Re: Server 2003 - Best Software To Make Drive Image?
A great writeup from another support site with step by step instructions on
successfully preventing the USN rollback issue when imaging a DC in a
multi-DC environment...
--------------------------------------------------------------------------------
Two methods:
One: Do a daily scheduled ntbackup of system state to a data disk - if you
ever need to restore an image of a DC, reboot in non-authorative domain
controller restore mode (F8 at startup) and restore the latest NTbackup
system state. DC will think it's non-auth restored, and at reboot will
request DC information from the other DC's.
Just *never ever* run the restored DC in normal mode before doing this, or
you are in USN rollback hell.
Method two:
Only if your 2003 DC's are running SP1 - you can "fool" a DC in thinking
it's non-authoratively restored without actually running ntbackup - again,
if you restored a DC and started it normally, you are scr*w*d.
To restore a previous image when USN rollback has not occurred
1.Using the previous , start the domain controller in Directory Services
Restore mode.
2.In a registry editor, if the entry DSA Previous Restore Count under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters is
visible, make a note of the value. If the entry is not visible, assume a
value of 0. Do not add the entry.
3.Add the registry entry Database restored from backup under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Data type: REG_DWORD
Value=1
This setting creates a valid system state backup and immediately restores
the backup.
4.Restart the domain controller normally.
5.In the registry, check to be sure that the value in DSA Previous Restore
Count is equal to its previous value plus 1.
6.In the Directory Service event log, check to see that event ID 1109
appears. This event confirms that the .vhd file has been restored and the
invocation ID has been changed. Event ID 1109 places the following
information in the log:
Active Directory has been restored from backup media, or has been configured
to host an application partition. The invocationID attribute for this
directory server has been changed. The highest update sequence number at the
time the backup was created is a%n
%nInvocationID attribute (old value):%n%1
%nInvocationID attribute (new value):%n%2
%nUpdate sequence number:%n%3
%n
%nThe invocationID is changed when a directory server is restored from
backup media or is configured to host a writeable application directory
partition.
This works for all imaging based products - the actual text above is from
MS, they had to come up with something that works in virtual PC
environments, because DC's get "paused" for more than 12 hours in these
situations - works for physical as well!
http://www.wilderssecurity.com/showthread.php?p=552065#post552065
Coraleigh
"Coraleigh Miller" <CoraleighMiller@yahoo.com> wrote in message
news:uIpZBPjzHHA.5160@TK2MSFTNGP05.phx.gbl...
> Hi Kath,
>
> WorkingHard has brought up some good info. Here is a doc from Microsoft
> which goes into more detail about the USN rollback possible issues and
> recovery... http://support.microsoft.com/kb/875495
>
> Coraleigh
>
> "WorkingHard" <WorkingHard@microsoftdiscussions.com> wrote in message
> news:Oz8mT6izHHA.1208@TK2MSFTNGP03.phx.gbl...
>> Please start reading about USN rollback and imaging of DC's this is not
>> support afik. AD restore mode and playing with the registry setting
>> forcing an authoritive restore from the DC you restired from the image
>> can fix this but I havn't got the details at hand, but rememer this is
>> not supported.
>>
>> Cheers
>> "Kaddie" <kathied@tweed.nsw.gov.au(donotspam)> wrote in message
>> news:2DCAE45B-8D16-44A9-B9A6-C106143A2516@microsoft.com...
>>> Just read this post. Since my boss is also looking at software like
>>> this how
>>> do these work with Win2003 servers that are the Domain controllers
>>> housing
>>> the Active Directory structure. Once the server is rebuilt do we have
>>> to
>>> restore AD structure back onto server. I'm thinking of worse case
>>> senario
>>> when a server completely dies.
>>> thanks
>>> --
>>> Kath
>>>
>>>
>>> "Nobody Important" wrote:
>>>
>>>>
>>>> I am supporting someone who just installed Sever 2003 and is running a
>>>> custom program that took quite a number of hours at a high billing rate
>>>> to
>>>> 'tweak' so the user wants an image done of the server's boot drive.
>>>>
>>>> I looked at Norton Ghost and it does not support Server 2003.
>>>>
>>>> We want to make an image file that will store on DVD DL
>>>>
>>>> Can anyone recommend a program that you have made image files and
>>>> restored
>>>> them on Server 2003?
>>>>
>>>> TIA
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>
>>
>
>