Microsoft exchange & Active Directory disaster recovery

Restoring Exchange Server is way more difficult than it should be. The issues are with Active Directory (AD) - Windows 2000 is nearly impossible, Windows 2003 is a lot easier and for me this is the most compelling reason to upgrade.
Exchange data today is the most important data for a lot of companies, yet nearly every company I visit have never done a bare metal recovery. That is a restore their backups to a PC that is not part of the Domain. The steps outlined in this standard will do a complete restore of AD on Windows 2003 and Exchange 2003 (or 2000). This restoration be done executed every 2 months on test servers to verify the backups are being completed correctly.
Backups should be done daily. When implementing your backup process, it is better to have too much then not enough. Basically back up the whole C: - I originally thought that just AD's System State was enough, but I needed other files.
Note that AD has a tombstone lifetime of 60 days. You have to restore the backup within this time or you will be unable to restore AD.

The steps to restore Active Directory on Windows 2003


First a note of warning, Never restore a backup of Active Directory in a production environment if there is still a working Domain Controller on the network. When you do have to restore AD on a new computer, once it is up and running promote another computer to take over the restored server. Because AD is tied in with the computer configuration, there are always problems associated with the restored DC.
For this restore you will have to have a full backup of the primary server. (backup all partitions and also the system state)
Windows does not like changing hardware. When restoring to a new computer make sure that things like the CPU architecture and the amount of CPUs on board are the same. (dont try restoring a Intel system to an AMD system) although this is a lot better with Windows 2003.
When getting your restore computer try to get the most similar hardware as you can. Important things include the network card, and any SCSI cards. Ideally you would keep a list of the parts in the PC and make an identical system.
When you backup your server, make sure only the BARE essentials are installed on this computer so not to complicate the restore process and also keeping your backup files size to a minimum.
RESTORE PROCESS (from a server to a notebook)
  1. Install Windows 2003:
    If you are able you can make sure that windows installs on the same drive as your backed up server. An idea is to make some dummy 8 meg drive partitions until you get to the required drive letter.
    Also make sure that you choose the same regional settings, name, and any other settings to be the server you are attempting to restore.

  2. OPTIONAL! Disabled ACPI in bios as this causes Invalid IO errors in the error log.

  3. OPTIONAL! Run scandisk from safe mode - fix bad clusters.

  4. OPTIONAL! Always boot in VGA mode to avoid unnecessary complications.

  5. Make sure that your boot drive is the same as it is on the backed up server:
    If the original server is still operating you can find out the drive by going Start -> Run "%SystemRoot%"
    If your boot partition was say H: on your backed up computer then you will be unable to restore unless it is the same on the restored server.
    Refer to http://support.microsoft.com/default.aspx?scid=kb;en-us;223188 for instructions on how to do this.
    Reboot and reinstall Windows with a repair installation of Windows 2003.

  6. Install any windows service packs. The computer has to be at the same service pack level.

  7. Start windows 2003 in Directory Services Restore Mode by pressing F8 upon windows startup. Logon to the local administrators account.

  8. Restore Backup using Windows backup utility:
    You need to restore your Operating System drive and the System State of the PC
    (Make sure you have 'Always replace the file on disk' selected from the tools -> options menu)
    (To perform a primary restore, select When restoring replicated data sets, mark the restored data as the primary data for all replicas in the advanced options)
    Check the log after the restore - Ensure that there were no errors restoring the System State.
    Don't Restart
    at this time.

  9. Check that the restore was successful by opening Regedit and looking for the RestoreInProgress key in the subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS

  10. Double check your boot.ini file and make sure that the correct disk is selected.

  11. Reboot in normal mode.

  12. OPTIONAL! Machine doesn't boot (screen goes blank, and machine just sits there and you have tried several times).

  13. OPTIONAL! Boot up with Win 2003 server disk - Run Repair.

  14. OPTIONAL! Start in safe mode - Set video card to standard VGA.

  15. Server Boots OK:
    You should be confronted with a nice welcome message from Microsoft - "Since windows was first activated on this computer, the hardware on the computer has changed significantly. Windows must be activated in 3 days."
    How nice of Microsoft to remember you in your hour of need.

  16. Install new network driver and any other drivers that the computer wants.

  17. Ensure that the new network card is using the old IP address:
    Open the command prompt
    Type: set devmgr_show_nonpresent_devices=1 [enter]
    Type: start devmgmt.msc [enter]
    Device manager will open.

    Click View, Show hidden devices
    Go into the Network Adapters section, and you will see the old network card, which you can then uninstall.
    You should also clean up the other devices that are no longer detected. This will help speed up start-up time dramatically.

    Sometimes after a restore, you won't be able to log on since you have a different NIC. If you go into Active Directory Restore Mode, you can perform the above procedure and then install the new NIC. Then you will be able to log on.

    Change the TCPIP properties to the IP address of the backed up computer
    I.E. Use 192.168.1.8, 255.255.255.0 and DNS Server as 192.168.1.8, as per 2003 setup on the new machine.

  18. Reboot - DNS and DHCP should now be working again.

  19. Now that you have an IP and DNS is up Active Directory should open and All the users should be there! ;)
    (you may have to Connect to Domain Controller and enter in the PC name)


  20. Authoritative restore? If you are completing a authoritative restore then you will have to boot up back in Directory Services Restore Mode and the run ntdsutil. Then restore the entire database as Authoritative.

  21. Make sure that AD is working:
    Make a new user and then delete it.

    If this is a orphan server and making a user didn't work then you will have to force ownership of the 5 DC FSMO Roles using ntdsutil.
    To do this:
    1. Start->Run->ntdsutil->[enter]
    2. Type - roles [enter]
    3. Type - connections [enter]
    4. Type - connect to localhost [enter]
    5. Type - quit [enter]
    6. Type - ? [enter]
    7. You will see five Seize commands
    8. Enter each seize command to seize the five FSMO roles
    You will also have to remove any other servers listed in Sites and Services and ensure that the current computer is listed as a global catalogue.
    To do this:
    1. Start -> Administrative Tools -> Active Directory Sites and Servers
    2. Drill Down Sites and Your Domain and expand each server listed.
    3. Right Click on the NTDS Settings for the Server you are restoring and click on properties.
    4. Ensure that Global Catalog is ticked and hit OK
    5. Delete all other servers listed.

  22. Reboot.

  23. Run DCDiag and NETDiag to check that the DC is happy and everything is OK

The steps to restore Exchange 2003 on Windows 2003

For this restore you will have to have a full backup of the exchange server Information stores
NOTE: It is assumed that you had Exchange 2003 installed on your DC that we have already restored.
RESTORE PROCESS
  1. Check Exchange Is Working:
    • Make sure all Exchange Services are running (e.g. Exchange Information Store)
    • If exchange does not work then run Exchange setup.exe with the /forestprep, /domainprep, and then /distasterrecovery (IN THAT ORDER)
    • Also Install any Service packs on exchange
    • NOTE: If exchange still does not work, you may need to reinstall it.
  2. Mount Information Stores (this will make empty Databases)
    1. Open Exchange System Manager
    2. Delete any Recovery Storage Groups
    3. Drill Down Admin Groups -> Servers-> SERVER -> First Storage Group
    4. For Each Item listed:

      Mount the Store:
      1. Right click
      2. Select Mount Store
      3. Click OK

      Allow database to be over-written:
      1. Right click
      2. Select Properties
      3. Select the Database Tab
      4. Tick This database can be overwritten by a restore
      5. Click OK

  3. Stop the Exchange Information Store service
  4. Delete any files in the mdbdata folder for the stores
  5. Restart the Exchange Information Store service
  6. Delete any new files in the mdbdata folder
  7. Restore Exchange database from windows backup
    Enter in the path where the exchange store will be restored to, i.e. your mdbdata directory. Make sure you tick the Last Restore Set and Mount Database After Restore checkboxes.
    Exchange 2003 Restore
  8. After restore is completed then exchange should have re-attached the exchange databases to exchange. They should now be up and running. (This may take some time).
  9. Check that Exchange is Running by logging in with Outlook Web Accesshttp://localhost/exchange
  10. DONE!!!! Ahhhh now wasnt that easy?
If your Store will not mount have a look at http://support.microsoft.com/default.aspx?scid=kb;en-us;Q253931

The steps to restore Exchange 2000 on Windows 2000

For this restore you will have to have a full backup of the exchange server Information stores
NOTE: You cannot install Exchange 2000 on the windows 2003 computer. (2003 does not support Exchange 2000 yet)
RESTORE PROCESS
  1. Install Windows 2000 with IIS, NNTP
  2. Install 2k SP3
  3. Add system to domain
  4. On our restored server for AD, you have to make it a AD schema master
    ONLY DO THIS IF YOUR USING THE RESTORED AD SERVER
    Open up ntdsutil on the restored 2003 PC
    roles
    Connections
    Connect to the AD server
    Quit
    Seize schema master
  5. Run setup for exchange with /forestprep (base install)
  6. Run setup for exchange with/domainprep (base install)
  7. Run setup for exchange with/disasterrecovery (select normal items)
  8. After Exchange has installed
    System Attendant service will not start
  9. Install Exchange SP's (same service pack that the original Exchange server was running)
  10. Reboot
  11. Mount all Information Stores. (it will create blank databases)
    Un-mount all Information Stores
  12. Go to directory of the First Storage groups files and delete all files in this directory
  13. Open up Exchange System Manager
    Drill down Servers -> -> First Storage Group
    Go into properties for all the nodes under the storage group
    Click on the Database Tab and select the checkbox "This database can be overwritten by a restore"
  14. Install Backup Exec
  15. Restore Exchange database
    Click restore button
    Under Exchange tab uncheck No loss restore checkbox
  16. DONE!!!! Ahhhh now wasnt that easy?
If your Store will not mount have a look at http://support.microsoft.com/default.aspx?scid=kb;en-us;Q253931

Comments

Popular posts from this blog

Linux File and Directory Permissions

How to Disable SSL for Webmin

INSTALL CISCO VPN CLIENT ON WINDOWS 10 (32 & 64 BIT). FIX REASON 442