In-Depth

After the Crash

It’s not a matter of “if,” but “when,” your system turns that particular shade of blue that makes administrators see red. That’s when you’ll need to know what your options are to bring the dead box back to life.

If you use Windows 2000, sooner or later you’ll need the disaster recovery tools provided with the operating system. Depending on the situation, the recovery process can be as simple as selecting “Last Known Good,” or as elaborate as rebuilding the entire system. The important point to remember is that no matter which tool you choose, the recovery process requires some kind of backup from which you can restore either the data or the system configuration. Obviously, it’s wise to be prepared in case of a disaster and have a plan already in place to allow for quick disaster recovery.

In this article, I’ll explore several Win2K recovery tools, compare them and discuss their appropriateness under certain situations. This article focuses on the following Win2K recovery tools:

  • Last Known Good Configuration
  • Safe Mode Option
  • Recovery Console
  • Emergency Repair Disk
  • Directory Services Restore Mode
  • Backup

Let’s examine these tools in more detail and see how to best use them.

Last Known Good
To recover from a hardware configuration that’s preventing you from starting your system, try using the Last Known Good Configuration. After each successful logon, Win2K saves the information in the registry, which can be used to revert back to this configuration in case things go wrong. In addition to the default, Win2K writes current, failed and Last Known Good Configuration in the registry. To find out which CurrentControlSet is associated with these options, run regedit.exe and go to HKEY_LOCAL_ MACHINE\SYSTEM\ Select key, as shown in Figure 1.

Last Known Good Configuration
Figure 1. Last Known Good configuration in the Registry.

Let’s say you install a new scanner and load the incorrect driver. If this prevents your Win2K system from starting, the first thing to try is the Last Known Good Configuration to revert back to the previous configuration. This Last Known Good mode can be accessed by pressing F8 when prompted during the computer startup.

When you log on to the computer using the Last Known Good, only the registry information in the CurrentControlSet is restored. All other registry keys are unaffected. This allows you to log on to the computer and install the correct driver.

Safe, not Sorry, Mode
Another alternative to recover from the above situation is to use the Safe Mode Option. Because this option only uses the basic Win2K files and drivers, with no network connectivity, you may be able to log on and then remove the defective driver. The Safe Mode can also be useful when you want to recover from software installation problems. For example, if you install an anti-virus program not supported on Win2K and are unable to log on, try starting in Safe Mode and removing the software. There are several Safe Mode options you may find useful. They can be accessed by pressing F8 when prompted during the computer startup.

Recovery Console to the Rescue
If you’ve tried the previous options without success, try the Recovery Console. For example, if you’ve successfully logged on to your computer, you’ve essentially overwritten the Last Known Good that could have helped. If you’re now having trouble with your system, you need to find a way to disable the grief-causing driver or stop the service that won’t allow Win2K to start. Recovery Console can come in handy in these situations. In addition to the drivers, you can enable or disable services using this command-line console. If that doesn’t impress you, you can even fix your master boot record.

However, sometimes simply disabling the driver isn’t enough, and you can’t boot into Win2K unless you load a specific driver. Don’t worry; Recovery Console’s got you covered. You can use the Console to copy a good driver from a floppy disk onto the hard drive, overwriting the corrupted driver. Don’t confuse the Recovery Console with a DOS command prompt: There’s no such thing as DOS in Win2K. Recovery Console is a secure console that requires a password and can only be accessed by administrators.

Although you can access Recovery Console from the Win2K CD or Win2K setup disks, I recommend you install the Recovery Console on every Win2K computer in your organization so it’s available as a menu choice at startup. To install this console, run winnt32 /cmdcons from the Win2K source files folder.

System Recovery Best Practices
  • With the availability of tools such as Recovery Console, you no longer have an excuse to use the FAT file system on your Windows 2000 computers, unless you’re planning on dual-booting with an OS that requires FAT. Use NTFS whenever possible because it’s more reliable, recoverable and efficient than FAT.
  • If possible, separate the Win2K system and boot volumes from your data volume. Keeping them on separate disks will make your life easier when you have to recover one or the other. For example, if the hard disk that contains your data volume crashes, you can simply install a new drive and restore the data from the backup.
  • Create a Win2K boot disk and keep it handy, especially if you’re using mirrored volumes. Otherwise, you may not be able to start your computer if your primary mirrored drive has failed. Make sure you update the boot disk whenever you make changes to the volumes.

—Zubair Alexander

In Case of Emergency, Grab Floppy
If the damage to your system is more than a defective driver or service, you may have damaged or missing files or, perhaps, a damaged boot partition. Under these circumstances an Emergency Repair Disk (ERD) can come in handy. There are some misconceptions about ERD; for instance, it’s not a bootable disk, as some think. Also, an ERD can’t fix your data or the registry. It is, however, useful in repairing your system files, boot sector or the starting environment. You can use the Backup program to create an ERD, as shown in Figure 2. As mentioned earlier, if you want to use the Win2K recovery tools you must have a backup you can use to restore your system. Needless to say, you must create an ERD for your Win2K computer ahead of time, when your computer’s functioning properly.

Emergency Repair Disk
Figure 2. Create an Emergency Repair Disk using the Backup program. (Click image to view larger version.)

When Active Directory Goes Inactive
The Active Directory Restore Mode only applies to Win2K domain controllers. Let’s say you’ve deleted certain objects in AD that you need to restore from last night’s backup. You can use the AD Restore Mode to restore a user account, group, OU or other objects. Before you can restore objects in AD, you must have a System State backup—created through the Backup program—available that contains the objects you intend to restore. To access the Directory Service Restore Mode, press F8 when prompted during system startup.

Backup: Don’t Leave the Office Without it
The Backup program in Win2K can back up and restore data files. It can also be used to back up and restore the entire System State, which includes registry, boot files, and the COM+ class registration database. Depending on the computer, the System State can include additional components, as shown in Figure 3. For example, on a DC it also includes AD and SysVol. To restore AD, first back up AD using this tool, boot to Directory Service Restore Mode, then run the Backup tool to restore it. To access the backup tool, run the Backup program from Start | Programs | Accessories | System Tools, or simply type ntbackup.exe at the command prompt.

System State backup
Figure 3. A System State backup includes registry, boot files and the COM+ class registration database.

Recovery Guidelines
Here are some general guidelines that you can use to recover from a failure:

  • If your current hardware configuration is preventing you from starting Win2K, use Last Known Good Configuration. This will allow you to restore the previous working configuration.
  • To recover from a software configuration failure, try the Safe Mode Option, which uses only basic Win2K files and drivers and runs the minimum services required to start the system.
  • If neither Last Known Good nor Safe Mode is helpful, try the Recovery Console to troubleshoot the problem. For example, stop or start a service or enable or disable a device driver.
  • If Recovery Console doesn’t help, use an ERD to repair the damaged or missing system files or repair the partition boot sector.
  • If you want to recover objects in AD, use AD Restore Mode.
  • If you want to recover the entire System State or AD, use the Backup utility. System State includes AD, boot files, registry and so on.

Table 1 lists several Win2K recovery tools with a brief explanation of when to use them and how to access the tool.

Table 1. Windows 2000 Recovery Tools
Tool Scope of Recovery
Safe Mode Option When you start your computer in Safe Mode, it uses only the basic Windows 2000 files and drivers and runs only the minimum services required to start the system. There's no network connectivity in Safe Mode. To access Safe Mode, press F8 when prompted during the computer startup.
Recovery Console The Recovery Console allows administrators to perform administrative tasks at a command-line console. Administrators can stop or start services, enable or disable device drivers, fix the master boot record or format a local hard drive. You can access Recovery Console from the Win2K CD, Win2K Setup disks or install it as a boot menu item.
Emergency Repair Disk An Emergency Repair Disk (ERD) is used to fix problems that may prevent your Win2K computer from starting. You create an ERD when your computer is functioning properly. When you encounter problems, you can repair system files using this disk. ERD can be used to repair the boot sector, the startup environment (such as multiboot), or the system files. To create an ERD, use the Backup program from Start | Programs| Accessories | System Tools.
Last Known Good Configuration Use this configuration to start your computer using the registry information that was saved at the last shutdown. Keep in mind that any changes that you’ve made since the last successful startup will be lost. To access this mode, press F8 when prompted during boot.
Directory Service Restore Mode This is a special mode in Win2K used to restore the AD database. AD can’t be restored while you’re in the AD database. When you boot in this mode, you’re accessing the local SAM database, instead of the AD. This mode can be used to restore AD and the SYSVOL folder. To access this mode, press F8 when prompted during boot.
Backup

The Backup tool is used to backup and restore not only the data files but also the System State, which includes AD, boot files, registry and so on. To access the backup tool, run the Backup program from Start | Programs | Accessories | System Tools, or simply type ntbackup.exe at the command prompt.

The Right Tool for the Right Job
As you can see, when it comes to recovery tools, there are a lot of options available in Win2K. Some tools, such as Recovery Console, are meant for more advanced users. Others, such as Last Known Good, are a quick way to restore the previous working configuration by simply choosing an option from the menu. The important thing to remember is that you must have a good backup that can be used to restore your system configuration or data because you can’t recover something you don’t have.

Featured