In-Depth
After the Crash
It’s not a matter of “if,” but “when,” your system turns that particular shade of blue that makes administrators see red. That’s when you’ll need to know what your options are to bring the dead box back to life.
- By Zubair Alexander
- July 01, 2002
If you use Windows 2000, sooner or later you’ll need the disaster recovery
tools provided with the operating system. Depending on the situation,
the recovery process can be as simple as selecting “Last Known Good,”
or as elaborate as rebuilding the entire system. The important point to
remember is that no matter which tool you choose, the recovery process
requires some kind of backup from which you can restore either the data
or the system configuration. Obviously, it’s wise to be prepared in case
of a disaster and have a plan already in place to allow for quick disaster
recovery.
In this article, I’ll explore several Win2K recovery tools, compare them
and discuss their appropriateness under certain situations. This article
focuses on the following Win2K recovery tools:
- Last Known Good Configuration
- Safe Mode Option
- Recovery Console
- Emergency Repair Disk
- Directory Services Restore Mode
- Backup
Let’s examine these tools in more detail and see how to best use them.
Last Known Good
To recover from a hardware configuration that’s preventing you
from starting your system, try using the Last Known Good Configuration.
After each successful logon, Win2K saves the information in the registry,
which can be used to revert back to this configuration in case things
go wrong. In addition to the default, Win2K writes current, failed and
Last Known Good Configuration in the registry. To find out which CurrentControlSet
is associated with these options, run regedit.exe and go to HKEY_LOCAL_
MACHINE\SYSTEM\ Select key, as shown in Figure 1.
|
Figure 1. Last Known Good configuration in the
Registry. |
Let’s say you install a new scanner and load the incorrect driver. If
this prevents your Win2K system from starting, the first thing to try
is the Last Known Good Configuration to revert back to the previous configuration.
This Last Known Good mode can be accessed by pressing F8 when prompted
during the computer startup.
When you log on to the computer using the Last Known Good, only the registry
information in the CurrentControlSet is restored. All other registry keys
are unaffected. This allows you to log on to the computer and install
the correct driver.
Safe, not Sorry, Mode
Another alternative to recover from the above situation is to use
the Safe Mode Option. Because this option only uses the basic Win2K files
and drivers, with no network connectivity, you may be able to log on and
then remove the defective driver. The Safe Mode can also be useful when
you want to recover from software installation problems. For example,
if you install an anti-virus program not supported on Win2K and are unable
to log on, try starting in Safe Mode and removing the software. There
are several Safe Mode options you may find useful. They can be accessed
by pressing F8 when prompted during the computer startup.
Recovery Console to the Rescue
If you’ve tried the previous options without success, try the Recovery
Console. For example, if you’ve successfully logged on to your computer,
you’ve essentially overwritten the Last Known Good that could have helped.
If you’re now having trouble with your system, you need to find a way
to disable the grief-causing driver or stop the service that won’t allow
Win2K to start. Recovery Console can come in handy in these situations.
In addition to the drivers, you can enable or disable services using this
command-line console. If that doesn’t impress you, you can even fix your
master boot record.
However, sometimes simply disabling the driver isn’t enough, and you
can’t boot into Win2K unless you load a specific driver. Don’t worry;
Recovery Console’s got you covered. You can use the Console to copy a
good driver from a floppy disk onto the hard drive, overwriting the corrupted
driver. Don’t confuse the Recovery Console with a DOS command prompt:
There’s no such thing as DOS in Win2K. Recovery Console is a secure console
that requires a password and can only be accessed by administrators.
Although you can access Recovery Console from the Win2K CD or Win2K setup
disks, I recommend you install the Recovery Console on every Win2K computer
in your organization so it’s available as a menu choice at startup. To
install this console, run winnt32 /cmdcons from the Win2K source files folder.
System
Recovery Best Practices |
- With the availability of tools such as Recovery
Console, you no longer have an excuse to use the FAT
file system on your Windows 2000 computers, unless
you’re planning on dual-booting with an OS that requires
FAT. Use NTFS whenever possible because it’s more
reliable, recoverable and efficient than FAT.
- If possible, separate the Win2K system and boot
volumes from your data volume. Keeping them on separate
disks will make your life easier when you have to
recover one or the other. For example, if the hard
disk that contains your data volume crashes, you can
simply install a new drive and restore the data from
the backup.
- Create a Win2K boot disk and keep it handy, especially
if you’re using mirrored volumes. Otherwise, you may
not be able to start your computer if your primary
mirrored drive has failed. Make sure you update the
boot disk whenever you make changes to the volumes.
—Zubair Alexander
|
|
|
In Case of Emergency, Grab Floppy
If the damage to your system is more than a defective driver or
service, you may have damaged or missing files or, perhaps, a damaged
boot partition. Under these circumstances an Emergency Repair Disk (ERD)
can come in handy. There are some misconceptions about ERD; for instance,
it’s not a bootable disk, as some think. Also, an ERD can’t fix your data
or the registry. It is, however, useful in repairing your system files,
boot sector or the starting environment. You can use the Backup program
to create an ERD, as shown in Figure 2. As mentioned earlier, if you want
to use the Win2K recovery tools you must have a backup you can use to
restore your system. Needless to say, you must create an ERD for your
Win2K computer ahead of time, when your computer’s functioning properly.
|
Figure 2. Create an Emergency Repair Disk using
the Backup program. (Click image to view larger version.) |
When Active Directory Goes Inactive
The Active Directory Restore Mode only applies to Win2K domain
controllers. Let’s say you’ve deleted certain objects in AD that you need
to restore from last night’s backup. You can use the AD Restore Mode to
restore a user account, group, OU or other objects. Before you can restore
objects in AD, you must have a System State backup—created through the
Backup program—available that contains the objects you intend to restore.
To access the Directory Service Restore Mode, press F8 when prompted during
system startup.
Backup: Don’t Leave the Office Without it
The Backup program in Win2K can back up and restore data files.
It can also be used to back up and restore the entire System State, which
includes registry, boot files, and the COM+ class registration database.
Depending on the computer, the System State can include additional components,
as shown in Figure 3. For example, on a DC it also includes AD and SysVol.
To restore AD, first back up AD using this tool, boot to Directory Service
Restore Mode, then run the Backup tool to restore it. To access the backup
tool, run the Backup program from Start | Programs | Accessories | System
Tools, or simply type ntbackup.exe at the command prompt.
|
Figure 3. A System State backup includes registry,
boot files and the COM+ class registration database. |
Recovery Guidelines
Here are some general guidelines that you can use to recover from
a failure:
- If your current hardware configuration is preventing you from starting
Win2K, use Last Known Good Configuration. This will allow you to restore
the previous working configuration.
- To recover from a software configuration failure, try the Safe Mode
Option, which uses only basic Win2K files and drivers and runs the minimum
services required to start the system.
- If neither Last Known Good nor Safe Mode is helpful, try the Recovery
Console to troubleshoot the problem. For example, stop or start a service
or enable or disable a device driver.
- If Recovery Console doesn’t help, use an ERD to repair the damaged
or missing system files or repair the partition boot sector.
- If you want to recover objects in AD, use AD Restore Mode.
- If you want to recover the entire System State or AD, use the Backup
utility. System State includes AD, boot files, registry and so on.
Table 1 lists several Win2K recovery tools with a brief explanation of
when to use them and how to access the tool.
Table 1. Windows
2000 Recovery Tools |
Tool |
Scope
of Recovery |
Safe Mode Option
|
When you start your computer
in Safe Mode, it uses only the basic Windows 2000 files
and drivers and runs only the minimum services required
to start the system. There's no network connectivity in
Safe Mode. To access Safe Mode, press F8 when prompted
during the computer startup. |
Recovery Console
|
The Recovery Console allows
administrators to perform administrative tasks at a command-line
console. Administrators can stop or start services, enable
or disable device drivers, fix the master boot record
or format a local hard drive. You can access Recovery
Console from the Win2K CD, Win2K Setup disks or install
it as a boot menu item. |
Emergency Repair
Disk |
An Emergency Repair Disk (ERD)
is used to fix problems that may prevent your Win2K computer
from starting. You create an ERD when your computer is
functioning properly. When you encounter problems, you
can repair system files using this disk. ERD can be used
to repair the boot sector, the startup environment (such
as multiboot), or the system files. To create an ERD,
use the Backup program from Start | Programs| Accessories
| System Tools. |
Last Known Good
Configuration |
Use this configuration to start
your computer using the registry information that was
saved at the last shutdown. Keep in mind that any changes
that you’ve made since the last successful startup will
be lost. To access this mode, press F8 when prompted during
boot. |
Directory Service
Restore Mode |
This is a special mode in Win2K
used to restore the AD database. AD can’t be restored
while you’re in the AD database. When you boot in this
mode, you’re accessing the local SAM database, instead
of the AD. This mode can be used to restore AD and the
SYSVOL folder. To access this mode, press F8 when prompted
during boot. |
Backup |
The Backup tool is used to backup and restore not only
the data files but also the System State, which includes
AD, boot files, registry and so on. To access the backup
tool, run the Backup program from Start | Programs |
Accessories | System Tools, or simply type ntbackup.exe
at the command prompt.
|
|
|
The Right Tool for the Right Job
As you can see, when it comes to recovery tools, there are a lot
of options available in Win2K. Some tools, such as Recovery Console, are
meant for more advanced users. Others, such as Last Known Good, are a
quick way to restore the previous working configuration by simply choosing
an option from the menu. The important thing to remember is that you must
have a good backup that can be used to restore your system configuration
or data because you can’t recover something you don’t have.