Re: How to restore a GC from backup using VERITAS?
- From: "Ace Fekay [MVP Direcrtory Services]" <firstnamelastname@xxxxxxxxxxx>
- Date: Tue, 12 Aug 2008 23:56:27 -0400
"Mark M." <markm85@xxxxxxxxxxxxx> wrote in message news:FE0D7F04-18D1-4639-BE30-F99D7F7FE73F@xxxxxxxxxxxxxxxx
We would like to restore an existing Global Catalog backed up using VERITAS
NetBackup.
The situation:
We have a single domain Windows 2000 forest with multiple DCs and GCs, all
running Windows Server 2003 Enterprise. Service pack levels vary between SP1
and SP2. Our PDC Emulator experienced a failed upgrade to Windows Server
2003 SP2 from SP1 and the rollback of SP2 was not completely successful
either. The server is still running, but it has some problems. We want to
restore it using a backup taken before the attempted upgrade. The backup is
about 30 days old at this point. The backup software is VERITAS NetBackup
5.1MP4 and the backup is a full backup including System State. The server in
question is also a DNS server that points to itself for name resolution.
Although I'd like to simply promote a new DC and remove the old one from the
domain, this is not the preferred option because the old GC has several
Secure LDAP clients that require the use of a specific certificate that is
installed on it. As a last resort, we will build a replacement GC, issue a
new cert and reconfigure the various dependent applications to use the new
cert.
We have an identical server available to perform the restore on. I have
already transferred the FSMO roles the GC held to other DCs and enabled the
GC function on another DC in the same site.
Would the restore process be as follows?
Load Windows Server 2003 SP1 on replacement server. Do not join domain, give
it a temporary name.
Load VERITAS NetBackup client on replacement.
Perform a full system and System State restore of original GC using VERITAS
Client on replacement.
Remove replacement from network.
Restart replacement.
Replacement comes up with identity of original GC.
Shut replacement down again.
Shut down original GC.
Bring replacement GC back up on production network.
Other DCs and GCs replicate AD updates to replacement GC?
When we tried this earlier, the System Event log showed Event ID 5706 SYSVOL
errors, a 16651 FSMO error from SAM, 40960 errors from LSASRV, and a string
of dynamic DNS registration errors.
It looks like DNS isn't starting because it's AD-integrated and AD isn't
available. Then DNS registration and lookups fail. AD has problems updating
because DNS isn't working and DNS won't start working because AD isn't
getting updated. The next time we try swapping the replacement GC, we'll
have it pointed to a different DNS server and see if this sorts itself out,
but I'd like to know if I'm missing anything else.
Thank you.
Did you check with Veritas' documentation? Do you have support? They will be more than happy to assist you in a restore with their product.
If not, you'll want to perform a non-authoratative restore of AD and the C: drive after you install a new machine.
If you have a system state backup less than 60 days old, AND a FULL backup of C: drive (assuming C: is the system and boot drive and the AD database resides on it), you can simply, and this is without changing anything on any of the other DCs or it will cause major problems (like transferring roles, messing with DNS and other stuff), try the following steps:
1. Simply reinstall the operating system to it's previous SP level, and it doesn't matter what name you give it, and it doesn't even have to be promoted,
2. Install any services that were on it, such as DNS, WINS, etc
3. Install the backup software, tape drivers, etc
4. Restore the system state AND the FULL C: backup
5. Restart the machine. It will come backup just the way it was 30 days ago, registry, AD.
The DC will replicate with the others and get caught up. This is with any backup software. But if there were any changes to any applications installed, hopefully you have a more recent backup of that specific app's data.
However if you messed with Roles and other things, expect problems. If you did, try, *try* to put everything back the way it was before building up the base machine prior to the restore, but results cannot be guaranteed. If this is the case, run a Metadata Cleanup to remove the failed DC's references on the current AD database, and simply install a new machine and promote it into the domain.
I'm sure others will point out anything I missed and possibly have other suggestions as well to assist you.
--
Regards,
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer
For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Infinite Diversities in Infinite Combinations
.
- References:
- How to restore a GC from backup using VERITAS?
- From: Mark M.
- How to restore a GC from backup using VERITAS?
- Prev by Date: Re: can't access logon script using UNC path
- Next by Date: Re: Cross Domain Authentication
- Previous by thread: How to restore a GC from backup using VERITAS?
- Next by thread: Re: How to restore a GC from backup using VERITAS?
- Index(es):
Relevant Pages
|
