Most of my customers are small businesses that I visit on a regular basis.  For some that means once or twice a week, for other’s monthly visits are sufficient.  One of the key areas I focus on when checking a site is the backup. 

Microsoft’s backup utility, NTBackup, is a tool I use at many of my customers.  Although I wasn’t a fan when tapes were the primary backup media, now that we’ve moved to Hard Drive backups, I really like it.  It’s aware of Exchange & SQL Server, will record System State, including Active Directory and you can select as little or as much data as you want.  Best of all it’s free!  If your servers are NT, 2000 or 2003 it’s built right in.  I was disappointed to find that it is not included, nor supported, for Windows 2008 (as I’ve previously posted about).

One tiny complaint I do have with the software is the limited number of logs that are saved.  By default it’s 10.  If you are checking the backup every day, or even once a week, this is fine.  You can see what happened each day.  If you don’t check the backup logs that often or, as in my case, are not at the location, you could miss potential problems.

Fortunately there is a simple registry hack that will let you decide the number of logs the program saves.  Using Regedit, navigate to and change the following registry entry:

 HKEY_CURRENT_USER\Software\Microsoft\Ntbackup\Log Files\Log File Count

Set the number to whatever you like just remember to switch to DECIMAL, unless you are a wiz at converting hex numbers in your head!

• Essential Overview Service – IT Administration for small businesses
• Vist our Home Page

Until recently 0.0% of my customers had upgrade their servers to Windows 2008.  Last month was my first experience installing it or working with it for more than a few minutes.  The OS overall seems solid but left me extremely disappointed in the System Backup.

I haven’t spent enough time with the system to give a fully qualified review but I can say that I struggled just getting the system to do a backup of the C drive.  Although I expect you’ll hear more from me about this system (hopefully about how wrong I was), for now I’ll just run through the problems we had.  Hopefully it will help someone else in the future.

Background:

• This customer had 2003 SBS that they had been running for years.  Recently the hardware became a little flaky so we decided it was time to upgrade.  They spent a few bucks and ordered a very nice server with 2008 SBS on it.
• When the server arrived we followed Microsoft’s instructions on migrating from 2003 to 2008. Things went pretty smoothly.  Backups and restores took the most time.
• We decided that the old server, despite its quirks, still had some value so we put new hard drives in it and loaded it with 2003 standard edition as each domain can only have 1 SBS server on it.
• The old hard drive from the original server were placed in a USB drive case and mounted on the new server.  We surmised that it would nice to have the drives handy, just in case we missed any data.

Problem:

A few days after the installation we were attempting to configure the backup system.  The thing that was immediately apparent was no Exchange backup, no SQL Server backup; it was a full system backup or nothing.  I’ve read that Microsoft plans to add an Exchange module to the system, but as far as I can tell it’s not out yet.  I’ve also seen a few posts where people were speculating that the MS engineers were simply saying that the fix was coming.   This could just be typical Microsoft bashing so I’m not sure who to believe.

I digress…After we saw that we needed to change our backup strategy, we decided to start with a backup of the C drive.

Configuring the backup wasn’t difficult; we just used the wizard in the SBS Console.  Running the backup proved more challenging.  We immediately received an error in the Backup History that said “Server Backup did not finish successfully. See the Event Log for details. “

Road to a solution:

Ok great.  Not very helpful but what can you do?  A Google search for “Event 521 Backup” (See Image 1) led me to this Microsoft page.  The article basically says “Check for other event failures with a source of either VSS or SPP”. 

Oh boy, another clue!  We found errors in the Application event log for source SPP (Event ID #16387 – See Image 2) that happened at the same time the backups were run.  Eventid.net pointed to this MS article. 

This wild goose of an article indicates that the problem is caused by “an active EISA partition on the computer is a hidden partition”.  Although this computer had an EISA partition, it was not active so this turned out not to be the problem.  Further investigation of the error messages showed slight differences in the error message (although the Event ID was the same). 

In the article referenced above the message was “Description: Shadow copy creation failed because of error reported by ASR Writer. More info: Incorrect function.” The message that we were receiving was “More info: The backup failed due to a missing disk for a dynamic volume. Please ensure the disk is online and retry the backup.”

Finally, with mild-to-severe aggravation motivating me, I ran a Google search on that phrase.  After 2 or 3 of the results I found this article and about half-way through the author mentions that he had a broken mirror that caused the problem…

Light bulb!

The USB drive that I had installed on the new server also had a failed mirror.   One of the reasons we changed servers was that very reason. Image 3 shows the Disk Manager while we were having problems. 

At the time I was working on this problem I was off-site so I wasn’t able to physically remove the drive but I did take it ‘offline’ via the Disk Management tool.  Once that was done (See Image 4) the backup worked fine — even though the failed mirror had nothing to do with either the source or destination of the backup. 

Although I didn’t test this, I’m sure removing the USB drive from the system or removing the mirror would also solve the problem.

Whew! Glad that’s over. Now onto finding an Exchange backup…

Overview:

• Windows 2008 SBS System backups were failing.
• Event Log showed the following errors:
  • Event ID # 521
    • Source: Backup
    • Description: Backup started at ‘<date> <time>’ failed as Volume Shadow copy operation failed for backup volumes with following error code ‘<error code>’. Please rerun backup once issue is resolved.
    • Event ID #16387
      • Source: SPP
      • Description: More info: The backup failed due to a missing disk for a dynamic volume. Please ensure the disk is online and retry the backup.”
• Cause of failure:
  • A failed mirror on an old drive listed in Disk Manager

Windows 2008 Backup – Chasing a solution

There may be cases where you would like a domain user to automatically log in.  For example, I have a few customers who are manufactures.  They have a high turnover of workers that they do not want to have to train on how to work the computer.  They just want it logged in and ready to go and if a restart is necessary there is no log in procedures to document or teach.

Even though these computer are part of a domain, as are the user accounts, we want the computers to automatically log in to a specific account.  Normally these accounts are heavily controlled via Group Policies.

Editing the following registry keys will accomplish this task:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  • DefaultUserName
  • DefaultPassword
  • AutoAdminLogon
  • DefaultDomainName

Additional Information:

The following link from Microsoft contains additional information including how to safely edit the registry and how to add keys if they do not exist.

http://support.microsoft.com/kb/315231

You can change the Remote Desktop listening port on a computer by editing the following registry entry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber

You may want to do this if you have more than one computer on your network that you’d like to allow access to Remote Desktop through the router/firewall.

You’ll need to allow access to the computer via Port Forwarding in your router/firewall.  If you’re using a software firewall on your computer (i.e. Windows Firewall) you will also need to allow access through the firewall for the new port.  Changing this port does not automatically change the firewall rules.

More information can be found at this link:
http://support.microsoft.com/kb/306759

If you’ve ever attempt to copy a large directory tree with many sub-folders and files, you may have had the process fail.  When this happens you are left not knowing where the error may have occured.  Depending on how deep the tree is you are trying to copy, you may or may not be able to see the folder/file that caused the error.  The most likely cause of the error is that the file is locked or in use.

To avoid this situtation I often use the XCOPY command.  This command is an old DOS command that stills exists (as of Windows XP, I haven’t check on Vista for it).  The command is more robust than the standard Copy command.  Be warned however that this will still not copy any locked files, it just skips over them.

This may not be an ideal solution in all cases, but it has proved useful to me when I care more about getting the bulk of the files/folders, than getting every file.  I believe the ROBOCOPY command can be used to copy locked/in use files but that seems to require an additional download where XCOPY is native to the O/S.  I’m sure I will do another article about ROBOCOPY in the future.

I use the following switches to copy files and skip locked or used files:
XCOPY Source [Destination] /E /C /F /H /K /O /Y

XCOPY Help – All Switches:
XCOPY source [destination] [/A | /M] [/D[:date]] [/P] [/S [/E]] [/V] [/W]
                           [/C] [/I] [/Q] [/F] [/L] [/G] [/H] [/R] [/T] [/U]
                           [/K] [/N] [/O] [/X] [/Y] [/-Y] [/Z]
                           [/EXCLUDE:file1[+file2][+file3]…]

  source       Specifies the file(s) to copy.
  destination  Specifies the location and/or name of new files.
  /A           Copies only files with the archive attribute set,
               doesn’t change the attribute.
  /M           Copies only files with the archive attribute set,
               turns off the archive attribute.
  /D:m-d-y     Copies files changed on or after the specified date.
               If no date is given, copies only those files whose
               source time is newer than the destination time.
  /EXCLUDE:file1[+file2][+file3]…
               Specifies a list of files containing strings.  Each string
               should be in a separate line in the files.  When any of the
               strings match any part of the absolute path of the file to be
               copied, that file will be excluded from being copied.  For
               example, specifying a string like \obj\ or .obj will exclude
               all files underneath the directory obj or all files with the
               .obj extension respectively.
  /P           Prompts you before creating each destination file.
  /S           Copies directories and subdirectories except empty ones.
  /E           Copies directories and subdirectories, including empty ones.
               Same as /S /E. May be used to modify /T.
  /V           Verifies each new file.
  /W           Prompts you to press a key before copying.
  /C           Continues copying even if errors occur.
  /I           If destination does not exist and copying more than one file,
               assumes that destination must be a directory.
  /Q           Does not display file names while copying.
  /F           Displays full source and destination file names while copying.
  /L           Displays files that would be copied.
  /G           Allows the copying of encrypted files to destination that does
               not support encryption.
  /H           Copies hidden and system files also.
  /R           Overwrites read-only files.
  /T           Creates directory structure, but does not copy files. Does not
               include empty directories or subdirectories. /T /E includes
               empty directories and subdirectories.
  /U           Copies only files that already exist in destination.
  /K           Copies attributes. Normal Xcopy will reset read-only attributes.
  /N           Copies using the generated short names.
  /O           Copies file ownership and ACL information.
  /X           Copies file audit settings (implies /O).
  /Y           Suppresses prompting to confirm you want to overwrite an
               existing destination file.
  /-Y          Causes prompting to confirm you want to overwrite an
               existing destination file.
  /Z           Copies networked files in restartable mode.

The switch /Y may be preset in the COPYCMD environment variable.
This may be overridden with /-Y on the command line.

I’ve run into several occassions where a user’s profile has “disappeared” from their comuputer.  When this happens you can be sure that screams of “Where’s my stuff!” usually ensue.  Many users have told me that they believed their data to be gone forever.

Fortunately this is not usually the case and it’s fairly easy to recover the profile.  This document explains how to do that.  Note, however, that this procedure only applies to a profile that still exists and this will do nothing to help a damaged profile.

The most common instance of this problem is when a computer is added or removed from a Domain.  When this happens a new profile is created for the user, giving them a fresh desktop, My Documents, Favorites, Registry and settings.  I’ve also had it happen when a computer needs to be removed from a domain and then re-added to correct various networking issues that System Administrators encounter.

Here’s a practical example:

For several years my laptop was configured as a Workgroup laptop.  My username was Jeff, so my profile was labeled accordingly at C:\Documents and Settings\Jeff. (See Fig. 1)

Eventually I added a domain server,  joined my laptop to the domain and setup a user Jeff on the domain GARGOYLE. When I did this I was given a new profile at C:\Documents and Settings\Jeff.GARGOYLE.  (See Fig 2) Of course, my documents, settings, email, etc. were all set back to factory settings (i.e. Nothing in them). 

I would prefer to use the profile I’ve had for the past several years so I followed the following procedure to point my new profile to the old settings.

Grant Full Control Permission to the Old setting folder:

·         Right click on the original folder (C:\Documents and Settings\Jeff), select properties.

·         On the security Tab add your new user name (in this case GARGOYLE\Jeff) and give full control permission to that user.  Click OK to close.

Edit the User Profile Registry Key

·         NOTE: Incorrectly editing your registry can cause serious problems to your computer, including disabling the computer completely.  Do not edit the registry if you are unsure about what you are doing.

·         It is also advisable that you back your registry before continuing.  http://support.microsoft.com/kb/322756/ this link from Microsoft explains how to do that.

·         Open the Registry Editor (StartàRunàRegedit)

·         Navigate to the following registry key

o    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList

·         We need to change the property ‘ProfileImagePath’ for our NEW profile. 

·         To locate the new profile, click each sub-folder to the ProfileList folder and check the ProfileImagePath value until you see the location of your NEW profile. (See Fig. 3)

o    In this example the NEW profile will have ‘%SystemDrive%\Documents and Settings\Jeff.GARGOYLE’ as the value.

·         Once you have located the correct sub-folder. Change the ProfileImagePath setting to match your OLD profile location (%SystemDrive%\Documents and Settings\Jeff).  (See Fig. 4)

When I restart my computer and log into my domain account I am greeted with my familiar Desktop, My Document and settings that I have used for years.