Navigation Bar

Windows
Windows File Systems
 NT FS
 Distributed FS
 Common Internet FS
 Virtual Disk Services
 Volume Shadow Copy Services
 Removable Storage System
Windows Volume Mgmt.
Defragmentation
Compression
Windows System state
Novell Netware
File Systems
Disks and Volumes
NDS and eDirectory
Clustered Servers
iFolder
Netware Storage Statistics
UNIX and Linux
Files and Directories
File Systems
Volume Management
UNIX tips
z/OS Storage and Datasets
z/OS file structures
DFSMS on z/OS
  Data Class
  Management Class
  Storage Class
  Storage Group
  ACS routines
z/OS file utilities
z/OS SMF statistics
z/OS RMF reporting
TDMF Volume Migration
Managing VSAM files
VSAM overview
 VSAM structures
 VSAM commands
 Performance tuning
  JCL Buffers
  LSR Buffers
  System Buffers
  VSAM parameters
  File Extents
 IAM, a VSAM alternative
 VSAM Recovery
 VSAM RLS, DFSMStvs
ICF Catalogs
Catalog Management
 ICF Catalog Structure
 Fixing Catalog Problems
 Backup and Recovery
 Catalog Mgmt. Products
z/OS Batch Tuning
Batch Principles
 Reliability
 Parallelism
 Performance

The Windows System State


What is a System State?
System State Backup
System State Restore
Why is an authorative restore needed
How to restore a single Active Directory object
Automated System Recovery

What is a System State?

The Microsoft definition of the Windows System State is -

In Backup, a collection of system-specific data maintained by the operating system that must be backed up as a unit. It is not a backup of the entire system. The System State data includes the registry, COM+ Class Registration database, system files, boot files, and files under Windows File Protection. For servers, the System State data also includes the Certificate Services database (if the server is a certificate server). If the server is a domain controller, the System State data also includes the Active Directory database and the SYSVOL directory. If the server is a node in a cluster, it includes the Cluster database information. The IIS Metabase is included if Internet Information Services (IIS) is installed.

The System State includes -

Component When the component is included
The Registry (contains configuration information, such as user profiles, installed programs and their properties, property settings for folders and icons, and hardware and port configuration) Always included
The COM+ Class Registration database Always included
Boot files (used by Windows to load, configure and run the operating system) Always included
Certificate Services database Included if this is a Certificate Services server
Active Directory (stores information about objects on a network, so administrators can access those objects from a single logon. Included if this server is a domain controller
SYSVOL (typically contains host logon scripts, user logon scripts for administrators who use active directory, policy objects for network client computers, and folders and files that must be available and synchronized between domain controllers) Only included if this server is a domain controller
Cluster service (controls and manages server cluster operation, including the cluster database. Included if this server is within a cluster.
IIS (Internet Information Services, looks after Web site creation, configuration, and management, including the various transport protocols needed to support internet services) Included if it is installed
System files (various files used at initial startup, and configuration files used by Windows to run the operating system) Always included

The above definitions were for Windows 2003 servers but seem to still apply to Windows 2008. What's included in the system state is also dependent on the operating system. For Windows XP Professional the System State data includes only the registry, COM+ Class Registration database, files under Windows File Protection, and boot files.

back to top

System State Backups

Windows 2008 Backups are either 'All disks' or 'Critical Volumes' Critical Volumes are those volumes that contain the critical data needed to restart the system, and the entire volumes are backed up. The system state backups are therefore much bigger than their Windows 2003 equivalent, usually about 50,000 files on 8GB. The backup must be directed to a non-critical volume. The backup uses VSS snapshots, so the target volume must initially have enough free space to take twice the capacity of the system data or the backup will fail. To run a system backup, you must have administrator authority. Open up a command line, then type in 

 wbadmin start systemstatebackup -backuptarget:e:

This backup is being directed to the e: drive, but obviously you can change that to suit your requirements. The backup can easily run for an hour or more.

On a Windows 2003 server you can manually backup the system state by simply clicking 'Start', 'Programs', 'Accessories', 'System Tools', 'Backup'. From the backup screen, click on the drives which contain the boot and system partitions. Select a backup destination, then click 'Start Backup'. You must be an administrator to back up Active Directory data. It is possible to automate this process with backup tools, see the TSM Backups tips section for one possible solution. You can't choose to back up individual components of the System State data, you have to backup the entire state. This can be a large overhead if you are backing up a lot of Windows systems using an enterprise backup tool.

back to top

System State Restores

There are three types of restore, and you can work out which one you need to use from the following graphic

A picture which explains when an authorative restore is needed. Basically, if this is a domain controller, with other active domain controllers in the network, and active directory is replicated, then an authorative restore is needed.

To run a standard restore on Windows 2008, log in as administrator and open a command line, then enter

 wbadmin get versions

This will give you a list of all the backups that are available, and each backup will have a Version Identifier that is basically a timestamp. Decide which backup you want and make a note of the version identifier, then type

 wbadmin start systemstaterecovery -version:version identifier 
   and optionally  
 -backuptarget:\\servername\share -machine:server

where the backup target is the name of a remote shared folder and machine is the name of the machine that you want to recover.

Windows 2008 R2 also provides a recovery wizard for those who like them.

Take the following steps to run an authoritative restore

  • Start your server in Directory Services Restore Mode.
  • Restore the system state either using Microsoft's Backup utility, or another backup utility. The TSM Restore page details how to do this with TSM
  • Run the Ntdsutil utility to mark Active Directory objects you wish to restore. You run Ntdsutil from the command prompt. You can get full details of the command parameters by typing ntdsutil /? at the command prompt.
  • Restart your server on the network, to replicate out the changes

In Windows 2003 you can only restore the System State data on a local computer. You cannot restore the System State data on a remote computer

Warning - If you restore the System State data, and you do not specify an alternate location for the data, the restore will overwrite the System State data that is currently on your computer. If you restore the System State data to an alternate location, only the registry files, SYSVOL directory files, Cluster database information files, and system boot files are restored. A System State restore to an alternate location will not restore the Active Directory directory services database, Certificate Services database, and COM+ Class Registration database.

back to top

Why do you need an authoritative restore?

The Active Directory replication system uses an update sequence number to decide which versions of the same object get replicated. The object with the highest update sequence number is replicated over the others. When you restore an older object, it will have a lower update sequence number and it will never get replicated or distributed to your other servers because it will appear to be older than the objects currently on your other servers. The Ntdsutil utility increments the update sequence number by several hundred, to make it the highest in the system, and ensure it gets replicated over the others. In fact, if you do not use an authoritative restore, your restore will probably be backed out by replication from other domain controllers.

back to top

How do you restore a single active directory object?

Say you accidentally delete an AD user account. The object does not actually get deleted, its just marked as deleted, and that mark is replicated out over all the ADs in the system. After about 60 days, the file is really deleted, But there is no 'undo' facility before that happens, The only way to get the object back is to restore it. However, you do not want to restore the whole AD, and backout other changes.

The answer - restore a system state backup as above, but when you get to the Ntdsutil utility part, you have to tell Ntdsutil the exact Fully Qualified Domain Name (FQDN) of the object you want to restore. For example, you might enter: 

    restore subtree cn=Allan Brown,
	ou=Service Management,dc=thiscompany,dc=com

to restore a user named Allan Brown, whose user account was in the Service Management organizational unit of the this company.com domain.

back to top

Automated System Recovery

Automated System Recovery (ASR) was introduced in Windows 2003. It simplifies the 'bare metal' recovery that is needed if a server is totally trashed. ASR is integrated with VSS on Windows 2008 servers.

In a disaster situation, you have to start with an empty disk. You need to partition that disk into the correct number of volumes with the correct sizes, and then install the registry, system files, and active directory if required. This information is known as the Windows System State as described above.

ASR consists of a supplied CD and a floppy that you must create. ASR does not completely automate the bare metal recovery process, as it is up to you to take regular copies of the system state, though ASR does help you through the copy process. Go into the Accessories - System Tools - Backup window, and select the Automated System Recovery wizard.
The wizard will take a backup of all the system files first, and by default will want to put this onto the A drive. As the file size will be almost 2 GB, you should change this to a more suitable location, ideally on a remote server. Once ASR has finished the system backup, it will prompt you for a floppy disk to store the ASR recovery data. After you finish taking the copy, remember not to leave the floppy on top of the server, it needs to be kept off-site. This is process is fine for a PC user, if you want to take regular system state backups of several servers, you will want a more automated method.

If you need to recovery the server, you use the backup set on the floppy disk along with the ASR restore CD to recover all the system state. ASR can also restore to different (but not too different) hardware.

back to top

                           VENDOR Showcase

Copyright © Lascon Storage Ltd. 2000 to present date. By entering and using this site, you accept the conditions and limitations of use