Proper Backup/Restore <> Being ready for potential server failure.

Discussion in 'Server Migration' started by dhomas trenn, Dec 27, 2007.

  1. dhomas trenn

    dhomas trenn Guest

    I've been going thru the process of transfering data from a failing server
    to a new server. Unfortunately, what I'm discovering is that unless the two
    computers have identical hardware, this is a very difficult procedure.
    Unfortunately, I do not have identical hardware systems sitting around
    waiting to step in for recovery. I suspect this is the case with many other
    users too.

    The whole experience has made me realize that my method of backup has not
    been particularly useful. Fortunately, I'm at a point right now where I can
    experiment and document a good procedure for recovery, while the old server
    is still in a mostly working (although getting close to total failing)
    state.

    Although I have come up with a mostly working procedure to recover data from
    the old server, because it involves steps that require the old server be
    working to start with, it is not an easily useable method in a server
    failure situation.

    In my particular case, I am using Windows 2003 Server, with DNS and IIS
    configured. IIS has specific file/folder permissions configured for various
    ISAPI applications to be able to manipulate data files.

    I'm including the procedure here incase anyone else finds this info useful,
    and also because it may give insight on my actual questions about the future
    included after this bit...

    The method I have so far requires the following:

    1. Install of Windows Server 2003 on new server.

    2. DNS
    2a. Add DNS server role on new server, creating a forward lookup zone named
    "deleteme.com" and do not forward queries. (delete this later, it's only
    intended to do necessary setup for the following steps).
    2b. Stop DNS Service on new server.
    2b. Export of the old server's registry
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS
    Server". And import on the new server.
    2c. Copying of the old server's "C:\WINDOWS\system32\dns" folder to the same
    folder on new server.
    2d. Start DNS Service on new server

    3. IIS Data files
    Note this step isn't completely working... need advice here. Problem has to
    due with file permissions for IUSR_ which ends up having a different SID on
    new server, so permissions don't work on new server when just copied. I've
    opend this topic in another thread on this same newsgroup.
    3a. Copy IIS data files somehow from old computer to same path(s) on new
    computer.

    4. IIS
    4a. Add IIS server role on new server
    4b. old server IIS Manager > ServerName > All Tasks > Backup/Restore
    Configuration : Create Backup named "Backup", and give it a password (this
    is required)
    4c. Copy the old server's "C:\WINDOWS\system32\inetsrv\MetaBack\Backup.MD0"
    and "Backup.SC0" files to the same folder on new server
    4d. IIS Manager > ServerName > All Tasks > Backup/Restore Configuration :
    Restore from backup named "Backup".

    That'll get IIS and DNS up and running identically to the original computer.


    First... simply for my own sanity. Are the above steps 2 and 4 completely
    reproducing the use of DNS and IIS?

    Second... The method above will mostly get me back up and running if I am
    able to perform the necessary steps in some kind of automated manner so that
    I can retrieve the data from the backup when necessary. I can automate a
    step to export the DNS registry entry to a file, so that gets backed up
    outside of the registry. I need to investigate if the Backup/Restore
    Configuration can be done within IIS in an automated method too. Or if
    there's another way to get this data back into IIS from backed up data.

    However, there may be a method to retrieve the data from a standard backup
    of the server, without any special steps being done. What I'm looking for
    here is good reliable advice on how to do this more easily, reliably... How
    should I be setting up Windows Backup (or should I be using someting else
    entirely?) to do a backup that I can rely on in order to restore the data in
    a working state onto a new server with different hardware. As I mentioned
    previously, it is very unlikely that I'll have a duplicate system sitting
    around waiting to jump in and save the day. So, I need a procedure that is
    going to work properly for different hardware on the recovery end.
     
    dhomas trenn, Dec 27, 2007
    #1
    1. Advertisements

  2. Dear Dhomas,

    Thank you for your post. This is Neo and I will be assisting you in this
    post.

    From your description, I understand that:

    You have an old Windows Server 2003 machine with DNS and IIS Service
    configured. This server is getting close to total failing but still working
    now. In order to prevent system failure, you would like to perform the
    whole system and data backup or find another easy way to retrieve all data
    from this old server to a new Windows Server 2003 machine. Moreover, these
    two machines have different hardware.

    If there is any misunderstanding, please let me know.

    Also, I have discussed this issue with my colleague, Morgan, and I
    understand that you are working on an issue related to SID and NTFS
    permissions. Morgan and I have performed further research and we also
    involved other engineers with different specialties to discuss this issue.
    I will mainly focus on the migration issue in this thread and Morgan will
    provide suggestions on the NTFS settings in the original thread.

    Analysis & Suggestions:
    ==============================

    1. The operating system is related to the hardware closely. It is not
    recommend moving operating system between computers with dissimilar
    hardware configurations. Based on our experience, this can cause the system
    work abnormally, or the system will even be unbootable with a blue screen
    error during startup. Also, system perform could also be affected and may
    lead more potential issue in the future.

    This is the reason why this method cannot be used as a routine migration
    method, and can only be used for Disaster Recovery.

    2. We have an KB article on this:

    How to move a Windows installation to different hardware
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;249694

    Please note that there is also a statement in this article:

    "Microsoft does not support restoring a system state backup from one
    computer to a second computer of a different make, model, or hardware
    configuration. Microsoft will only provide commercially reasonable efforts
    to support this process. Even if the source and destination computers
    appear to be identical makes and models, there may be driver, hardware, or
    firmware differences between the source and destination computers."

    3. In case of disaster issues and if no other method is available, we may
    choose a server which has same or at least similar hardware configurations
    and restore the system. In some cases, we may encounter some problems after
    restoring a backup to different hardware. The method to fix the possible
    problems depends on whether the system is a DC.

    For non-DC systems, we can perform an In-Place upgrade repair:

    How to Perform an In-Place Upgrade of Windows Server 2003
    http://support.microsoft.com/?id=816579

    For DCs, the process will be more complicated. Please use the method
    according to the following KB article:

    Disaster Recovery of Active Directory on Dissimilar Hardware
    http://support.microsoft.com/?id=263532

    4. If the above method does not work, the only solution is to manually
    install a brand new system on the other computer.

    5. The following are some related migration materials for your reference:

    5.1) For DNS Server migration:

    The steps you mentioned are correct. The following is another way for DNS
    Server migration which may be helpful to you:

    How to replace the current primary DNS server with a new primary DNS server
    in Windows Server 2003
    http://support.microsoft.com/kb/323383

    5.2) For IIS migration:

    Here are some references regarding migration of IIS.

    How To Back Up and Restore IIS
    http://support.microsoft.com/kb/302573

    How To Migrate a Web Server Configuration to Another Computer in Windows
    2000
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;315413

    Moving Sites and Applications to Another Computer in IIS 6.0
    http://technet2.microsoft.com/windowsserver/en/library/2f923272-0a3d-49ad-bd
    54-ccb5858b120b1033.mspx?mfr=true

    Also, if you need further assistance on IIS side, you are welcome to post
    questions in our IIS newsgroup:

    microsoft.public.inetserver.iis

    There is more qualified pool of respondents who can give you suggestions on
    IIS. Meanwhile, other partners who visit the newsgroups regularly can
    either share their knowledge or learn from your interaction with us.

    I hope this helps.

    By the way, according to your requirement, it is not a simple project.
    Although this newsgroup provides break/fix resolution, we are happy to
    provide general information and suggestions on it here and you may receive
    suggestions from other members on this topic here. However, please know
    that we are not the best support resource for advisory issues. For this
    kind of issue, I highly recommend you contact our CSS advisory service at
    http://support.microsoft.com/gp/advisoryservice

    Thank you for using our products and have a nice day.



    Sincerely,
    Neo Zhu,
    Microsoft Online Support
    Microsoft Global Technical Support Center

    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Jian-Ping Zhu [MSFT], Dec 28, 2007
    #2
    1. Advertisements

  3. dhomas trenn

    dhomas trenn Guest

    2. We have an KB article on this:


    I have read many of these KB articles in advance of my postings on this
    forum. Unfortunately, none of them really provide techniques that are
    helpful.

    Yes, most of the articles related to this issue speak of ooh this is bad,
    that is bad, don't do this unless you have to, if you really must then okay,
    but we don't support it, etc. I have yet to find anything that has advice on
    doing proper backups to allow for the situation I am in now, or in fact, in
    the worse situation of the original server failing completely, and my only
    having some kind of backup, that I can't restore reliably to a new server...
    unless of course, it's the exact same hardware.


    From everything I have found out so far, this appears to be the only
    solution that really, mostly, works. Install Windows Server 2003 fresh and
    new, reinstall the DNS and IIS parts, and then move configs from old server
    to new server. I have since found out that the 'iisback' tool will let me
    automate (schedule) exporting my IIS setup to a file that can easily be
    restored from a Windows Backup. And I can also automate (schedule) the
    registry export for DNS as well. So, the two main applications I'm using on
    this server I can restore reliably (it appears so far anyway) to a new
    server from the Windows Backup.

    This only leaves the one issue remaining of file permissions. When I restore
    the backup of my IIS website data I end up with two issues related to
    permissions.

    1. Any folders/files that I specifically added file permissions to for
    IUSR_ServerName become Account Unknown due to the SID for IUSR_ being
    different on old/new servers.

    This I can fix easily by using 'qlookup' to get the new IUSR_ServerName SID,
    and using 'SetACL' with the old and new SIDs to change from the old IUSR_ to
    the new IUSR_.

    2. Any folders/files that an IIS ISAPI application created (and thus are
    owned) become Account Unknown as well, but these are permissons that get
    inherited from the root folder under (I think) "CREATER OWNER".. with IUSR_
    being the owner.

    For some unknown reason 'SetACL' doesn't seem to correct these permissions.

    As mentioned before, there are numerous other ACL utilities your group has
    directed me to, or I found on Microsoft sites, but none of those seem to be
    useable without Active Directory in use, or something else configured that
    I'm not sure about. SetACL is the only tool I found so far that was just a
    matter of copying it onto the server and entering the command line syntax.


    If I had $210/hour to ask such a question, I'd also have identical server
    hardware and I wouldn't need to ask the question in the first place.

    Honestly, it seems ridiculous to me that nobody seems to know a reliable way
    to backup Windows Server 2003, in a manner that can be easily restored. I
    can't imagine that you should have to pay $210/hour to find out how to do
    this, when I would think that this is something that every user of WS2003
    would want to know.
     
    dhomas trenn, Dec 28, 2007
    #3
  4. Dear Dhomas,

    Thank you for your reply.

    I understand that the issue could be a little frustrated. However, please
    note that operating system is closely related to hardware and simply moving
    operating system between different hardware is not recommended.

    As we have mentioned before, it would be an easy project if there are two
    machines with identical (or similar) hardware, or if the server are in a
    domain environment, because the user accounts are saved centrally on domain
    controllers.

    So, I'm sorry to say that it is a complex project under the current
    scenario. This is why I suggested that you contact Microsoft Advisory.

    Morgan and I have put this case on our technical triage meeting desktop and
    have discussed this issue with engineers of other specialties. However, we
    still suggest that you try the workaround provided by Morgan. Also, if
    possible, please choose machines with a long warranty period for critical
    business servers.

    Thanks again for using our products, and we wish you and your family a
    happy and healthy new year!

    Sincerely,
    Neo Zhu,
    Microsoft Online Support
    Microsoft Global Technical Support Center

    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Jian-Ping Zhu [MSFT], Dec 31, 2007
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.