Problem
You should perform manual disaster recovery in the following situations:
- The Windows operating system has become corrupted and cannot be restored using the Emergency Repair Disks.
- The hard drive containing the Windows operating system has encountered an unrecoverable error that requires reformatting the disk.
- The hard drive that contains the Windows operating system needs to be replaced.
This document includes the following 2 manual disaster recovery procedures:
- Manual disaster recovery of a local Backup Exec server on a Windows computer
- Manual disaster recovery of a remote Backup Exec server or remote agent on a Windows computer
Solution
Manual disaster recovery of a local Backup Exec server on a Windows computer
For automated disaster recovery process please review - Step by step guide for Simplified Disaster Recovery (SDR) with Backup Exec
This procedure restores the computer's operating system to a pre-disaster state. It also restores the data files, except for those that a Backup Exec agent protects, such as the Agent for Microsoft Exchange Server. If Backup Exec agents protect any of the data, refer to the section in the Backup Exec Administrator's Guide on how to restore the data that is protected by the agent before beginning disaster recovery. The agent-protected data should be restored after the system recovery is complete. This procedure includes non-authoritative and authoritative restore of Active Directory for a domain controller.
Use a separate procedure for manual disaster recovery of a remote Windows computer. See Manual disaster recovery of a remote Backup Exec server or remote agent on a Windows computer.
These steps are intended for manual disaster recovery only. If Simplified Disaster Recovery (SDR) is enabled for the computer, you should use SDR for disaster recovery.
The following items are required for manual disaster recovery of a local system:
- A current full backup of the computer to be recovered and any subsequent incremental and differential backups.
- The Windows installation media.
- The Backup Exec installation media.
- For Backup Exec 15 and later, you must have the database encryption key that was used to encrypt the Backup Exec Database. You should have exported the key to a secure location. You must retrieve it from that location to complete the recovery process.
- A storage device such as a tape drive, disk storage device, or a robotic library must be attached to the computer that you want to recover.
- If you are performing an authoritative restore on a domain controller, DSRM credentials are needed.
Note: If you recover a Windows computer that has BitLocker encryption enabled, you must enable BitLocker encryption again after the restore.
See Microsoft's documentation for more information on BitLocker drive encryption.
Always log on to Windows using the Administrator account or its equivalent during this procedure.
To run a manual disaster recovery of a local Backup Exec server on a Windows computer
- Install the original version of Windows. The same Service Pack and patches need to be applied after Windows is installed.
Note the following scenarios:
If you recover from an entire hard disk failure, use Windows setup to partition and format the new disk during installation. This Windows installation is necessary to provide Backup Exec with a target to which it can restore the system. The computer name, Windows directory, and the file system (such as NTFS) must be the same as the previous Windows installation. This basic installation is overwritten by the backed-up version, which restores your system configuration, application settings, and security settings.
If the system was a domain controller, in a specific domain or workgroup, do not join the domain or workgroup. Use the More... option on the Computer Name Change dialog box to manually add a domain suffix to the computer name that matches the system's original domain or workgroup suffix.
Change the new system name to match the original system name by performing the following steps in the order listed:
Note: If the domain or workgroup is joined, you must reestablish the domain or workgroup trust relationship after the restore and restart are complete.
- From System Properties, on the Computer Name tab, click Change.
- On the Computer Name/Domain Changes dialog box, click More.
- If necessary, select Change primary DNS suffix when domain membership changes, and then click OK.
- Restart the system.
- Install Backup Exec to a directory other than where it was originally installed (a temporary installation). Always log on to Windows using the Administrator account or its equivalent during this procedure.
Note: After recovery is complete, this installation of Backup Exec can be removed.
- Start Backup Exec, and then add the required Storage device by selecting the Storage tab and then Configure Storage.
This storage device will be the tape where your backup set resides or the disk path where your disk storage device backup files are located.
Note: If you are using a disk storage device to recover the local Backup Exec server, do not include the original disk storage device. If you cannot avoid restoring it, you will need to ensure that the disk storage device being used for the recovery does not conflict with the original disk storage device location.
- On the Storage tab, click Inventory and Catalog to both inventory and catalog the media that contains the latest full, incremental, and differential backups of the computer that you want to recover.
- Select the Backup and Restore tab, and then click Restore.
- Do one of the following:
If the restore method
Complete online restore of a computer, or restore system component is available
|
Do the following in the order listed:
|
If the restore method Complete online restore of a computer, or restore system component is not available | Create a restore job and manually select individual system components for recovery. Do not restart the computer after the restore job finishes. |
- Your computer's operating system is now restored to a pre-disaster state, but you should not restart your system yet. Your data files have been restored if they were included in a restore job, except those protected by Backup Exec database agents.
Continue with one of the following:
For an authoritative restore of a domain controller | Proceed to step 8. |
If you are restoring a standalone server or a non-authoritative restore of a domain controller | The recovery is complete. Restart the computer after the restore job successfully completes. Also, if you have copied disk storage device files to another location for the purpose of a restore, you can remove them. Proceed to step 9 to complete this procedure. |
- For an authoritative restore of a domain controller, do the following:
Important: Make sure that the system is booted into Directory Services Restore Mode for the first restart after the restore. Failing to do so may replicate the Active Directory once the Active Directory services are online. To prevent this, you can isolate the system from the network temporarily.
- Press F8 during startup. A menu appears that lets you diagnose and fix system startup problems.
- Select Directory Services Restore Mode.
- Log in using your DSRM credentials.
See Microsoft's documentation for running NTDSUTIL for Windows Server.
- Open a command prompt.
- Type NTDSUTIL, and then press Enter.
- Type Activate Instance NTDS, and then press Enter.
- Type Authoritative Restore, and then press Enter.
- Type the following command, and then press Enter:
restore subtree ou=OU_Name,dc=Domain_Name,dc=xxx
<ou_name> is the name of the organizational unit that you want to restore, <domain_name> is the domain name that the OU resides in, and <xxx> is the top-level domain name of the domain controller, such as com, org, or net.
- Repeat these steps as many times as necessary for the specific objects that you need to restore.
- After you have finished restoring Active Directory information, exit NTDSUITIL.
- Restart the computer.
Note: If you have copied disk storage device files to some other location to restore them, they can be removed.
- If you are recovering a server that runs Backup Exec 15 or later, Backup Exec prompts you for the database encryption key file when you launch it. Complete the following steps to import the database encryption key file:
- Locate the database encryption key from the secure location to which you backed it up. Backup Exec indicates the name of the key that needs to be restored.
- Copy the file and then paste it in the Data folder in the directory in which you installed Backup Exec.
- Log in to Backup Exec.
Manual disaster recovery of a remote Backup Exec server or remote agent on a Windows computer
This procedure restores the computer's operating system to a pre-disaster state. It also restores the data files, except for those that a Backup Exec agent protects, such as the Agent for Microsoft Exchange Server. If Backup Exec agents protect any of the data, refer to the section in the Backup Exec Administrator's Guide on how to restore the data that is protected by the agent before beginning disaster recovery. The agent-protected data should be restored after the system recovery is complete. This procedure includes non-authoritative and authoritative restore of Active Directory for a domain controller.
Use a separate procedure for manual disaster recovery of a local Backup Exec server. See Manual disaster recovery of a local Backup Exec server on a Windows computer.
These steps are intended for manual disaster recovery only. If Simplified Disaster Recovery (SDR) is enabled for the computer, you should use SDR for disaster recovery.
The following items are required for manual disaster recovery of a remote system:
- A current full backup of the computer to be recovered and any subsequent incremental and differential backups.
- The Windows installation media.
- For Backup Exec 15 and later, you must have the database encryption key that was used to encrypt the Backup Exec Database. You should have exported the key to a secure location. You must retrieve it from that location to complete the recovery process.
- If you are performing an authoritative restore on a domain controller, DSRM credentials are needed.
Note: If you recover a Windows computer that has BitLocker encryption enabled, you must enable BitLocker encryption again following the restore.
See Microsoft's documentation for more information on BitLociker drive encryption.
Always log on to Window using the Administrator account or its equivalent during this procedure.
To run a manual disaster recovery of a remote Backup Exec server or remote agent on a Windows computer
- At the remote computer, install the original version of Windows. The same Service Pack and patches need to be applied after Windows is installed.
Note the following scenarios:
If you recover from an entire hard disk failure, use Windows setup to partition and format the new disk during installation. This Windows installation is necessary to provide Backup Exec with a target to which it can restore the system. The computer name, Windows directory, and the file system (such as NTFS) must be the same as the previous Windows installation. This basic installation is overwritten by the backed-up version, which restores your system configuration, application settings, and security settings.
If the system was a domain controller, in a specific domain or workgroup, do not join the domain or workgroup. Use the More... option on the Computer Name Change dialog box to manually add a domain suffix to the computer name that matches the system's original domain or workgroup suffix.Change the new system name to match the original system name by performing the following steps in the order listed:
Note: If the domain or workgroup is joined, you must reestablish the domain or workgroup trust relationship after the restore and the restart are complete.
- From System Properties, on the Computer Name tab, click Change.
- On the Computer Name/Domain Changes dialog box, click More.
- If necessary, select Change primary DNS suffix when domain membership changes, and then click OK.
- Restart the system.
- At the Backup Exec server, install the Backup Exec Agent for Windows on the remote computer.
Note: After recovery, the Backup Exec logon account will need to be updated and the Backup Exec trust will need to be reestablished for the recovered remote server.
- On the Backup and Restore tab, select the computer name, and then click Restore.
- Do one of the following:
If the restore method Complete online restore of a computer, or restore system component is available | Do the following in the order listed:
|
If the restore method Complete online restore of a computer, or restore system component is not available | Create a restore job and manually select individual system components for recovery. Do not restart the computer. |
- Your computer's operating system is now restored to a pre-disaster state, but you should not restart your system yet. Your data files have been restored if they were included in a restore job, except those protected by Backup Exec database agents.
Continue with one of the following:
For an authoritative restore of a domain controller | Proceed to step 6. |
If you are restoring a standalone server or a non-authoritative restore of a domain controller | The recovery is complete. Restart the computer after the restore job successfully completes. Proceed to step 7 to complete this procedure. |
- For an authoritative restore of a domain controller, do the following:
Important: Make sure that the system is booted into Directory Services Restore Mode for the first restart after the restore. Failing to do so may replicate the Active Directory once the Active Directory services are online. To prevent this, you can isolate the system from the network temporarily.
- Press F8 during startup. A menu appears that lets you diagnose and fix system startup problems.
- Select Directory Services Restore Mode.
- Log in using your DSRM credentials.
See Microsoft's documentation for running NTDSUTIL for Windows Server.
- Open a command prompt.
- Type NTDSUTIL, and then press Enter.
- Type Activate Instance NTDS, and then press Enter.
- Type Authoritative Restore, and then press Enter.
- Type the following command, and then press Enter:
restore subtree ou=OU_Name,dc=Domain_Name,dc=xxx
<ou_name> is the name of the organizational unit that you want to restore, <domain_name> is the domain name that the OU resides in, and <xxx> is the top-level domain name of the domain controller, such as com, org, or net.
- Repeat these steps as many times as necessary for the specific objects that you need to restore.
- After you have finished restoring Active Directory information, exit NTDSUITIL.
- Restart the computer.
- If you are recovering a server that runs Backup Exec 15 or later, Backup Exec prompts you for the database encryption key file when you launch it. Complete the following steps to import the database encryption key file:
- Locate the database encryption key from the secure location to which you backed it up. Backup Exec indicates the name of the key that needs to be restored.
- Copy the file and then paste it in the Data folder in the directory in which you installed Backup Exec.
- Log in to Backup Exec.