Back(-up) to Core Business

Reading Time: 10 minutes

Windows Server 2008 brings the successor to ye old NTBackup. The role that can be installed separately includes both a Microsoft Management Console (MMC) as command line tools. In Server Core the role doesn't add the MMC, but sure adds the command line tool wbadmin.exe

In this post you'll find:

 

What's new in Windows Backup

There are a couple of things you need to know about Windows Server Backup:

  • Backup created with NTBackup.exe cannot be restored using Windows Server Backup
  • Windows Server Backup does not allow backups to tape
  • Only NTFS partitions and volumes can be backupped

Backup to disk

This means you cannot use the built in Backup tool in Windows Server anymore to do dirt-cheap backups to tape.

While this may sound like a bad decision from Microsoft it actually makes sense when you look at the evolution of backup in the last couple of years:

  • Inexpensive (arrays of) SATA disks have replaced expensive (cabinets of) magnetic tapes with their error prone tape units
  • Restoring incidental files from disk has proven to be faster than restoring from tape. Part of the difference in restore time is the throughput of tape vs. disk and the way data is read from tape vs. tape, but finding data on tape through catalogs has also shown to be more time consuming.
  • Hard Disk cloning has proven to be more appealing to administrators than Intelligent Disaster Recovery options for backup suits
  • Tapes have to be replaced every once every often.
  • The rise of Self Help Portals

With that being said I believe there's also some very good news for Server Core Admins. Since their systems only require 2 GB of Disk Space their backups can easily fit on dirt cheap USB Memory Sticks and Rewritable DVD media. While on-site backup to disk is fast, cheap, reliable and complete, please remember:

Important
On-site back-up does not protect you from disaster when you don't: (either)

    • Combine it with off-site back-up to disk
    • Combine it with off-site back-up to tape

By now it might be clear Windows Backup is not being positioned as an enterprise-grade product. Microsoft's System Center Data Protection Manager (DPM) 2007 is a product that can be used as a complete backup solution for enterprises. It features backup to disk, archive to tape scenario based solutions with a Self Service Portal as an added bonus. As off-site back-up to disk you might want to consider using an online backup service.

File formats

One of the best things of Windows Backup is the file formats it uses. Where NTBackup.exe used the closed BKF file format, Windows Backup uses the ZIP and VHD format. The commands shown in this post all result in backups using the VHD format. These formats will ensure you can read your backups from virtually any system.

The downside to this format is Microsoft decided not to implement password protection, since implementation of this feature to the ZIP format is a much debated and no standard way to password protect ZIP files has been determined.

 

Best Practices

Central management

When you have multiple Server Core boxes to backup it is recommended to implement a central backup solution, complete with a central management console, which allows you to manage all the backups in your environment and locate problems in a split second.

Windows Backup is a good tool when you want to make on-demand backups besides your regular scheduled backups or when you have one single Server Core box.

Use a scheme

When you use backup to tape and If you have enough money you can buy 365 backup tapes to store backups for a whole year. Another way to achieve roughly the same is using a backup rotation scheme. (With roughly I mean you can restore files from 3 months ago or 6 months ago, but not exactly 56 days ago.) A good backup scheme that is still understandable for helpdesk personnel is the Grandfather, Father, Son scheme. Alternatively you can use the Towers of Hanoi scheme.

Securely Store Stuff Off-Site

To make sure you still have backup data available when the building you work in burns down, get hit by airplanes or get bombed by someone who is out of his or her mind, it's a good idea to store (some) backups off-site. When you do so, ensure you encrypt this data, when your corporate needs imply so.

Verify 'on'

It is recommended to turn on the verify option if your backup program offers the option. If your backup cannot complete outside office hours with the Verify option on, turn it off on the backup you've scheduled between week days.

Test your restores

Don't rely solely on your backups logs. Restoring incidental files for that crumpy little office attendant may not be your favorite thing, but can also be considered a restore test. When your organization has a method to perform complete system backups (or clones) test these on a regular basis too. (every 3-6 months)

Clean before the light goes on

When you use backup to tape, try to clean the head of your tape unit, before the light goes on. You can use the first couple of months to determine the time between cleaning moments. I understand you can't perform this trick right from the start… after all not everyone is paranormally gifted. Cleaning tapes can only be used a very limited amount of times. When you buy a cleaning tape the case holds a sheet of paper that you can use to mark each time you employ the tape. Don't use the cleaning tape beyond these amount of times and make sure you have a spare cleaning tape handy.

Prefer an external device

When you're buying a tape drive prefer an external drive if your budget allows it. Tape drives tend to break down. An external drive is easier to replace by a support technician than an internal drive. USB devices can even be safely removed and attached.

Buy new tapes often

When you use backup to tape, be sure to buy new tapes every so often. Tapes can only be overwritten a limited amount of times. When you use a tape rotation scheme (like the Grandfather, Father, Son scheme) be sure to interchange monthly tapes and daily tapes after a year and buy new ones every two years.

Procedures, Procedures, Procedures

Backing up systems is a means to make sure you can still use the services the system provides after the system fails. Procedures help you to do the same with your Systems Administrator and people that change tapes.

 

Adding the backup role

Windows Server Backup is an optional role you can install on your Server Core installation of Windows Server 2008 using the following command:

start /w ocsetup.exe WindowsServerBackup

Alternatively you can use the following command, which will also work on Full Installation of Windows Server 2008:

start /w pkgmgr.exe /iu:WindowsServerBackup

Note:
The ocsetup.exe, oclist.exe and pkgmgr.exe commands are case-sensitive on roles.

 

Making Backups

Windows Backup is actually a pretty neat tool. The basic function is a scheduled daily backup and you can make additional backups on top of that. In total there are five types of backups you can make:

  1. Scheduled Backups
  2. System State Backups
  3. (Copy) Backups of the File System
  4. Full Backups using the Volume Shadow Copy Service (VSS)

 

Scheduled Backups

Scheduled (Full) Backups can be made using a schedule. The purpose is to backup data to a disk, identified by a DiskID following a predefined schedule.

Determining the DiskID

The first step is to determine the DiskID for the target location. Since Windows Backup will format the disk before each backup it obviously can't be the same disk you run Server Core from. I have been testing with a disk my boss gave to me for Christmas, which is an USB2  connected device. I connected the device and typed the following command:

wbadmin.exe get disks

This resulted in a list with two devices. The first device was the hard disk of my Server Core box. The second disk was the removable drive. When you run the command you want the DiskID, which is noted between curly braces in the format {xxxxxxxx-xxxx-xxxx-xxxxxxxxxxx}

When you intend to use a pool of externally connected USB of FireWire devices, connect each device and write down its DiskId.

Determining the Schedule

Secondly you need to figure out a schedule that fits your needs. The scheduled backup will run every day, so you need to enable the backup at times that are convenient for you (when you want to swap a drive) and for other services (defragmentation schedules, etc) In my test lab a full backup of the C: disk only took 15 minutes, so that's all you need to take into account.

Schedules are defined as times in 24h notation. You can schedule multiple backups per day. In that case you need to divide times using commas.

Determining what to back up

There are two ways to tell Windows Backup what you want to backup using the above schedule and target:

  1. -include:
    Using this method you can specify drives, mountpoints and GUID based volume names to include in the backup.
  2. -allCritical
    This will ensure all the critical volumes, volumes having OS components, are being backupped using the schedule.

Enabling scheduled backups

The following command is a typical command to enable a scheduled daily backup of all the drives where OS components are stored:

wbadmin.exe enable backup -addtarget:{xxxxxx-xxxx-xxxx-xxxxxxxxxxxx} -schedule:HH:mm -allcritical

Note:
Targets in Scheduled backups get formatted before scheduled backups begin.

Disabling scheduled backups

When you feel it's time to end your schedule simple type the following command:

wbadmin.exe disable backup

 

System State Backups

System State backups consist of the data that is important to the machine for proper functioning. System State Backups can be used in combination with UNC paths. Depending on the roles of your Server Core box, the System State consists of:

All Registry
COM+ Class Registration Database
Boot Files, including System Files
System Files protected by WFP
Domain Controllers Active Directory Logs
Active Directory System Volume (SYSVOL)
Active Directory Database
Clusters Cluster Service Information
Web Servers Internet Information Services Configuration

System State Backups can be very useful when a server is experiencing a problem, or you want to restore a specific role of the server to a point back in time. The latter scenario is very common in Active Directory scenarios.

Making a System State backup is fairly easy, since there's only one option (-quiet) and one required field.(-addtarget) All you need to remember is the target for a System State Backup needs to be a UNC path of a local volume. You cannot use a share on a remote server.

Making a System Backup is as simple as typing the following command:

wbadmin.exe start systemstatebackup
-backuptarget:
D:

Tip:
You might think to schedule this command using at.exe, but I recommend you not to do this, since the command requires user interaction unless you specify the -quiet switch. Be aware you need to do backup maintenance because previous backups and logs will be kept indefinitely, unless you schedule maintenance jobs to get rid of them.

 

(Copy) Backups of the File System

When you want to make an on-demand backup of your file system you can use the start backup context of Windows Backup. If you decide not to specify any switches Windows Backup will ask you whether you want to run the scheduled backup at that specific moment, besides running it in the schedule you defined using enable backup.

You can also decide to run an on-demand backup using your own settings. In that case the steps to follow are:

Determining the backup target

The -backuptarget switch can be used to specify a backup target for the on-demand backup. This can be a drive letter or an UNC path to a remote shared folder.

Backing up to a drive letter enables you to make a backup file on a volume, without it being formatted before the backup (as with the enable backup). When you reuse the drive letter however it will delete any backups of the server on that specific drive before the backup begins.

Backing up to a network share is a good way to get your backups over the network to another system. The additional -user and -password switches allow you to specify a username and password with sufficient rights to the backup target.

Determining what to backup

There are two ways to tell Windows Backup what you want to backup using the above schedule and target:

  1. -include:
    Using this method you can specify drives, mountpoints and GUID based volume names to include in the backup.
  2. -allCritical
    This will ensure all the critical volumes, volumes having OS components, are being backupped.

Determining the need for extra switches

There are some extra command line switches that might be handy to use in specific situations:

  • -noVerify
    The -NoVerify switch tells Windows Backup not to verify the backup at the backuptarget. When you use this option the backup process will be over faster, but the contents of the backup file will not have been checked for consitency and/or completeness.
    Looking at the best practices above I believe Microsoft has made a good decision turning on verify by default, unless you specify otherwise.

 

  • -noInheritACL
    When using a network share as backup target you might want to limit access to the backup file to the useraccount specified, Administrators and Backup Operators. This optional command line switch will clear the Access Control List (ACL) and only add the above groups to the list.

Tip:
For this last option the account you specify to run the backup must have Full Control NTFS rights and Full Control NTFS Permissions on the share.

 

Running the backup

To start an on-demand instance of the scheduled backup simply run the following command:

wbadmin.exe start backup

Answer Y to the question whether you want to run a backup using the same configuration you use for scheduled backups.

To start an on-demand backup using preferred settings that are different to the sceduled backup use the following command line switches:

wbadmin.exe start backup -backuptarget:\\SERVER\SHARE -allCritical

 

Full Backups using VSS

The fourth type of backup is the Full Volume Shadow Copy Service (VSS) backup of the filesystem. While I state this type of backup is a different kind of backup it is actually started using the same command as the (Copy) Backup. There are some huge differences though:

VSS Backups are full backups.

This means full backups reset the archive bit on your files. This might present a signicifant problem when you use this type of backup in conjunction with a fully fledged backup suite like NetBackup, Backup Exec, BrightStor ARCserve Backup, Yosemite and other in situations where you use differential or incremental backups.

Note:
You might lose data, when you're not paying attention.

To run an on-demand Full backup using the Volume Shadow Copy Service (VSS) simply add the -VSSFull switch to your (Copy) Backup command.

 

Checking stuff

Following the best practices it is important to routinely check the status of the backup. There are two important checks:

  • Check if any backup is occuring at that moment
  • Check if recent backups have succeeded

Check whether any backup is occuring

To check whether any backup is running on the server you can type the following command:

wbadmin.exe get status

When a backup is running it will show the status. Otherwise it will return an error no backup jobs have run.

Check if recent backups have succeeded

To check if recent backups have turned out OK, you can either check the logs of Windows Backup or ask Windows Backup directly.

Check the logs

When a backup doesn't succeed Windows Backup will write a log on the event in the Logs\WindowsServerBackup subfolder of your %WINDIR%. If it succeeds it will only write a Performance Monitor Log (*.etl) file.

Ask Windows Backup

You can have Windows Backup generate a list with versions, which are succeeded backups. The command to generate this list is:

wbadmin.exe get versions

By default the list will contain backups from the attached disks. When you use multiple external disks in a scheduled backup you can use the optional -backuptarget switch to specify a DiskID.

 

Concluding

Windows Backup adds backup abilities to Server Core installations of Windows Server 2008. Please see what backup best fits your needs in the following table:

Type of Backup What to backup? Where to backup?
wbadmin enable backup File System DiskID
wbadmin start systemstatebackup System State Local UNC Path only
wbadmin start backup File System DiskID, UNC Path
wbadmin start backup -vssfull Complete System DiskID, UNC Path

Further reading

Windows Server Backup
Performing a Nonauthoritative Restore of AD DS
TechNet Forums – Backup in Core?
TechNet Forums – Backup/Restore of Active Directory in Longhorn Server Beta 2
TechNet Forums – Windows Server 2008 System State
TechNet Webcast: System Center Data Protection Manager 2007 Overview
Microsoft System Center Data Protection Manager Homepage
File Backup in Windows Vista FAQ
Using network shares as targets for the file-based Backup tool in Windows Vista
Vista: Automate and Schedule Complete PC Backup
What we have here is a failure to communicate
How to backup System State only in Windows Server 2008?
PowerShell for Windows Server Backup

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.