Disaster Recovery – Boot Options for Windows Server 2003 / 2008

Introduction to Boot Options for Windows Server 2003 / 2008

Windows Server 2003 has inherited the Windows 95 and XP’s ability to interrupt the boot sequence by pressing F8.  This is a handy boot option for disaster recovery, for example, when you need to disable a driver or perform an Authoritative Restore.

Boot Topics for Windows Server 2003 / 2008

  ‡

F8 Startup options for Windows Server 2003 / 2008

Suppose the Windows server will not boot up.  You may get a stop error message, alternatively, it may get a black screen which says, cannot find xyz.com file.  Under these dire circumstances, your best bet is to reboot and press F8.  I urge you to run through these options when you are calm and can make rational decisions, because when disaster strikes, the heart races and you need the comfort of familiar menus and procedures. Therefore, practice boot options with F8.

  1. Safe Mode (Safe Mode with Networking, Safe Mode Command Prompt)
  2. VGA Mode
  3. Last Known good (LKG)
  4. Directory Services Restore

1. Safe mode

Those coming to Windows Server 2003 from NT 4.0, will be impressed with all the options revealed by pressing F8 on boot up; those who know Windows 98 will find old friends on the menu.  There are variation like Safe Mode with Networking, however I find the plain Safe mode is the best option when you begin troubleshooting.  The main use of Safe mode is to correct configuration errors so that you can try another normal boot.  Remember the first question to ask in troubleshooting is ‘What was the last setting to change?’.  Incidentally, never waste time asking who made that fatal change because I can tell you the answer from here – it’s always Mr Nobody.

A good point about safe mode is that you still preserve the option to try the Last Known Good.

2. VGA Mode

This is useful in two scenarios:
a) You inadvertently install an incompatible monitor driver 
b) Some nutter (Mr Nobody?) tries a variation of black writing on a black background.

3. Last Known Good (LKG)

This option is used in one specialist situation, you have just installed a rogue driver which you are pretty sure is preventing the Windows Server 2003 machine from booting.  If you did something that changed the registry, then you can revert to a spare control set.  Beware, the moment you logon, Windows creates a new Last Known Good, as a result you would lose the previous LKG.  The time to consider the LKG option is if you have just installed a new device and you see an error message ‘One or more services failed to start’.  In this situation DO NOT LOGON, power off, restart, press F8 and select Last Known Good from the menu.

4. Directory Services Restore – NTDSUTIL

The scenario: Someone has just deleted a complete OU from your Windows Server 2003 Active Directory.  The problem is that a normal restore will not work under these circumstances.  What will happen is that other Windows 2003 domain controllers will have later Update System Number and over write the restore, and delete the OU, so you are back where you started.  What you need in this situation is the Directory Restore option from the F8 menu.

To prepare for a Directory Service Restore, first complete a normal restore and take the Windows Server 2003 offline.  Then reboot, select the special Directory Service Restore mode at the F8 menu.  Next run NTDSUTIL to tell Active Directory not to over-write the OU that you wish to recover. 

That last paragraph is easy for me to write, but in reality NTDSUTIL is a difficult utility to use.  Time spent practicing with NTDSUTIL will repay many times when you have to make a disaster recovery.  In addition you need to understand LDAP because you need to issue a command to only restore the faulty part of Active Directory, in this case the OU that was deleted.

See much more on NTDSUTIL here

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM)Review of Orion NPM v11.5 v11.5

SolarWinds’ Orion performance monitor will help you discover what’s happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

What I like best is the way NPM suggests solutions to network problems.  Its also has the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.

Download a free trial of Solarwinds’ Network Performance Monitor

System Recovery Console – CMDCONS

When you are trying to boot a reluctant Windows Server 2003 / 2008, CMDCONS is another string to your bow.

Highly organized administrators run Winnt32  /cmdcons which installs about 8MB of files that make up the System Recovery Console.  Fortunately should you forget to run CMDCONS ahead of the boot problem, then you can still boot from Windows Server 2003 CD and access System Recover from that Server CD.

If the system will not start due to a corrupted file, CMDCONS gives you tools to copy replacement files from CD.  When you select System Recovery, it drops you into a DOS like shell where you can also issue commands to enable or disable services that are preventing a clean boot.

Trap: The password for this account is stored in the SAM database.  This is sometimes called the DSRM (Directory Services Restore Mode) accounts.  My point this administrator account  will almost certainly have a different password from the regular domain administrator account.  This is how your reset that DSRM / special / other / SAM administrator’s password.

Challenge: Install and test CMDCONS.  My point is that time spent practicing with CMDCONS will repay handsomely when it comes to using the Recovery Console in anger.  In particular you may be surprised how difficult it is to logon as administrator.

Tools to troubleshoot Windows Server 2003 crashes

  1. Event Viewer. If you are able to start in safe mode, then the first program to open is the event viewer to check the logs.  There is also a little know script called EventQuery.vbs /auxsource which you run from the command prompt.
  2. System Configuration Utility – Msconfig.exe  Sys.ini etc
  3. System Information.  Programs, Accessories, System Tools
  4. Missing or corrupt file – System File Checker – sfc
  5. System Icon, Hardware, Device Manager, Device, Properties, Roll Back
  6. System Icon, Advanced, Startup and Recovery options
  7. Services (Administrative Tools)
  8. NTBTLog.txt
  9. Resource kit tools like Tasklist and Taskkill
  10. Performance Monitor Tool

If you like this page then please share it with your friends

 


More Topics for Disaster Recovery in Server 2008