Small Business Server Disaster Recovery Wayne Small SBS-MVP Technical Director Correct Solutions Pty Ltd SBSfaq. com
SBS Disaster Recovery It all works like normal – on one server, or multiple servers Illustration Courtesy of SBSmigration. com
SBS Disaster Recovery It all works like normal – use one server, or multiple servers SBS 2003 or R 2 can be recovered, repaired, or replaced without impact to the domain using only a Full Server and System State restore via the included SBS Backup program. More options can be better… All remaining discussion on this topic relates more to risk mitigation, or faster recovery time. Application tuned incremental recovery options exist. Drive Imaging or 3 rd Party Backup products are best viewed as optional, but valuable.
SBS is a Bad DR Risk? Myth: SBS Domain DC Options Probably this concern is very overblown Most continuity options & DR strategies from non-SBS domain and servers apply to SBS as well Any single server environment has challenges, but this is what the budget limited market needs for now. SBS domain allows adding separately licensed servers. Typically this has a lower cost than non-SBS! Multi-Server, Multi-DC, Fault-Tolerant options are available #1 Hurdle in SBS DR is unrelated to SBS licensing Namespace dependent application server – plus – Coincidental DC/Exchange on one box
Windows Small Business Server 2003 SBS 2003 Standard Edition Windows 2003 Server Domain Controller Exchange 2003 Server Fax / Print & File Server Sharepoint Server / Collaboration Remote Web Workplace Automated Deployment and Management Tools Monitoring and Remote Management Extremely nice OS & CALs price point [ New in R 2: WSUS 3. 0 Management Integrated to MMC 3. 0] SBS 2003 Premium Edition SQL Server 2000 [ R 2: 2005 Workgroup ] ISA Server 2000 or 2004 [ R 2: 2004 ]
Migration & DR Methods too often Abandon the SBS Domain Production Domain New Domain Illustration Courtesy of SBSmigration. com
SBS 2003 Server Responsibilities Illustration Courtesy of SBSmigration. com
SBS Disaster Recovery: Myths SBS Domain DC Options Hardware Device Dependency Different Hardware Recovery Myths: System Repair Options Recovery and Maintenance Planning
Only 1 DC in SBS Domain? Myth: SBS Domain DC Options All SBS versions allow multiple-DCs SBS is constrained to retain all FMSO roles Only one SBS may permanently operate in a single domain. All SBS
SBS can’t Join Existing Domain? Myth: SBS Domain DC Options SBS 2003 CD 1 Setup boot (including OEM releases) allow SBS to install into an existing compliant domain EULA allows Time-limited use of a second SBS 2003 in an SBS domain for transitions / upgrades In-Place Upgrade of existing 200 x DC can allow SBS 2003 or R 2 to install into existing domain ADMT migration from an existing domain preserves object SIDs, but not the domain itself. SBS 2003
SBS FSMO Constraints are a Risky and Major Recovery Problem? Myth: SBS Domain DC Options Flexible Server Management Operations (FSMO) roles are system operation authority which can be moved…by transfer or seizure. All DCs in a common domaintain identical full catalog copies of that AD domain by default Global Catalog (GC) roles are not required to distribute a complete replica inside a single domain model SBS 200 x Win 200 x
Can’t Recover Domain from Dead DC or SBS? Myth: SBS Domain DC Optionscan successfully “Graveyard Swing Migration” pull back not only a server but a domain A recovery server replaced by Swing Migration with a clean server… preserves the domain Dead solo DC is not the end of the domain Backup DC and recovery of AD on a dead DC provide very similar recovery options SBS 200 x Win XP/200 x
AD “Swing Migration” Method Migration based on Disaster Recovery Techniques Illustration Courtesy of SBSmigration. com
SBS Disaster Recovery: Myths SBS Domain DC Options Hardware Device Dependency Different Hardware Recovery System Repair Options Recovery and Maintenance Planning
IDR “Recovery Automation” is Most Reliable? Myths: Hardware Device Dependency Independent Disaster Recovery (IDR) is a generalize name for 3 rd party product automation for “boot to restore” or “click to restore” Many IDR solutions require identical hardware IDR systems can have “fragile” requirements, truly must be tested. IDR product marketing should be validated! Testing IDR can be tricky unless you have Access to identical hardware Alternative Drive to substitute for test restore Time & Budget to take the business offline SBS 200 x Win XP/200 x
Best DR plan needs On-Site Duplicate Cold Hardware? Myths: Hardware Device Dependency Myth is that you can only be really prepared with identical cold server on-site This is only one DR approach, one DR issue, one resolution path Practical answer is that this solves some problems that have alternative options, but may introduce a confusion Live network protection can be just as effective Planning for identical hardware recovery steps is a bad plan…it’s an exception. SBS 200 x Win XP/200 x
Replace SBS NIC not Allowed Without Microsoft Support? Myths: Hardware Device Dependency SBS 4. x versions did indeed bind the licensing engine to the GUID of the primary NIC SBS 2000 and later dropped that feature SBS NIC Replacement is allowed, but remains as complicated as any scenario of NIC replacement in a DC. SBS 200 x Win XP/200 x
SBS Disaster Recovery: Myths SBS Domain DC Options Hardware Device Dependency Different Hardware Recovery System Repair Options Recovery and Maintenance Planning
Drive Image Restore to New Hardware Won’t Work for DR? Myths: Different Hardware Recovery (1 of 3) “Alien image restore” works, but has issues Boot critical conditions must be met: Compatible HAL Accurate boot. ini, consistent Boot Device order Boot critical drivers installed Repair resolution paths are available Look at new 3 rd party drive imaging products SBS 200 x Win XP/200 x
Restore of System State to new Hardware is Unreliable? Myths: Different Hardware Recovery (2 of 3) It works – A Disaster Recovery specialist needs this skill to be successful and empowered. Domain Controllers (including SBS) present challenges, special concerns for AD restore, Exchange, SQL, Monitoring Baseline install or (same hardware) ASR disk adequately prepared for an overlay restore of alien System State. Segmented Multi-Step restore may be necessary, better to have skill than rely only upon an automation tool. ASR Disks don’t work for bare metal restore to different hardware SBS 200 x Win XP/200 x
“Drive-Slide” Relocation to new Server Hardware will Usually fail? Myths: Different Hardware Recovery (3 of 3) Another of the three abandoned step-children of related misconceptions on System State, drivers and boot configurations Same rules apply as with alien disk cloning or alien System State restores SBS 200 x Win XP/200 x
SBS Disaster Recovery: Myths SBS Domain DC Options Hardware Device Dependency Different Hardware Recovery System Repair Options Recovery and Maintenance Planning
Windows Service Pack Reinstall will Repair a BSOD? Myths: System Repair Options Reinstalling a Service Pack generally will not repair missing files and registry entries for an Operating System Windows 200 x and XP introduced Service Pack files stored in a local cache folder, therefore already available. In-Place Upgrade as a repair will be helpful Reinstalling Application SPs generally is helpful for a repair SBS 200 x Win XP/200 x
You can Boot or Restore Windows to a “Known Good Condition”? Myths: System Repair Options Windows 2003 is the only OS version that actually can accomplish this…with caveat: bare metal restore. Short-Filename (SFN) restore breaks cause fracture of registry/filepath alignment Windows 2000, XP, NT, 9 x/ME cannot restore file-by-file to a known condition…not with NT Backup or 3 rd Party… the flaw is in the Windows API Cold Drive Imaging is the only consistent solution for true restore to previous good condition SBS 200 x Win XP/200 x Win NT/ME/9 x
ASR Recovery Disk is Required to Make a Complete Restore? Myths: System Repair Options ASR disk is a restore accelerator, but not required. The backup set made with an ASR is no different than what is created without requesting the ASR disk is machine specific, so not valuable in restore to replacement server SBS 2003 Win 2003
It’s Best to Build Clean New Domain if SBS is too Dirty to Fix? Myths: System Repair Options This likely will lead to reconfiguration on all PCs Workstation impact of new domain must be considered. Actual corruption of Active Directory is rare and generally should not be assumed. Saving the AD domain is almost always the preferable course, and it isn’t hard. Mis-configured Group Policies make for bizarre behavior Group Policies are typically simple to repair or replace, but this is widely misunderstood. Applications and databases can be moved as data SBS 200 x Win NT
SBS Disaster Recovery: Myths SBS Domain DC Options Hardware Device Dependency Different Hardware Recovery System Repair Options Recovery and Maintenance Planning
One Big C Partition is Best? Myths: Recovery and Maintenance Planning Oh, Please No!! Disaster Recovery from one large partition is much more complicated, time consuming and generally more at the risk of data loss Repairs may involve rolling back data for no reason other than uncertainty about the partition Best Scenario is isolated partitions for: System Boot Client/Server Application Databases User Files SBS 200 x Win NT
OEM Media can Only Build New Domain Installation? Myths: Recovery and Maintenance Planning Actually, this is rarely the case: Request OS installation media rather than preconfigured “recovery disks”. Most OEMs will provide standard install media…you should always order it…and a standard floppy drive OEM media cannot be used for in-place upgrade repairs of non-OEM installations SBS 200 x Win 200 x
Boot-Time Rollback Options can SP or Patch Update Failure? Myths: Recovery and Maintenance Planning Don’t count on it! Boot to “Last Known Good Condition” recovers only previous System Registry settings, but not other registry hives or any driver files Only a System State Restore offers general roll-back, and not even that will always work…but it usually does 3 rd Party product solutions could help with sector based “delta” roll-back on drive writes SBS 200 x Win XP/200 x
SBS Disaster Recovery: Mysteries Boot Failures Running Setup…as a Repair Step Exchange Store Repair & Mount SBS Backup Services
Crashed RAID 5 not dead yet? Mystery RAID 5 drive volume set become unrecoverable if more than N – 1 drives go offline? Busted A hardware RAID can typically be recovered by a proprietary step to “force” the configuration to ignore a fault flag. The drive set can be mounted in the last stored condition, which may or may not be reliable. A “hot” spare usually protects from such issues SBS 200 x Win 200 x
Boot Failure Analysis Mystery Resolution of a Boot Failure is difficult & unpredictable Busted (If I can do anything about it!) Actually not that hard, if you determine where in the boot cycle the failure is occurring. How to know that? 1. Hardware Boot (BIOS Control transition to Device Selection) 2. Master Boot Record (Device based transition to OS boot loader) 3. OS Loader (OS specific bootstrap sequence to detect critical hardware present, preload drivers, registry and then pass control to initial them) 4. Kernel Phase (Windows NT family initialization of core drivers and services with a pre-determined outcome) 5. GUI Logon 6. Infrastructure Completion SBS 200 x Win XP/200 x
Is BSOD Really Death with SBS? Mystery Many BSOD or boot failures cannot be repaired on SBS with damaging AD configuration? Busted It’s true, some repairs can damage AD or Application configurations. This doesn’t mean you can’t repair, it means it’s a two step repair: Repair to regain configuration boot success Restore System State condition SBS 200 x Win XP/200 x AD/Exch 200 x
SBS Disaster Recovery: Mysteries Boot Failures Running Setup…as a Repair Step Exchange Store Repair & Mount SBS Backup Services
SBS Domain Rises from the Ashes? Mystery It really can’t be possible to repair a non-bootable SBS server without reconstructing it from scratch or having a System State backup? Busted You really can repair components and applications individually on an SBS. You do need to learn the interrelationship of SQL, Exchange, IIS, Sharepoint and AD Recovery of the configuration and data would regardless allow a rebuild with “Swing”. SBS 200 x Win 200 x Exch 200 x
OEM Install Tools Required? Mystery Must you use OEM tools to reinstall an SBS for the server to find text mode setup boot drivers? Busted No. Windows can restore any configuration if you have the drivers for the boot devices. The tools provided by OEMs are generally intended to automate installation sequences that can be performed without special tools or media. SBS 200 x Win 200 x Exch 200 x
Product Activation Mystery Does Product License Activation prevent you from replacing a SBS server/motherboard? Busted No. OEM vendors can/may allow replacement of hardware under warranty. Non-OEM products can be reactivated if the use conforms to product licensing (replacing previous server). SBS 200 x Win XP/200 x
SBS Disaster Recovery: Mysteries Boot Failures Running Setup…as a Repair Step Exchange Store Repair & Mount SBS Backup Services
Store Mount Failed After DR Mystery An Exchange Information Store won’t mount, but does it have data corruption? Busted Maybe? It could be corruption, but it could also be one of many different issues recently changed: Anti-Virus scanner acting upon Exchange system files Incorrect Permissions on the Exchange folders Transfer of Information Store from higher level SP SBS 200 x Win 200 x Exch 200 x
Microsoft Exchange Data Repair Mystery Is there is a predictable path to recovery for Exchange Databases, or is it not worth attempting because there will be data loss regardless? Busted MS KBs reinforce dubious assumptions of “lossy” repairs For a single server Exchange Organization, it isn’t unusual that recovery to a recent backup, or “hard repair” to a recent condition is quite acceptable First, try creating a new empty store Repair a copy of the original database SBS 200 x Win 200 x Exch 200 x
Microsoft Exchange Log Files Crisis? Mystery Is it critical to have all the Exchange Log files and Database files in order to recover the Information Store intact? Busted No. Exchange Logs in a relatively small scale environment are posted “immediately”, therefore they represent history, not uncommitted information. You can recovery without logs. SBS 200 x Win 200 x Exch 200 x
SBS Disaster Recovery: Mysteries Boot Failures Running Setup…as a Repair Step Exchange Store Repair & Mount SBS Backup Services
SBS Backup Skips Over Files? Mystery MS Backup isn’t a complete System State recovery because it skips critical system files? Busted No. NT Backup (aka: SBS Backup) skips files that are not required because they are generated dynamically, or not essential to recovery. SBS 200 x Win XP/200 x
Volume Shadow Copy Required? Mystery MS Backup of Exchange isn’t complete because it doesn’t use Volume Shadow Copy? Busted No. Volume Shadow Copy is an alternative to the method of backup that was used historically with Exchange. If VSS can’t support the circumstance, the traditional method is used. SBS 2003 Win 2003
SBS Backup: SQL Aware or Not? Mystery MS backup of SQL databases are not possible because there’s no SQL agent? Busted No. SBS 2003 can perform a VSS backup which provides backup “to that point in time” when the database recovery model is set to “simple”. More info: MS KB 828481 However, transaction level recovery not included in simple model Optional: Use Enterprise Manager first to backup to disk SBS 200 x Win 200 x SQL 200 x
SBS Disaster Recovery: Magic Boot on totally different hardware Repair Corrupted IIS or Website Problems Recover AD from dead Domain Controller Fix Administrator Lock-Out Fix a Replica DC that is not functional
How to Prepare for Recovery in the Future Without Identical Hardware? Preinstall a bootable PCI drive controller driver You will always have that controller as a boot option Crisis Resolution Magic “Lift and Drop” of a complete system drive (aka: the entire C: drive contents as is) onto totally different hardware can be handled easily A trivial bit of planned preparation requiring less than 15 minute preparation, perhaps an hour to implement as a recovery if needed. SBS 200 x Win XP/200 x Win NT
Website & Microsoft Exchange Doesn’t Work, and yet I can’t Imagine Reinstalling IIS on an SBS server ? And yet this is not only possible, it’s actually quite an interesting project if you have two hours to spare. But as often as not, it’s not even required. Crisis Resolution Magic The biggest challenge is being able to tell when it’s needed. Uninstall Exchange and IIS Reinstall IIS, then Exchange Rerun SBS Setup to install Server Tools Include Sharepoint in reinstall SBS 200 x Win XP/200 x
Fix Frustrating Conditions with Hung Server or Administrator Lock-out Simple changes to Group Policies, Security Groups, or a folder permission can break or correct some shocking or odd scenarios that look like a disaster Crisis Resolution Magic: Don’t abandon it…fix it!! Deny the Administrator from log on locally Access denied to the GP Management Console Access denied to the Sysvol Server hangs on “applying Personal Settings” Server hangs on “applying Network Settings” Server hangs on “Welcome to Windows” SBS 200 x Win 200 x
Replica DC didn’t Maintain Network as Expected, Domain Down Still? Added a replica Domain Controller to my SBS network, but when my SBS went offline, everything still didn’t work despite that other DC. Crisis Resolution Magic DNS FSMO Roles Global Catalog Forwarders UNC References, particularly in the Netlogon and Group Policies Sysvol never replicated due to non-functional replication, prior Journal Wrap on the SBS 200 x Win 200 x
Replica DC but it has no Sysvol (therefore non-functional), so does That Mean a Scratch Rebuild is Only Option or Could that be Fixed? Actually, there’s really no reason to rebuild from scratch if you have the NTDS folder itself intact, even if the Sysvol is missing. Crisis Resolution Magic Rebuilding Sysvol is definitely a better alternative to rebuilding domain from scratch. Dc. GPOfix /target: both Few SBS domains have customized Group Policies so reinstall SBS setup to restore the policies. SBS 200 x Win 200 x
“Graveyard” Swing Migration Disaster Recovery with a Server That Won’t Even Boot? You can recover Active Directory from a Domain Controller, even if it has a severely damaged software or system registry and therefore won’t boot, if only to save the AD and build a replacement server in the same domain. Crisis Resolution Magic Restore or in-place upgrade repair the DC. Even if the applications are broken, you can make the DC operational…then Swing! Reconstruct a replacement server SBS 200 x Win 200 x Exch 200 x
Jeff Middleton SBSMVP Jeff@SBSmigration. com www. sbsmigration. com Wayne Small SBS-MVP Wayne@SBSfaq. com www. sbsfaq. com
Resources for this session topic Includes Chapters by Jeff Middleton: Swing Migration Disaster Recovery Other topics by 13 additional authors
Resources Technical Chats and Webcasts http: //www. microsoft. com/communities/chats/default. mspx http: //www. microsoft. com/usa/webcasts/default. asp Microsoft Learning and Certification http: //www. microsoft. com/learning/default. mspx MSDN & Tech. Net http: //microsoft. com/msdn http: //microsoft. com/technet Virtual Labs http: //www. microsoft. com/technet/traincert/virtuallab/rms. mspx Newsgroups http: //communities 2. microsoft. com/communities/newsgroups/en-us/default. aspx Technical Community Sites http: //www. microsoft. com/communities/default. mspx User Groups http: //www. microsoft. com/communities/usergroups/default. mspx
Скачать презентацию Small Business Server Disaster Recovery Wayne Small SBS-MVP
1d3d58885f1fbb89433b03e90349ef15.ppt