Jan 23, 2011

Backup Windows Server 2003

Backup Windows Server 2003

Introduction

”Oh no, the hard disk crashed, all data is gone, what do I do now?” Recognize this? I hope not. Every administrator should have backed up all the data. And to do that we need some kind of software (ok, we can do it manually by using ctrl+c and ctrl+v, but do you want to do that?). The backup utility in Windows Server 2003 is such software. And it’s better then ever now, with things like Open File Backup (files can be accessed by users the same time it’s backed up). The storage medium can be a logical drive, such as your hard disk, a removable drive, or a library with disks or tapes controlled by a robot. Read on and find out what’s new, how you perform backups and how it works.

What is backup?

Before we start with the actually backup we must know what we are doing. This section will give you all the information you need to understand how backup works.

Types of backups

  • Normal backup
    The normal backup is…normal (surprised?). So, what does this mean? It simply means that it copies all the files you have marked to be backed up, and marks the files as having been backed up. You also only need the most recent copy of the backup file (other types of backups requires several files, see below) to restore. This type is usually what you use the first time you backup files.
  • Incremental backup
    The incremental backup backs up only those files that have been created or changed since last incremental or normal backup. It also marks the files as having been backed up. A combination of Normal backups and Incremental backups is common, and also a very good combination. It also requires the least amount if storage space and is fast for backing up the data. The disadvantage of this is that it’s time-consuming to recover files, simply because you need the last normal backup set and all incremental backup sets, which can be stored on several backup drives or tapes.
  • Differential backup
    The differential backup is similar to the incremental backup and only copies files that have been created or changed since the last normal or incremental backup. No, it wasn’t a typo, it doesn’t check if a differential backup has been run. This is because differential backups does not mark files as having been backed up. A combination of differential backups and normal backups is more time-consuming concerning the backup part then the incremental + normal backups are. But on the other hand it is faster to restore data because all you need is the last normal backup and the last differential backup.
  • Copy backup
    A copy backup copies all the files you have selected, but does not mark the files as having been backed up. This backup type is useful when you must backup single files between normal and incremental backups because it does not affect these operations.
  • Daily backup
    The daily backup copies all the files that you have selected that have been modified on the day, without marking the files as having been backed up.

Volume Shadow Copy Technology

This is a new technology in Windows Server 2003 that did not exist in Windows 2000 Server. This technology is used to create a copy of the original volume at the time a backup is initiated. Data is then backed up from the shadow copy instead of the original volume. By doing this, all activity such as file changes, will not affect the backup, because it is using the shadow copy instead, which is not changed. So with this new feature users can access files during a backup, files are not skipped because they were in use, files open appears to be closed.

You should use Volume Shadow Copy, but you can disable it. The only time when you want to disable it is when you don’t have enough free disk space. As you can imagine you need as much extra disk space as the file you will backup uses. This consumption of disk space is however temporarily and will be free when the backup is completed.

If sufficient temporary disk space is not available Windows Server 2003 cannot complete shadow copy and the backup will skip open files.

To use this feature you must use NTFS as file system.

Volume Shadow Copy does not mean that you from now on can backup when the server usage is high. You should always backup when it’s low, for example at nights and weekends.

[Volume Shadow Copy can be used for several other things. In this text I’m covering the backup part of Volume Shadow Copy.]

Permissions

Not everyone can backup files and folders and you must have certain permission to do this. To be able to backup any file and folder on a local computer you must be an administrator or a backup operator in a local group on that computer. Likewise, to be able to backup any computer in a domain you must be administrator or backup operator on the domain or a domain with which they have a two-way trust relationship.

You can however always backup files and folders for which you have ownership of or one or more of the following permissions for the file and/or folder: Read, Read and execute, Modify, Full Control.

You can also be limited in the backup because of disk-quota restrictions that may restrict your access to the hard disk. To check this, right click the disk you want to save the data to and click Properties. Then click the Quota tab.

Good practice is to limit access to a backup file so only administrators and the owner (the one who created the backup file) is able to restore files and folders. This is available as an option during the backup wizard.

System state data

You can choose to do a System State backup, and this is very important if you want to be able to get a functional system in the event of a crash. This table shows which components that are backed up on a System State backup.

Component Included in System State Backup
Boot files and system files Yes
Registry Yes
COM+ Yes
System files under Windows File Protection Yes
Active Directory, directory service If it’s a domain
SYSVOL directory If it’s a domain controller
IIS Metadirectory If it’s installed
Certificate Services database If it’s a Certificate Services server
Cluster Service information If it’s within a cluster

You don’t have to know which of these components to backup. The Backup Utility included in Windows Server 2003 will choose this when you perform a System State backup. Likewise you cannot choose which components to restore; all the System State data will be restored. This is due to dependencies among the components. You can however restore the System State data to an alternative location. This does not mean that you can restore it to another computer and think it will work as the one you backed up. Not all data is restored when you restore to an alternative location. Only the components System boot files, registry files, SYSVOL directory files and Cluster database information files will be restored.

Backup data

We will use this backup scheme to create our backups.

Day Type of backup
Friday night Full backup (normal)
Saturday night Incremental, files and folders only
Sunday night Incremental, files and folders only
Monday night Incremental, files and folders only
Tuesday night Incremental, files and folders only
Wednesday night Incremental, files and folders only
Thursday night Incremental, files and folders only

Designing a good backup scheme is not always as simple as you might think. Questions like, what should I backup and when should I back it up occurs. The answer to these questions varies for every network and every server. Say that you will back up a Domain Controller and you add objects to Active Directory all the time. Then the above scheme would not be recommended. You’ll have to backup System State data at least one more time during the week (if not every day). The above scheme does likewise not have to apply web servers. You’ll have to find out when the load is as low as possible on the web server and use this information to find out what kind of backup scheme you want to use. Here are some general rules:

  • Backup when the load is as low as possible
  • If System State data is changed frequently, back it up more often
  • If files and folders are changed often, perform Full Backup more often
  • You will most likely have to perform backups beside this scheme. When doing this, if it is possible, do not use Full Backup or Incremental Backup because it can disturb the normal backup scheme (files are marked as already backed up). Sooner or later you won’t know where files are and it can be very time-consuming to restore.
  • Consider what you think is most important, a fast backup or to be able to restore fast, you cannot have both these features.
  • Click Start->Run and type ntbackup
  • Click the Advanced Mode link
  • Click Backup Wizard (Advanced)
  • Click Next
  • Make sure Back up everything on this computer is selected and click Next
  • We will backup to a file, you can place it wherever you want, just make sure you name it Friday and click Next
  • Click Advanced
  • Make sure Normal is selected as type of backup and click Next
  • Check the box Verify data after backup and click Next (You will most likely have errors when the backup is completed and verified. This is because System State data is changed all the time. If there are too many errors, there might be problems with the file you are using to back up data.)
  • Click Replace the existing backups and click Next
  • Click Later and in the Job Name box type Friday Nights, click Set Schedule
  • In Schedule Task select Weekly and as Start time 11:00 PM (or whenever you want the backup to be scheduled). Make sure it’s set to run every 1 week and on Fridays. Click OK
  • You will be prompted to run the task as a user. Use a user with privileges to backup data.
  • Click Next
  • Click Finish

The Backup Wizard should close and you should be back in the Backup Utility. You can now verify that the backup is scheduled by clicking on the Schedule Jobs tab.

In case you want to edit the backup you can do it from here. Just click the backup symbol on the day you want to edit.

  • Click the Welcome tab and start the Backup Wizard again.
  • Click Next
  • Select Backup selected files, drives or network data and click Next
  • Expand My Computer in the left pane and select all drives (in my case C: and D:) and click Next
  • Name it Monday and click Next
  • Click Advanced
  • Select Incremental as type of backup and click Next
  • Check the box Verify data after backup and click Next
  • Click Replace the existing backups and click Next
  • Click Later and in the Job Name box type Monday Nights, click Set Schedule
  • In Scheduled Task select Weekly and as Start time 11:00 PM (or whenever you want the backup to be scheduled). Make sure it’s set to run every 1 week and on Mondays.
  • Click Advanced and set the Start Date the same day as when the full backup will run. In my case that is January 03, 2003, so that is the start date I choose. Click OK, click OK
  • You will be prompted to run the task as a user. Use a user with privileges to backup data.
  • Click Next
  • Click Finish

Use the steps above to create incremental backups for the other five days of week. Of course all this can be done by writing a script, but I’ll leave that for now. And again, this is only a suggestion for a backup strategy. A backup strategy varies from company to company and it is not something you develop in one hour. You must analyze and find out what fits your company best. Also remember that if you followed the steps above, you will only save the backup files for a week. This is probably not what you want, and you have to schedule a script to move the files every week.

Where are the log files?

Of course you should read the log files so you are sure that the backup was successful. You do this be looking in Event Viewer for error messages, and you can also read a complete report by clicking Report on the Tools menu. If you want to log more or less, take a look in the Options on the Tools menu, and click on the Backup Log tab.

Restore data

It’s Wednesday, and you discover that an important file is corrupt. The question is, how do I restore the file from a backup? Well, it’s quite simple. The first thing we have to do is locate where the file are. If we know where on the disk it’s supposed to be, we can start from the latest incremental backup (Tuesday) and try to find it. If it’s not there, it means that the file was not altered, and we have to try the next file (Monday). On the other hand if we do not know where the file is, we have to restore the full backup file (Friday), find the file, and then find out if there is a newer version.

  • If the Backup Utility is not open, open it and click on the Advanced Mode link.
  • Click Restore Wizard
  • Click Next
  • Expand Tuesday.bkf, find the file you want to restore and check the box in front of the file. In my case it is 0055.txt in D:\sql
  • Click Next
  • Click Advanced
  • Select Single Folder. This is because I am only restoring one file, and I don’t want to restore it to the original location. If I choose Alternate Location it will keep the folder structure (in my case it will create the folder sql). Usually you will use Alternate Location when restoring files.
  • In Folder Name type where you want to restore the file (in my case c:\restore) and click Next
  • Select Leave existing files and click Next
  • Make sure Restore security settings and Preserve existing volume mount points are selected and click Next
  • Click Finish

That’s it! The file is restored.

You use the same process to restore System State data. Just remember that if you are restoring the System State data on a Domain Controller you must start the computer in Directory Services Restore Mode, which you access be pressing F8 when the computer is starting. And if you want to perform an Authoritative restore, remember to run ntdsutil before restarting the computer. More info about the ntdsutil can be found by typing ntdsutil /? in a command prompt.