No.
OEM vendors can/may allow replacement of hardware
under warranty. Non-OEM products can be reactivated if
the use conforms to product licensing (replacing previous
server).
SBS 200x
Win XP/200x
SBS Disaster Recovery: Mysteries
Boot Failures
Running Setup…as a Repair Step
Exchange Store Repair & Mount
SBS Backup Services
Store Mount Failed After DR
Mystery
An Exchange Information Store won’t mount, but
does it have data corruption?
Busted
Maybe? It could be corruption, but it could also
be one of many different issues recently
changed:
Anti-Virus scanner acting upon Exchange system files
Incorrect Permissions on the Exchange folders
Transfer of Information Store from higher level SP
SBS 200x
Win 200x
Exch 200x
Microsoft Exchange Data Repair
Mystery
Is there is a predictable path to recovery for Exchange
Databases, or is it not worth attempting because there
will be data loss regardless?
Busted
MS KBs reinforce dubious assumptions of “lossy” repairs
For a single server Exchange Organization, it isn’t
unusual that recovery to a recent backup, or “hard repair”
to a recent condition is quite acceptable
First, try creating a new empty store
Repair a copy of the original database
SBS 200x
Win 200x
Exch 200x
Microsoft Exchange Log Files
Crisis?
Mystery
Is it critical to have all the Exchange Log files and
Database files in order to recover the Information Store
intact?
Busted
No. Exchange Logs in a relatively small scale
environment are posted “immediately”, therefore they
represent history, not uncommitted information. You can
recovery without logs.
SBS 200x
Win 200x
Exch 200x
SBS Disaster Recovery: Mysteries
Boot Failures
Running Setup…as a Repair Step
Exchange Store Repair & Mount
SBS Backup Services
SBS Backup Skips Over Files?
Mystery
MS Backup isn’t a complete System State recovery
because it skips critical system files?
Busted
No. NT Backup (aka: SBS Backup) skips files that are not
required because they are generated dynamically, or not
essential to recovery.
SBS 200x
Win XP/200x
Volume Shadow Copy Required?
Mystery
MS Backup of Exchange isn’t complete because
it doesn’t use Volume Shadow Copy?
Busted
No. Volume Shadow Copy is an alternative to the
method of backup that was used historically with
Exchange. If VSS can’t support the
circumstance, the traditional method is used.
SBS 2003
Win 2003
SBS Backup: SQL Aware or Not?
Mystery
MS backup of SQL databases are not possible because
there’s no SQL agent?
Busted
No. SBS 2003 can perform a VSS backup which provides
backup “to that point in time” when the database recovery
model is set to “simple”.
More info: MS KB 828481
However, transaction level recovery not included in simple model
Optional: Use Enterprise Manager first to backup to disk
SBS 200x
Win 200x
SQL 200x
SBS Disaster Recovery: Magic
Boot on totally different hardware
Repair Corrupted IIS or Website Problems
Recover AD from dead Domain Controller
Fix Administrator Lock-Out
Fix a Replica DC that is not functional
How to Prepare for Recovery in the
Future Without Identical Hardware?
Preinstall a bootable PCI drive controller driver
You will always have that controller as a boot option
Crisis Resolution Magic
“Lift and Drop” of a complete system drive (aka: the entire
C: drive contents as is) onto totally different hardware can
be handled easily
A trivial bit of planned preparation requiring less than 15
minute preparation, perhaps an hour to implement as a
recovery if needed.
SBS 200x
Win XP/200x
Win NT
Website & Microsoft Exchange Doesn’t
Work, and yet I can’t Imagine
Reinstalling IIS on an SBS server ?
And yet this is not only possible, it’s actually quite an
interesting project if you have two hours to spare. But as
often as not, it’s not even required.
Crisis Resolution Magic
The biggest challenge is being able to tell when
it’s needed.
Uninstall Exchange and IIS
Reinstall IIS, then Exchange
Rerun SBS Setup to install Server Tools
Include Sharepoint in reinstall
SBS 200x
Win XP/200x
Fix Frustrating Conditions with Hung
Server or Administrator Lock-out
Simple changes to Group Policies, Security Groups, or
a folder permission can break or correct some shocking
or odd scenarios that look like a disaster
Crisis Resolution Magic: Don’t abandon it…fix it!!
Deny the Administrator from log on locally
Access denied to the GP Management Console
Access denied to the Sysvol
Server hangs on “applying Personal Settings”
Server hangs on “applying Network Settings”
Server hangs on “Welcome to Windows”
SBS 200x
Win 200x
Replica DC didn’t Maintain Network
as Expected, Domain Down Still?
Added a replica Domain Controller to my SBS network, but
when my SBS went offline, everything still didn’t work despite
that other DC.
Crisis Resolution Magic
DNS
FSMO Roles
Global Catalog
Forwarders
UNC References, particularly in the Netlogon and Group
Policies
Sysvol never replicated due to non-functional replication,
prior Journal Wrap on the SBS
SBS 200x
Win 200x
Replica DC but it has no Sysvol
(therefore non-functional), so does That
Mean a Scratch Rebuild is Only Option
or Could that be Fixed?
Actually, there’s really no reason to rebuild from scratch if
you have the NTDS folder itself intact, even if the Sysvol
is missing.
Crisis Resolution Magic
Rebuilding Sysvol is definitely a better alternative to
rebuilding domain from scratch.
DcGPOfix /target:both
Few SBS domains have customized Group Policies so
reinstall SBS setup to restore the policies.
SBS 200x
Win 200x
“Graveyard” Swing Migration
Disaster Recovery with a Server
That Won’t Even Boot?
You can recover Active Directory from a Domain
Controller, even if it has a severely damaged software or
system registry and therefore won’t boot, if only to save
the AD and build a replacement server in the same
domain.
Crisis Resolution Magic
Restore or in-place upgrade repair the DC.
Even if the applications are broken, you can make the
DC operational…then Swing!
Reconstruct a replacement server
SBS 200x
Win 200x
Exch 200x
Jeff Middleton SBSMVP
Jeff@SBSmigration.com
www.SBSmigration.com
Wayne Small SBS-MVP
Wayne@SBSfaq.com
www.SBSfaq.com
Resources for this session topic
Includes Chapters
by Jeff Middleton:
Swing Migration
Disaster Recovery
Other topics by 13
additional authors
Resources
Technical Chats and Webcasts
http://www.microsoft.com/communities/chats/default.mspx
http://www.microsoft.com/usa/webcasts/default.asp
Microsoft Learning and Certification
http://www.microsoft.com/learning/default.mspx
MSDN & TechNet
http://microsoft.com/msdn
http://microsoft.com/technet
Virtual Labs
http://www.microsoft.com/technet/traincert/virtuallab/rms.mspx
Newsgroups
http://communities2.microsoft.com/
communities/newsgroups/en-us/default.aspx
Technical Community Sites
http://www.microsoft.com/communities/default.mspx
User Groups
http://www.microsoft.com/communities/usergroups/default.mspx
Related documents
SOCIAL & BEHAVIORAL SCIENCES
SOCIAL & BEHAVIORAL SCIENCES
Faculty Travel Award Program
Faculty Travel Award Program
Engineering Economy Problems
Engineering Economy Problems
Introducing the Social and Behavioral Sciences Research Institute
Introducing the Social and Behavioral Sciences Research Institute
Queensland Businesses - Moreton Bay Regional Council
Queensland Businesses - Moreton Bay Regional Council
Sample of Functional Resume
Sample of Functional Resume
Exit Essay - WordPress.com
Exit Essay - WordPress.com
College of Social & Behavioral Sciences
College of Social & Behavioral Sciences
Download
advertisement