Deploying The Tivoli Storage Manager Client in A Windows 2000 Environment Sg246141

Deploying the Tivoli Storage Manager Client in a Windows 2000 Environment
Using the TSM client support for Windows 2000 Planning and implementing backup scenarios Restoring Windows 2000 objects
Pat Randall Javier Hernandez Rod Macleod Andrew Pearce
ibm.com/redbooks
SG24-6141-00
International Technical Support Organization Deploying the Tivoli Storage Manager Client in a Windows 2000 Environment
April 2001
Take Note! Before using this information and the product it supports, be sure to read the general information in Appendix A, Special notices on page 157.
First Edition (April 2001) This edition applies to Tivoli Storage Manager V4.1.2 for use with the Microsoft Windows 2000 Operating System. Comments may be addressed to: IBM Corporation, International Technical Support Organization Dept. 471F Building 80-E2 650 Harry Road San Jose, California 95120-6099 When you send information to IBM, you grant IBM a non-exclusive right to use or distribute the information in any way it believes appropriate without incurring any obligation to you.
Copyright International Business Machines Corporation 2001. All rights reserved. Note to U.S Government Users Documentation related to restricted rights Use, duplication or disclosure is subject to restrictions set forth in GSA ADP Schedule Contract with IBM Corp.
Contents
Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Tables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .ix Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xi The team that wrote this Redbook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Comments welcome . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii Chapter 1. Introducing TSM client support for Windows 2000 . . . . . . . 1 1.1 Types of Windows 2000 implementations . . . . . . . . . . . . . . . . . . . . . . . 1 1.1.1 Windows 2000 Professional . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1.2 Windows 2000 Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1.3 Windows 2000 Advanced Server . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1.4 Windows 2000 Datacenter Server. . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2 Introduction to TSM 4.1.2 support for Windows 2000 . . . . . . . . . . . . . . 3 1.3 System State components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.3.2 System boot files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.3.3 Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.3.4 Event logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.3.5 COM+ Class DB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.3.6 Certificate Services DB. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.3.7 Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.3.8 System Volume (SYSVOL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.3.9 File Replication Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.3.10 Cluster DB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1.4 File System (NTFS) components . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1.4.1 Encrypted File System (EFS) . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 1.4.2 Reparse Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 1.4.3 Multiple Named Data Streams . . . . . . . . . . . . . . . . . . . . . . . . . . 13 1.4.4 The Change Journal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 1.4.5 Sparse file support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 1.4.6 Distributed Link Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 1.4.7 Directory Junctions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 1.4.8 Volume Mount Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 1.5 Storage components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 1.5.1 Disk Quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 1.5.2 Distributed File System (DFS) . . . . . . . . . . . . . . . . . . . . . . . . . . 16 1.5.3 Single Instance Store . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 1.5.4 Removable Storage Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 1.5.5 Remote Storage Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Copyright IBM Corp. 2001
iii
1.5.6 Indexing service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Chapter 2. Introducing Tivoli Storage Manager 4.1.2 client . . . . . . . . . 19 2.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 2.2 New features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 2.2.1 System Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 2.2.2 SYSTEMOBJECT domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.2.3 System Objects managed as a group . . . . . . . . . . . . . . . . . . . . . 21 2.2.4 New commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.2.5 Support for mobile computer users enhanced. . . . . . . . . . . . . . . 24 2.2.6 ODBC driver not included . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 2.2.7 InstallShield for Windows Installer used . . . . . . . . . . . . . . . . . . . 24 2.2.8 Registry backup now processes all hives . . . . . . . . . . . . . . . . . . 24 2.2.9 Event log backup now processes all logs . . . . . . . . . . . . . . . . . . 25 2.2.10 Restore to same location only. . . . . . . . . . . . . . . . . . . . . . . . . . 25 2.2.11 Management class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 2.3 What has changed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 2.3.1 System Objects require new backup . . . . . . . . . . . . . . . . . . . . . . 25 2.3.2 Changed commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 2.3.3 Local backup only. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 2.3.4 One step backup and restore of System State . . . . . . . . . . . . . . 26 2.3.5 BACKUPREGISTRY option redundant . . . . . . . . . . . . . . . . . . . . 26 2.3.6 Restore without services active . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.4 What has been fixed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.4.1 APAR list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.5 Advantages of TSM versus Microsoft NTbackup. . . . . . . . . . . . . . . . . 28 2.5.1 Using NTbackup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 2.5.2 Using Tivoli Storage Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Chapter 3. Implementation planning . . . . . . 3.1 Tivoli Storage Manager Server code level 3.2 Server registration modes . . . . . . . . . . . . 3.3 Server storage . . . . . . . . . . . . . . . . . . . . . 3.3.1 Database size calculation . . . . . . . . . 3.3.2 Recovery Log size calculation . . . . . 3.3.3 Primary storage pool size calculation 3.4 Network bandwidth . . . . . . . . . . . . . . . . . . 3.5 Warnings about migration from a previous 3.6 Software requirements . . . . . . . . . . . . . . . 3.7 Hardware requirements . . . . . . . . . . . . . . 3.8 User permissions for Windows 2000. . . . . 3.9 System information. . . . . . . . . . . . . . . . . . ......... ......... ......... ......... ......... ......... ......... ......... client level ......... ......... ......... ......... .. .. .. .. .. .. .. .. .. .. .. .. .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. .. .. .. .. .. .. .. .. .. .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 . 31 . 32 . 32 . 33 . 35 . 36 . 36 . 37 . 38 . 38 . 39 . 39
iv
Deploying Tivoli Storage Manager for Windows 2000
Chapter 4. Installation and setup . . . . . . . . . . . . . . . . . . . . . . . 4.1 Include-exclude list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2 Tivoli Storage Manager 4.1.2 client install procedure . . . . . . . 4.2.1 Tivoli Storage Manager Client configuration wizards. . . . 4.3 ODBC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.4 Post install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5 Uninstalling the client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5.1 Remove services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5.2 Remove code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5.3 Remove temporary files . . . . . . . . . . . . . . . . . . . . . . . . . 4.5.4 Remove miscellaneous files . . . . . . . . . . . . . . . . . . . . . . 4.6 Tips and hints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.6.1 Installation using Terminal Server. . . . . . . . . . . . . . . . . . 4.6.2 Renaming the Tivoli Storage Manager client node name Chapter 5. Windows 2000 backup . . . . . . . . . . . . . . . 5.1 Philosophy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2 Permissions required . . . . . . . . . . . . . . . . . . . . . . . 5.2.1 Back up system objects . . . . . . . . . . . . . . . . . 5.2.2 Back up regular files . . . . . . . . . . . . . . . . . . . . 5.3 Scheduled backups . . . . . . . . . . . . . . . . . . . . . . . . 5.4 Client-controlled backups . . . . . . . . . . . . . . . . . . . . 5.4.1 GUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.4.2 Command line . . . . . . . . . . . . . . . . . . . . . . . . 5.4.3 Web client interface . . . . . . . . . . . . . . . . . . . . 5.5 Backing up Windows 2000 Professional . . . . . . . . . 5.6 Backing up system objects . . . . . . . . . . . . . . . . . . . 5.6.1 \ADSM.SYS contents . . . . . . . . . . . . . . . . . . . 5.6.2 Individual system object component backup . . 5.6.3 Creating inactive versions of System Objects . 5.7 Backing up DFS . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.7.1 DFSBACKUPMNTPNT YES . . . . . . . . . . . . . . 5.7.2 DFSBACKUPMNTPNT NO . . . . . . . . . . . . . . . 5.8 Tips and hints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.8.1 Backup frequency . . . . . . . . . . . . . . . . . . . . . . 5.8.2 Perform test restores . . . . . . . . . . . . . . . . . . . 5.8.3 Windows 2000 user profiles . . . . . . . . . . . . . . 5.8.4 Transaction limits . . . . . . . . . . . . . . . . . . . . . . 5.8.5 MSINFO command . . . . . . . . . . . . . . . . . . . . . 5.8.6 Tree view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 43 . 43 . 45 . 51 . 71 . 72 . 72 . 72 . 72 . 72 . 73 . 73 . 73 . 73 . 75 . 75 . 76 . 76 . 76 . 77 . 77 . 77 . 78 . 78 . 78 . 79 . 80 . 80 . 84 . 85 . 86 . 87 . 87 . 87 . 87 . 88 . 88 . 89 . 89
Chapter 6. Windows 2000 restores . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 6.1 Permissions to restore Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . . 91
6.2 Restoring a Windows 2000 system . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 6.2.1 Restore methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 6.2.2 The role of the System Object in the restore process . . . . . . . . . 93 6.2.3 Restoring a Windows 2000 Professional or member server . . . . 94 6.2.4 Restoring a Win 2000 domain controller (non-authoritatively) . . 102 6.3 Restoring Windows 2000 objects . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 6.3.1 Restoring components from the TSM System Object . . . . . . . . 111 6.3.2 Distributed File System (DFS) . . . . . . . . . . . . . . . . . . . . . . . . . 131 6.3.3 Disk quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 6.3.4 Sparse files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 6.3.5 Junction points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 6.3.6 Removable Storage Management (RSM) . . . . . . . . . . . . . . . . . 148 6.3.7 Other Windows 2000 databases . . . . . . . . . . . . . . . . . . . . . . . . 150 6.4 Restoring user profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 6.5 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 6.5.1 Restoring Windows 2000 Professional or member server . . . . . 154 6.5.2 Restoring a Domain Controller (non-authoritatively) . . . . . . . . . 155 Appendix A. Special notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 Appendix B. Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 B.1 IBM Redbooks publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 B.2 IBM Redbooks collections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 B.3 Tivoli publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 How to get IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 IBM Redbooks fax order form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 IBM Redbooks review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
vi
Figures
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. System State in NTbackup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 System Object in Tivoli Storage Manager Client . . . . . . . . . . . . . . . . . . . . . 6 Example of System Objects in the GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Example of a Query Systemobject command . . . . . . . . . . . . . . . . . . . . . . 21 Example of query inclexcl command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Example of show systemobject command. . . . . . . . . . . . . . . . . . . . . . . . . 24 Recommended include-exclude list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Select language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 InstallSheild starts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Choose destination folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Select type of install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Custom setup menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Ready to install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 InstallSheild complete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Start setup wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Choose type of install using the wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Create a new dsm.opt file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Enter node name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Choose communication method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Set TCP/IP parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Modify domain and include-exclude list . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Install a new Web client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Select options file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Set Web client parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Enter node name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Enter login account ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Web client is done . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Install a new client scheduler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Enter scheduler name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Choose scheduler options file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Set log file names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Enter node name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Select login account ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Scheduler options done . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Client scheduler installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Tivoli Storage Manager Client Service settings . . . . . . . . . . . . . . . . . . . . . 71 Example of System Objects in the GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 Example of a System Object Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Query filespace command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Example of a Query Systemobject command . . . . . . . . . . . . . . . . . . . . . . 82
vii
41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54. 55. 56. 57. 58. 59. 60. 61. 62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73. 74. 75. 76. 77. 78.
Example of Query Occupancy command . . . . . . . . . . . . . . . . . . . . . . . . . 82 GUI restore screen showing dates, times System Objects backed up . . . 83 a simple DFS configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 Example of Query systemobject command . . . . . . . . . . . . . . . . . . . . . . . . 94 Restore options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Successful Windows 2000 recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Restore options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 Successful Windows 2000 recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 System Object Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Example of authoritative restore command . . . . . . . . . . . . . . . . . . . . . . . 120 Restore System Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Example of a Complete Sysvol Directory Structure . . . . . . . . . . . . . . . . . 122 Example of Active Directory Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Example of authoritative restore command . . . . . . . . . . . . . . . . . . . . . . . 124 System Volume (sysvol) Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Group policy object GUID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 System Volume Policy Folder s Identified by GUID. . . . . . . . . . . . . . . . . 127 Registry staging area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Event Log Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 File level restore tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 DFS Link selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 Dialog box to specify objects destination . . . . . . . . . . . . . . . . . . . . . . . . . 136 File replace dialog box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Status report post restoration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Not available share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Not able to restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Selecting data to restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Nonexistent target directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Restoring links directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Restoring files from links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Nonexistent pointed directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Changing the IDLETIMEOUT parameter . . . . . . . . . . . . . . . . . . . . . . . . . 147 Selecting the RSM database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Reboot option after RSM restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Restoring a user profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 File replace dialog box for user profiles . . . . . . . . . . . . . . . . . . . . . . . . . . 153 File replace on reboot for user profiles . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Reboot message to apply changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
viii
Tables
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. Comparison of selected features in Windows 2000 implementations . . . . . 1 Tivoli Storage Manager client support for Windows 2000 . . . . . . . . . . . . . . 3 Windows 2000 event log file names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Server planning tasks checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Client planning task checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Typical disk space occupancy, Windows 2000 Systems (system data) . . 33 Sample client requirements worksheet . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Rules of thumb for selecting percentage of data changed. . . . . . . . . . . . . 35 Typical data compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Disk requirements for Tivoli Storage Manager Client . . . . . . . . . . . . . . . . 39 System Information sheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Tivoli Storage Manager services settings . . . . . . . . . . . . . . . . . . . . . . . . . 71 Windows 2000 Restore Process Summary . . . . . . . . . . . . . . . . . . . . . . . . 94 Windows 2000 Domain Controller FSMO Roles . . . . . . . . . . . . . . . . . . . 103 Domain Controller Restore Process Summary . . . . . . . . . . . . . . . . . . . . 104 Active Directory Restore Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Example scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 What is restored for each DFSBACKUPMNTPNT option . . . . . . . . . . . . 132
ix
Preface
This IBM Redbook will help you use the Tivoli Storage Manager (TSM) client at level 4.1.2 with Microsoft Windows 2000. It is intended as a supplement to other TSM redbooks and documentation. This book explains special considerations for using the TSM 4.1.2 client with Windows 2000. We cover implementation planning, installation, and setup, various backup considerations, and their associated restore methodologies. This book is not intended to be a Windows 2000 primer or to cover TSM server implementation. Readers are expected to be familiar with MS Windows 2000 administration concepts, functions, and features. Typically, they will be planning the deployment of Windows 2000, or will have already deployed it. We assume a basic understanding of TSM concepts and a good working knowledge of previous TSM clients (GUI and command line interfaces).
The team that wrote this Redbook

This Redbook was produced by a team of specialists from around the world working at the International Technical Support Organization San Jose Center. Pat Randall is a Distributed Storage Software Specialist with the IBM International Technical Support Organization, San Jose, California. He has written 11 Redbooks on ADSM and Tivoli Storage Manager, teaches IBM classes worldwide on all areas of distributed storage, and is a consultant in disaster and business recovery. Before joining the ITSO in July 1996, Pat worked in IBM UK's Business Recovery Services as a Solutions Architect. Javier Hernandez is a Project Leader in Mexico with BYGPROY Tecnica en Servicios S.A. de C.V, Veracruz, Ver. Mex. He has 3 years of experience in Netfinity Servers, Windows NT and Tivoli products. He holds a degree in Computer Sciences from the Instituto Tecnologico de Veracruz. His areas of expertise include Netfinity Server installation, performance and tuning, Windows environments, Tivoli IT Director, and Tivoli Storage Manager. Rod Macleod is a Senior System Programmer with TELUS Communications, Inc. in Edmonton, Alberta, Canada. He has 20 years of experience in the systems administration field and five years experience in ADSM/TSM. He holds a degree in Computational Science from the University of
xi
Saskatchewan. His areas of expertise include OS/390, storage management, and ADSM/TSM. He has co-authored one previous IBM Redbook. Andrew Pearce is a Systems Technologist at Computer Sciences Corporation in Wollongong, New South Wales, Australia. He has 7 years of experience in the distributed systems field, working with Windows NT based systems since 1994. He has spent the last year working on a Windows 2000 design project for one of Australias largest companies. His areas of expertise include storage management and data recovery. Thanks to the following people for their invaluable contributions to this project: Jim Smith Tivoli Systems Mike Dile Tivoli Systems Don Moxley Tivoli Systems
Comments welcome
Your comments are important to us! We want our Redbooks to be as helpful as possible. Please send us your comments about this or other Redbooks in one of the following ways: Fax the evaluation form found in IBM Redbooks review on page 171 to the fax number shown on the form. Use the online evaluation form found at ibm.com/redbooks Send your comments in an Internet note to redbook@us.ibm.com
xii
Chapter 1. Introducing TSM client support for Windows 2000

In this chapter we provide a brief overview for each of the Windows 2000 products. We introduce Windows 2000 features and enhancements and discuss their support by the Tivoli Storage Manager 4.1.2 client.
1.1 Types of Windows 2000 implementations

Windows 2000 is divided into four implementations: Professional Server Advanced Server Datacenter Server
As shown in Table 1, each implementation is aimed at a specific market and contains progressively more capability.
Table 1. Comparison of selected features in Windows 2000 implementations
Professional Maximum CPUs supported Maximum memory supported Services like Active Directory Clustering Network Load Balancing Winsock Direct 2
Server 4
Advanced Server 8
Datacenter Server 32
4 GB
4 GB
8 GB
64 GB
No
Yes
Yes
Yes
No No No
No No No
2-node cluster Yes No
4-node cluster Yes Yes
1.1.1 Windows 2000 Professional

Windows 2000 Professional is aimed at corporate desktops and business mobile computing (laptops and notebooks). It provides the functions required by desktop applications such as word processing and spreadsheets, and network connectivity to the Internet, an intranet, or to cross-platform applications. It provides a user interface similar to Windows 98 while improving the speed of the operating system over Windows NT.
1.1.2 Windows 2000 Server

Windows 2000 Server is Microsofts entry-level server operating system. It is targeted for file, print, intranet, and infrastructure servers. Windows 2000 Server can, but does not necessarily need to, run all of Microsofts server services and features such as the Active Directory, with the exception of the clustering services and features.
1.1.3 Windows 2000 Advanced Server

Windows 2000 Advanced Server is targeted to run e-commerce and line-of-business applications while providing enhanced reliability, availability, and scalability. It supports larger memory and more processors than Windows 2000 Server. Windows 2000 Advanced Server allows for clustered configurations and network load balancing of IP traffic.
1.1.4 Windows 2000 Datacenter Server

Windows 2000 Datacenter Server is Microsofts most powerful server operating system providing the highest levels of availability and scalability. Windows 2000 Datacenter Server is designed for applications like online transaction processing, data warehouses and server consolidation. It provides high speed SAN communications through the Winsock Direct facility. Windows 2000 Datacenter Server has a new Process Control tool to manage job objects of associated processes.
Note
We did not test Windows 2000 Datacenter Server and it is not covered in this redbook.
1.2 Introduction to TSM 4.1.2 support for Windows 2000

The following section introduces the Windows 2000 components that require special consideration when using the Tivoli Storage Manager 4.1.2 backup client. More detailed information about specific backup and restore issues is available in other sections of this book. Table 2 provides a summary of the Windows 2000 components that are supported by the Tivoli Storage Manager 4.1.2 client. An explanation about each component can be found following this table.
Table 2. Tivoli Storage Manager client support for Windows 2000
Windows 2000 component System State related System boot files Registry Event Logs COM+ database Performance counters Certificate Services database System Volume directory Active Directory
Explicit Support by v4.1.2 client
Comments
yes yes yes yes yes yes yes yes Non-authoritative restores only. Use NTDSUTIL for authoritative restores. Included in system files
File Replication service Cluster database Storage Related Disk Quotas Single Instance Store Removable Storage Management database Remote Storage Service database
yes yes
yes no yes yes
Windows 2000 component Distributed File System Indexing Service NTFS Related NTFS Reparse Points NTFS Directory Junctions NTFS Volume Mount Points NTFS Spare Files Terminal services db NTFS Change Journal
Explicit Support by v4.1.2 client yes no
Comments
yes yes yes yes No No Not required. Tivoli Storage Manager will back up changed data.
Encrypted File System Distributed link tracking and object IDs
yes yes
1.3 System State components

In this section, we introduce the Windows 2000 System State and follow this with a discussion about some of the issues that affect the way Tivoli Storage Manager is able to handle this important Windows 2000 feature. We also discuss the individual System State components.
1.3.1 Introduction
Windows 2000 has several key components (represented as files and databases) that are logically grouped together to ensure the operating system is backed up in a consistent state. Microsoft defines the collection of these components as the System State. Figure 1 illustrates the logical grouping of System State components in the Windows 2000 native backup application, NTbackup.
Figure 1. System State in NTbackup
Rather than using Microsofts logical place holder (the System State), the Tivoli Storage Manager client places individual components (such as Active Directory and the registry) in the Tivoli Storage Manager System Object. This is shown in Figure 2. Other Windows 2000 features that are not part of the Microsoft System State, such as the Removable Storage Management database, are also included as components of the Tivoli Storage Manager System Object.
Note
The Tivoli Storage Manager client does not use the concept of the System State. Windows 2000 components which Microsoft has placed in the System State, have been placed in the Tivoli Storage Manager clients System Object. It is very easy to become confused when the terms System State and System Object are used together. Therefore, System State will only be used when the discussion is aimed at areas not specific to the Tivoli Storage Manager client.
Figure 2. System Object in Tivoli Storage Manager Client
The TSM concept of System Object is meant to be a generic description of any set of related files on any operating system. For example, System Object might some day have a similar definition on a UNIX system. 1.3.1.1 Dependency issues The Tivoli Storage Manager client has the ability to process the System Object components either granularly (that is as isolated components) or as a single entity. Unfortunately, the granular functionality cannot be fully exploited in the current version of Windows 2000. This is because of dependencies that exist at the operating system level between key Windows 2000 components. Dependencies mainly exist between the distributed services running on Windows 2000 domain controllers making it inadvisable to backup or restore one item in isolation. Examples of this are: The Windows 2000 System Volume (SysVol) is a replicated data set containing policies and scripts used by Active Directory. If the SysVol and Active Directory are not synchronized, it is likely that one will contain cross references to data that does not exist in the other. The Active Directory publishes references to the Distributed File System (DFS). If the Active Directory is backed up without considering DFS, it is possible that a restored Active Directory could publish broken DFS links.
The Windows 2000 registry contains housekeeping information on the Active Directory such as when to perform database consistency checks or a re-index operation. Windows 2000 Professional and member server systems are also affected by dependency issues. The most vivid example of this is the relationship between the System Files and the Registry, with the latter making references to files contained in the System Files component. To ensure that the integrity of backups are maintained, the following rules should be adopted for all Windows 2000 systems: Always back up the entire System Object. This is of particular importance on systems running Active Directory. Do not create a backup policy which partially backups up the System Object and expect the data to be restored in a consistent manner. For example, adopting a policy of backing up the entire System Object each weekend and just the Active Directory nightly is not recommended. Do not restore an isolated component from the System Object unless you are certain that it does not depend on another. The Windows 2000 Event logs are an example of a System Object component that can be safely restored in isolation In order to meet the objectives required for a consistent Windows 2000 backup, the Tivoli Storage Manager Client will only perform a full backup of all components in the System Object. For example, when backing up the System Files component, all files that make up the System Files are backed up in every job. An incremental backup is not performed.
Note
To understand more about the dependencies that exist in Windows 2000, please refer to Microsofts documentation on backup and restore. Two suggested documents are: Windows 2000 Server Distributed Systems Guide (part of the Windows 2000 Server resource kit) Windows 2000 Server Disaster Recovery Guidelines whitepaper at:
http://www.microsoft.com/TechNet/win2000/recovery.asp
An incremental backup is not currently supported by the Microsoft API.
1.3.1.2 Remote backup and restore The backup of System State components must be processed locally by the Tivoli Storage Manager client. System State components cannot be backed up remotely using a mapped drive. 1.3.1.3 How System Object components are processed The Tivoli Storage Manager client must use three different methods when processing the System Object components. This is due to the way the Windows 2000 backup APIs allow each component to be accessed. All processing is done under-the-covers and does not require any intervention from the Tivoli Storage Manager administrator. Smaller system objects such as the registry, event logs and COM+ database are dumped to files in a staging folder called ADSM.SYS. From here, Tivoli Storage Manager backs up system object data as standard files. The process for restores is reversed. This behavior can be observed in the dsmsched.log file on the client. It is important that the staging file, ADSM.SYS, is not excluded from processing. The statement INCLUDE :\ADSM.SYS\...\* should be included as the last statement in the dsm.opt file. For the larger database components, for example, Active Directory and Certificate Services, Tivoli Storage Manager makes API calls to backup directly from the database and transaction log files. Components such as the Sysvol, FRS, system and boot files are enumerated from the operating system and backed up as regular files.
1.3.2 System boot files

For Windows NT 4.0 and earlier, the system and boot files were backed up as part of the file system just like data files. In Windows 2000, the system and boot files are backed up as a single entity. These files consist of: System partition boot files: boot.ini bootsect.dos ntdetect.com ntdlr ntbootdd.sys
The System File Protection service catalog file All files protected by System File Protection. These are files that have been installed from the Windows 2000 installation CD-ROM with extensions SYS, DLL, EXE, TTF, FON and OCX. For more information on
Windows 2000 System File Protection, see the Tivoli Storage Manager v3.73 and v4.1 Technical Guide, SG24-6110. Performance Counter Configuration files - \system32\perf?00?.dat - \system32\perf?00?.bak
1.3.3 Registry
The Windows 2000 Registry no longer allows individual Registry hives to be selected for backed up. Instead, a full backup of the Registry will always be performed. The Tivoli Storage Manager client uses information in the Registry to identify the nonvolatile Registry hives which are candidates for backup. Note that individual Registry hives can be activated using the REGREST utility which is provided in the Windows 2000 Resource Kit.
1.3.4 Event logs

Like the Registry, the Windows 2000 event logs can no longer be selected for individual backup. A full backup of all event logs is performed by Tivoli Storage Manager using information from the Registry to identify the logs that are to be backed up. All Windows 2000 systems have the same three event logs as Windows NT: Application log Security log System log For Windows 2000 domain controllers, at least two additional logs are created: Directory service log File replication service log These are used by the Active Directory and File Replication Services, respectively. Additional services, for example DNS Server, also have dedicated event logs. Windows 2000 stores active event logs in the folder %systemroot%\system32\config. Table 3 shows the file names of the core Windows 2000 event logs.
Table 3. Windows 2000 event log file names
Event log System Application Security Directory Services IExplorer DNS server File Replication
File name SysEvent.Evt AppEvent.Evt SecEvent.Evt NTDS.Evt IExplore.evt DNSEvent.evt NtFrs.Evt
1.3.5 COM+ Class DB

The Component Object Model (COM) is a binary standard for writing component software. It is designed to promote software interoperability in a distributed environment allowing two or more applications (or components) to easily cooperate with one another, even if they were written by different vendors. COM+ represents the next generation of COM, offering a Registry independent database for storing component registration. The Windows 2000 COM+ entity consists of two components: Component binaries (DLLs and EXEs) Component Services database Tivoli Storage Manager is able to backup and restore the COM+ components using two methods. The component binaries are backed up as a part of normal file enumeration. The COM+ database is backed up and restored as part of the System Object data.
1.3.6 Certificate Services DB

Windows 2000 ships with a certificate server service that can be configured to provide X.509 certificates for clients. The certificate database is the repository for that information. Tivoli Storage Manager is able to back up and restore the certificate database as part of the System Object data. Only a full backup or restore of the certificate server components is supported. The backup is comprised of the database, logs and associated files. Incremental backups are not supported.
10
1.3.7 Active Directory

Active Directory is the directory service for Windows 2000 Server. It stores information about objects on the network and makes this information easy for administrators and users to find and use. The Active Directory directory service uses a structured data store as the basis for a logical, hierarchical organization of directory information. Active Directory provides a single point of administration for all published resources, including files, peripheral devices, host connections, databases, Web access, users, and other arbitrary objects and services. It provides a single point for logging on to the network. The Active Directory takes the form of a database that can only reside on Windows 2000 domain controllers. The database file is called NTDS.DIT (default location is %SystemRoot%\NTDS) and is based on the Jet format (similar in many ways to the directory databases used in Microsoft Exchange). Tivoli Storage Manager performs a full backup of the Active Directory database and its associated transaction log files. After the database and logs are backed up, the logs are deleted. The Active Directory cannot be restored onto an alternative system. It must be restored to its original location.
1.3.8 System Volume (SYSVOL)

The Windows 2000 System Volume (SYSVOL) is a folder structure that exists on all Windows 2000 domain controllers. It stores files (for example, logon scripts) and some of the Group Policy objects for both the current domain as well as the enterprise. Because of its close relationship with the Active Directory, it is important that both components are kept synchronized whenever a backup or restore occurs. Tivoli Storage Manager backs up the SYSVOL by enumerating the contents of the replicated directories and then processes them for backup and restore as standard file data.
1.3.9 File Replication Service

Windows 2000 introduces full, two-way file replication for NTFS, replacing the WIndows NT File Replication Service. File replication provides a mechanism for duplicating any file system object and/or directory attribute to another server.
11
The replication service stores data in both the directory services database and a local Jet database. The backup and restore of replicated data is controlled by the Windows 2000 File Replication Service (FRS). FRS is employed by Active Directory and Distributed File System (DFS) to replicate critical files for performance and availability. Tivoli Storage Manager provides backup and restore of data under the control of FRS. Tivoli Storage Manager obtains a list of directories from the FRS that are replicated, and then backs up all files and directories under this list of directories. FRS files are grouped as a System Object component and there is no file level granularity available for backup or restore; only the FRS System Object component can be restored.
1.3.10 Cluster DB
The cluster database component will only be present in the System Object if the server is running as a cluster node. The cluster database contains information about all physical and logical elements in a cluster. Tivoli Storage Manager backs up this information using standard interfaces designed to ensure restore consistency.
1.4 File System (NTFS) components

NTFS is a file system specially designed for Windows NT and Windows 2000. NTFS manages databases, transaction processing, and objects to provide data security, reliability and other features. It supports various features for the POSIX subsystem and object-oriented applications by treating all files as objects with user-defined and system-defined attributes. Windows 2000 comes with an enhanced version of NTFS. This newest version of NTFS provides greater performance, reliability, and functionality. Also, some new features such as Active Directory directory service and the storage features based on Reparse Points are only available on volumes formatted with this new NTFS. The new NTFS includes security features required for file servers and personal computers in a corporate environment, data access control and ownership privileges important for data integrity. This new version of NTFS, commonly called NTFS 5, is supported by Tivoli Storage Manager Client.
12
1.4.1 Encrypted File System (EFS)

File and directory-level encryption is included in the version of NTFS for Windows 2000 to provide enhanced security in NTFS volumes. Encrypted File System (EFS) provides security even when the storage media is removed from a system running Windows 2000. EFS uses Symmetric Key encryption and Public Key technology to provide confidentiality for files and directories. It runs as an integrated system service, which makes EFS difficult to attack, and is transparent to the user and to applications. Tivoli Storage Manager Client supports EFS. In backups and restores, the data remains in its own encrypted and secure format. Tivoli Storage Manager does not decrypt data so it can only be restored in NTFS 5 partitions.
1.4.2 Reparse Points

Reparse Points are new file system objects in the version of NTFS included with Windows 2000, They carry a specialized attribute containing user-defined data and are used to extend functionality in the input/output (I/O) subsystem. One Reparse Point is allowed per file or directory. Remote Storage and NTFS Directory Junction Points are based on Reparse Points. With Volume Mount Points and Directory Junction Points the drive letter limit is exceeded. Storage management applications need to be able to deal with this as user defined properties for these files would otherwise be missed. Tivoli Storage Manager Client supports Reparse Points. Depending on the type of Reparse point found, the metadata representing the point, or the data pointed to by the point, is backed up.
1.4.3 Multiple Named Data Streams

The new NTFS supports Multiple Named Data Streams (sequences of bits, bytes, or other small structurally uniform units), where the Stream name identifies a new data attribute on the file. A Data Stream is a unique set of file attributes. Streams have separate opportunistic locks, file locks, and sizes, but common permissions.This feature enable you to manage data as a single unit. It is expected that applications will properly manage Data Streams attached to files and directories. This means that basic functions applied to these objects (such as copy, move or delete) are extended to the attached subfiles or Named Data Streams.
13
Tivoli Storage Manager Client supports Multiple Named Data Streams backed up or restored on NTFS 5 partitions. Files are restored normally within Named Data Streams but Data Streams attached to directories always overwrite the existing streams independently of the Client configuration. When these objects are restored to other type of partitions (NTFS4, FAT, FAT32) the Named Data Streams are not restored. Sparse Named Data Streams are not supported.
1.4.4 The Change Journal

The Change Journal is a new feature in Windows 2000 that logs changes to NTFS volumes, including additions, deletions, and modifications. The Change Journal is on the volume as a sparse file. The Change Journal may be a redundant feature for applications that support incremental backup. In fact, for those applications, backing up the journal could be space wasted. Tivoli Storage Manager Client does not support the Change Journal.
1.4.5 Sparse file support

A sparse file is managed in a way that requires less disk space than would otherwise be need by allocating only meaningful or non-zero data. Sparse support allows applications to create very large files without wasting disk space for every byte. Sparse files stored in Windows 2000 systems have a special attribute that must be considered by storage management applications. Depending on the option selected, the Tivoli Storage Manager Client sees the sparse file as a normal file with the sparse information included, or as a truly sparse file with the additional attribute. The file can be backed up or restored correctly in NTFS 5 or non NTFS partitions. You can use TSM file compression to compress out the sparseness of files. We cover this in section 6.3.4, Sparse files on page 146.
1.4.6 Distributed Link Tracking

Windows 2000 provides a Distributed Link-Tracking service that enables applications to track link source objects that have been moved locally or within a domain. Applications subscribed to this Link-Tracking service can maintain the integrity of their references because the referenced objects can be moved transparently. Link tracking stores a file's object identifier as part of its tracking information.
14
Link Tracking and Object IDs are stored as part of the Registry information. This must be considered when applications are restored to ensure reliability. Tivoli Storage Manager Client supports this feature as an addition to Registry backup and System files.
1.4.7 Directory Junctions

An NTFS Directory Junction is an NTFS directory with a special type of Reparse point associated with it. An NTFS Directory Junction can be mapped to any local or remote target directory. Tivoli Storage Manager Client treats each Directory Junction as a separate file space and supports this feature in NTFS 5 formatted volumes.
1.4.8 Volume Mount Points

This new Windows 2000 feature represents storage volumes in a persistent and robust manner allowing many disk volumes to be linked together in a tree structure such as a DFS. You can only use a single drive letter pointing to the root volume. This overcomes the 26 drive letter limit existing in previous Windows versions. Frequently a volume point is placed in an empty directory, in this case the directory name is used instead of the drive letter. Volume points need NTFS 5 partitions because they are based on Reparse Points. The Tivoli Storage Manager Client handles volume points in a similar way to Directory Junctions by treating each volume point as a separate file space.
1.5 Storage components

Many changes have been made to the storage feature set in Windows 2000 in order to support growing storage requirements in large environments, greater scalability requirements and support for emerging technology in the storage market. To satisfy these needs, Windows 2000 includes an improved NTFS file system and a list of new storage features and applications.
1.5.1 Disk Quotas

Windows 2000 supports disk quotas for volumes formatted as NTFS. You can use disk quotas to monitor and limit disk-space use on a per-user or per-volume basis. Disk quotas are stored in user profiles. There are two scenarios that apply when a disk quota is exceeded: 1. The restore is being made by a user.
15
2. The restore is being made by an administrator but the data belongs to a normal user. In the first case the user can only restore as many files as its quota allows. When the limit is reached a full disk message appears. In the second case the ownership of files restored by an administrator reverts to the administrator if the file owners quota is exceeded.
1.5.2 Distributed File System (DFS)

The Microsoft Distributed File System is an integrated service in the Active Directory that provides mapping, naming and hierarchical organization to shared physical storage distributed along the Network. The DFS makes it easier to administer shares and provides ways to balance access to resources using file and share replication. The Distributed File System is a server core component and it is expected that storage applications include options to save either the metadata that defines the tree structure and data which this structure points to. Tivoli Storage Manager Client is able to backup and restore depending your selections, the metadata that define the DFS volume (junction points) or the data it points to (root directory and data in remote shares).
1.5.3 Single Instance Store

Windows 2000 systems can use this new service as an alternative to avoid some applications such as Remote Install Service having to install many different files with the same content. This service implements links with the semantics of copies for files installed in Windows 2000 NTFS partitions. The SIS service detects duplicated files and reports them for conversion into links. There is no explicit support of this in TSM.
1.5.4 Removable Storage Manager

This is another new core feature in Windows 2000 Server to manage removable storage media devices such as tapes, optical disks and libraries (excepting floppies and other small storage devices). Removable Storage Manager provides a set of Application Programming Interfaces (APIs) that allow applications to catalog removable media organized in storage pools which can control their access and share them between applications.
16
The Removable Storage Management service uses a database which stores the devices configurations in an NTFS format. The Tivoli Storage Manager Client uses API calls to backup and restore the files comprising this database.
1.5.5 Remote Storage Service

Windows 2000 also includes a hierarchical storage management application (not installed by default) that is able to migrate files from primary storage to secondary storage depending on migration policies. This can optimize disk space and cost of storage. Remote Storage Service (RSS) uses a Jet database stored in the system volume and the Microsoft Tape Format (MTF) to store information in the secondary storage. There are two common strategies to backup the RSS information: 1. The application can make a full backup of the database and the Reparse Points included in it without backup of the Primary Data Streams, so the Primary Data Streams depend on recovery from the RSS media. 2. The application can make a full backup of the database and the Reparse Points included in it and all migrated Primary Data Streams. Tivoli Storage Manager Client uses the first approach, so it is capable of backup and restore of the RSS Database. It does not backup data managed by Microsoft Remote Storage.
1.5.6 Indexing service

The Indexing service included in Windows 2000 (not NTFS 5 exclusive) improves the user search capabilities analyzing many files in a few seconds. It uses sparse files to store index data, the change log to update the index and keeps track of information location still managed by the hierarchical storage application that comes with Windows 2000. The index service can adversely impact the performance of the restore of a large number of small files. Improved performance can be achieved by disabling the indexing service during a large restore.
17
18
Chapter 2. Introducing Tivoli Storage Manager 4.1.2 client

This chapter introduces the Tivoli Storage Manager 4.1.2 client. Some background information is presented about what Microsoft has done in the area of backups, and how Tivoli Storage Manager has adapted to these initiatives. New features and functions introduced by this level of Tivoli Storage Manager client is covered. It compares the Tivoli Storage Manager tool to the Microsoft-supplied tool, NTbackup.
2.1 Background
Tivoli Storage Managers direction for backing up Windows 2000 is partly determined by features and functions introduced in Windows 2000 by Microsoft. As new features such as Active Directory are introduced, Tivoli Storage Manager must develop a process to back up and restore these features. Also, in many cases, Tivoli Storage Manager uses interfaces published by Microsoft to access these features. This frees Tivoli Storage Manager from having to create their own interfaces and, at the same time, limits Tivoli Storage Manager to following requirements set by Microsoft. In some cases, these Microsoft features or interfaces may not yet be completely developed, completely implemented, or completely standardized by Microsoft. In this case, Tivoli has the unenviable task of developing Tivoli Storage Manager code and processes to handle what is stable and developing a work-around for what is not. Sometimes the result is less than elegant. An example of this lack of clear direction is the different facilities Microsoft provides to back up the various objects that make up the System Object. Some components, primarily databases, can be backed up directly using Microsoft APIs, but even here, the interfaces are not standard. For other components, such as the Registry, Tivoli Storage Manager must internally call Microsoft tools to export the Registry to a staging directory and back it up from there.
2.2 New features

The Tivoli Storage Manager 4.1.2. client was created (in part) to support functions introduced with Windows 2000. The features dealing with System Objects require connection to a Tivoli Storage Manager 3.7.3 server or newer.
19
2.2.1 System Objects

Tivoli Storage Manager now displays all the System Objects in the graphical user interface (GUI). An individual object can be selected for backup or restore. See Figure 3 for an example of the System Objects in the GUI. System Objects include: Registry COM+ database Event logs System and boot files System volume (SYSVOL) Removable Storage Management database Active Directory Certificate server database Cluster database Replicated file systems
Figure 3. Example of System Objects in the GUI
20
2.2.2 SYSTEMOBJECT domain

The SYSTEMOBJECTkeyword is now a valid domain statement that specifies the complete System Object. It is automatically included in the ALL-LOCAL domain.
2.2.3 System Objects managed as a group

The System Object support uses the logical file grouping support in Tivoli Storage Manager 3.7.3 servers and newer. This support allows all of the objects in the System Object to be managed as a group.
2.2.4 New commands

2.2.4.1 BACKUP SYSTEMOBJECTS This backup archive command line interface command backs up all valid System Objects in Windows 2000 and the event logs and the Registry in Windows NT. 2.2.4.2 QUERY of System Objects A number of new commands are introduced in 4.1.2 to provide information about the System Objects. The QUERY SYSTEMOBJECT command summarizes the information for each backed up System Object. Individual query commands display the same information but only for the individual object. Figure 4 displays an example of the information that is presented.
tsm> query systemobject Size Backup Date -------------17,661 12/07/2000 10:55:37 135,258 12/07/2000 10:55:56 231,108,288 12/07/2000 10:55:29 18,093 12/07/2000 10:55:50 48,267,344 12/07/2000 10:55:54 10,006,668 12/07/2000 10:55:38 117,074 12/07/2000 10:55:38
Mgmt Class ---------DEFAULT DEFAULT DEFAULT DEFAULT DEFAULT DEFAULT DEFAULT
A/I --A A A A A A A
File ---SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM
OBJECT\GOLD\COMPDB OBJECT\GOLD\EVENTLOG OBJECT\GOLD\SYSFILES OBJECT\GOLD\SYSVOL OBJECT\GOLD\NTDS OBJECT\GOLD\REGISTRY OBJECT\GOLD\RSMtsm>
Figure 4. Example of a Query Systemobject command
21
The new commands are: QUERY QUERY QUERY QUERY QUERY QUERY QUERY QUERY QUERY QUERY QUERY SYSTEMOBJECT ACTIVEDIRECTORY CERTSERVDB CLUSTERDB COMPLUSDB EVENTLOG FRS REGISTRY RSM SYSFILES SYSVOL
2.2.4.3 RESTORE SYSTEMOBJECT This command restores all active Windows 2000 System Objects stored on the server. 2.2.4.4 QUERY INCLEXCL This command displays the include-exclude list in the order it will be processed. It displays the type of option (include, exclude, exlude.dir, and so on), the scope of the option (archive, all, and so on), and from where the option originated (dsm.opt, and so on). See Figure 5 for an example of the command output.
22
Tivoli Storage Manager Command Line Backup Client Interface - Version 4, Release 1, Level 2.0 (C) Copyright IBM Corporation, 1990, 2000, All Rights Reserved. tsm> query inclexcl Node Name: AAXABK Session established with server BRAZIL: AIX-RS/6000 Server Version 4, Release 1, Level 1.0 Server date/time: 12/05/2000 11:34:24 Last access: 12/05/2000 09:56:17 *** FILE INCLUDE/EXCLUDE *** Mode Function Pattern (match from top down) Source File ---- --------- ------------------------------ ----------------Excl Directory #\RECYCLER dsm.opt Excl Directory #\RECYCLED dsm.opt Excl Directory #\...\TEMPORARY INTERNET FILES dsm.opt Excl Directory #\SYSTEM VOLUME INFORMATION dsm.opt Excl Directory #\...\NTDS dsm.opt Excl Directory #\...\NTFRS\JET dsm.opt Incl All #\ADSM.SYS\...\* dsm.opt Excl All #\...\SYSTEM32\CONFIG\...\* dsm.opt Excl All #\...\PAGEFILE.SYS dsm.opt Excl All #\...\EA DATA. SF dsm.opt Excl All #\WINNT\DEBUG\*.* dsm.opt Excl All #\DOCUME~1\ADMINI~1.PAC\LOCALS~1\TEMP\...\* dsm.opt Excl All #\WINNT\SCHEDLGU.TXT dsm.opt Excl All #\HIBERFIL.SYS dsm.opt Excl All #\WINNT\NETLOGON.CHG dsm.opt Excl All #\WINNT\SYSTEM32\DTCLOG\MSDTC.LOG dsm.opt Excl All #\DOCUMENTS\...\INDEX.DAT dsm.opt Excl All #\WINNT\REGISTRATION\*.CLB\...\*.CRMLOG dsm.opt Excl All #\WINNT\CSC\...\* dsm.opt No encryption include/exclude statements defined. tsm> Figure 5. Example of query inclexcl command
2.2.4.5 Undocumented Show SYSTEMOBJECT command An undocumented command is available in the 4.1.2 version of the Backup Archive Client command line interface. It appears to display whether a System Object has ever been backed up in the life of this client node. Note that the return codes listed can be used by TSM technical support to help diagnose System Object backup and recovery problems. The syntax of the command is Show Systemobject. An example of the command and its output is shown in Figure 6.
23
Tivoli Storage Manager Command Line Backup Client Interface - Version 4, Release 1, Level 2.0 y (C) Copyright IBM Corporation, 1990, 2000, All Rights Reserved. tsm> show systemobject Node Name: SILVER Session established with server BRAZIL: AIX-RS/6000 Server Version 4, Release 1, Level 1.0 Server date/time: 11/22/2000 13:51:26 Last access: 11/22/2000 13:42:07 stat ---OK n/a OK n/a n/a OK n/a n/a OK OK tsm> rc ---0000 4312 0000 4312 4312 0000 4312 4312 0000 0000 system object ------------COM+ Database Certificate Server Database Event Log File Replication Service MSCS Database System and Boot Files System Volume Windows NT Directory Services Registry RSM Database
Figure 6. Example of show systemobject command
2.2.5 Support for mobile computer users enhanced

Adaptive subfile backup and data encryption is added to the client when connected to a Tivoli Storage Manager 4.1 server.
2.2.6 ODBC driver not included

The ODBC drivers have been split into a separate install package that is available on the Tivoli FTP Web site at:
http://www.tivoli.com/support/storage_mgr/clients.html#intel
2.2.7 InstallShield for Windows Installer used

Tivoli Storage Manager now exploits the Microsoft Software Installer interfaces introduced with Windows 2000. See 4.2, Tivoli Storage Manager 4.1.2 client install procedure on page 45 and the README.TXT for installation information.
2.2.8 Registry backup now processes all hives

Tivoli Storage Manager 4.1.2 now uses the values of the Registry key HKLMSYSTEM\CurrentControlSet\Control\hivelist to determine which hives need to be included in the backup of the Registry.
24
2.2.9 Event log backup now processes all logs

Tivoli Storage Manager 4.1.2 now uses the values of the Registry key HKLM\SYSTEM\CurrentControlSet\Services\Eventlog to determine which logs need to be included in a backup of the logs.
2.2.10 Restore to same location only

Tivoli Storage Manager 4.1.2 cannot restore System Objects to locations other than their original locations.
2.2.11 Management class

Tivoli Storage Manager assigns the default management class to System Objects during backup. There is no way to change this management class.
2.3 What has changed

This section provides details about what has changed in the new Tivoli Storage Manager 4.1.2 client.
2.3.1 System Objects require new backup

Because of the way System Objects are now being stored, a backup must be performed from a Tivoli Storage Manager 4.1.2 client prior to attempting to restore System Objects using the Tivoli Storage Manager 4.1.2 client.
2.3.2 Changed commands

A number of command options have changed in the Backup Archive client command line interface to support the System Objects when running on a Windows 2000 platform. In general, they remove the options to back up or restore individual components inside a System Object such as the Security Event log. The changed commands are: BACKUP EVENTLOG BACKUP REGISTRY RESTORE EVENTLOG RESTORE REGISTRY
2.3.3 Local backup only

Tivoli Storage Manager can only back up and restore the System State or a System Object on a local computer, not a remote computer. You can use the Web client to restore system objects.
25
2.3.4 One step backup and restore of System State

The System Object is held in the SYSTEMOBJECT domain. This domain is part of the ALL-LOCAL domain. Thus, the default for an incremental backup includes the System State.
2.3.5 BACKUPREGISTRY option redundant

The Tivoli Storage Manager client option BACKUPREGISTRY is now redundant as the Windows 2000 Registry is included in the System Objects. The System Objects make up the domain SYSTEMOBJECT which is included automatically in the ALL_LOCAL domain. If the SYSTEMOBJECT domain is not specified in the dsm.opt file for a Windows 2000 system, Tivoli Storage Manager will honor the setting specified in the BACKUPREGISTRY option.
2.3.6 Restore without services active

Tivoli Storage Manager now restores the System State without the necessary subcomponents having to be available. For example, Active Directory can be restored to a vanilla system that does not already have Active Directory available.
2.4 What has been fixed

The Client Acceptor service can now be set to start automatically.
2.4.1 APAR list

The PTFs for the following APARs have been incorporated into PTF IP22151 Version 4, Release 1, Level 2.0. IC26935 - Tivoli Storage Manager cannot restore the Windows 2000 System State in Directory Services Restore Mode. IC27670 - Win32 GUI backup of SYSTEMOBJECT and local filespace fails with AN ERROR OCCURRED SAVING THE REGISTRY KEY. IC25968 - Incorrect trace file appends with tracemax option used. IC26227 - Tivoli Storage Manager/NT client scheduler service brings up Dr.Watson (core dump) if client node is not registered on the Tivoli Storage Manager server. IC26645 - CLC admin client command, HELP LABEL LIBV, does not work correctly in a Japanese language environment. IC26855 - Registry backup on Windows 95 or 98 fails with message ANS4036E.
26
IC26949 - Message ANS1155E issued even if client is correctly configured for cluster support. IC26973 - When a file is skipped because it is changed, the Event Log entry only says Changed. It needs to be more descriptive. IC27088 - Client fails to observe exclude option if the option is specified in both dsm.opt and client options set. IC27199 - Tivoli Storage Manager admin command line NLS client is not processing DO YOU WISH TO PROCEED Y/N response as expected. IC27203 - Setup wizard for BA client not updating domain, ALL-LOCAL and selected filespaces should be exclusive options. IC27260 - When backing up file system that contains corrupted directories the client terminates processing without appropriate message. IC27264 - Windows client wizard 3.7.2.01 configures an invalid path for the client scheduler service. IC27315 - Tivoli Storage Manager client classic restore stops after 21 failures when data is unavailable on the server (ANS1314E). IC27371 - Root object / not rebound after deletion of management class. IC27382 - The httpport Registry setting is ignored by the Web client. IC27409 - Schedule reports Scheduled event completed successfully in spite of errors during backup. IC27528 - If a directory is removed after the archival of the higher level directory, the archive operation terminates with ANS4006E. IC27728 - DSMC RESTORE SYSFILES does not restore all system files if the backup was done with COMPRESSION=YES & COMPRESSALWAYS=NO. IC27750 - Unnecessary and misleading error messages are being written to the dsmerror.log file. IC27695 - API clients core dump if DIRMC is in dsm.sys file. IC27852 - Windows does not parse the DOMAIN statement correctly, when combining ALL-LOCAL with a drive. IC27992 - Trace flag AUDIT crashes Tivoli Storage Manager Web GUI and OS when prompted for offline media mount and choosing WAIT FOR VOLUME TO BE MOUNTED IC28337 - Too long command line arguments make Tivoli Storage Manager client crash.
27
IC28340 - CLC 'Successful deletion' message not received when deleting an archived file. IC28454 - ENCRYPTKEY option in GUI displays SAVE ENCRYPTION KEY PASSWORD LOCALLY even if Encryptkey prompt is specified in DSM.OPT IC28468 - Using ODBC in MS ACCESS to link a Tivoli Storage Manager table containing > 100 entries fails with error 3146. IC28492 - Client fails to send events to server. IC28544 - Automatically adjust clock for daylight savings changes causes incremental to do full backup. IC28545 - ANS5016E Not enough memory for restore operation. IC28565 - Wrong statistics at end of DSMC ARCHIVE. IC28568 - APAR IC25107 Win32 RC = 193 Error not resolved if file c:\program exists and DSMCUTIL install uses C:\Program Files.
2.5 Advantages of TSM versus Microsoft NTbackup

In this section, we contrast some of the functions of Tivoli Storage Manager with NTbackup.
2.5.1 Using NTbackup

NTbackup is the tool supplied by Microsoft to perform backups of Windows 2000 systems. While it does back up and restore data and System Objects (among other functions), it does have some limitations. 2.5.1.1 Local backup NTBackup is limited to writing to locally attached devices. This reduces backup and restore flexibility by requiring hardware to be directly attached to the machine being backed up. 2.5.1.2 Policy management NTbackup has no policy management for maintaining and expiring data. These functions have to be managed manually outside of NTbackup by the administrator.
2.5.2 Using Tivoli Storage Manager

Tivoli Storage Manager performs backups of Windows 2000 including the System State and all the System Objects.
28
2.5.2.1 Network backup Tivoli Storage Manager can back up over a network connection, allowing for centralized control and centralized data storage. 2.5.2.2 Policy management Tivoli Storage Manager has powerful policy management functions that allow for numerous different retention and expiration dates for different types of data.
29
30
Chapter 3. Implementation planning

This chapter provides the recommended steps to plan a Tivoli Storage Manager Client implementation. The planning tasks shown in the checklist tables must be completed and performed sequentially. Each task has a reference to another section in this chapter. The list of tasks in Table 4 should be done on the Server node. The list of tasks in Table 5 should be done on the Client Node.
Table 4. Server planning tasks checklist
Task Check Tivoli Storage Manager Server code level Verify server registration modes Update your server storage Calculate network bandwidth
Table 5. Client planning task checklist
Section 3.1 3.2 3.3 3.4
Task Check warnings to migration Verify software requirements Verify hardware requirements Get user rights for Windows 2000 Obtain system information
Section 3.5 3.6 3.7 3.8 3.9
3.1 Tivoli Storage Manager Server code level

Tivoli Storage Manager Server should have Version 3.7.3 or higher installed to perform administrative, backup, restore, archive, and retrieve functions from 4.1.2 Clients.
Note:
Data that has been backed up from a Tivoli Storage Manager 4.1 Client or higher cannot be restored to a Tivoli Storage Manager 3.7 or lower.
31
3.2 Server registration modes

Tivoli Storage Manager Server has a Registration setting for Client nodes and it is necessary to perform different tasks depending on this setting value: If the Registration option is Closed, the following tasks should be accomplished prior to the Client installation: - An administrator (System or Policy domain privilege) should define the following on the Server: Node name Initial password (optional) Policy domain Compress setting Delete setting for backups and archives If the Registration option is Open (default) the following tasks should be accomplished during the Client Installation: - The Client should give only the Contact Information, but if the Authentication setting is On (default is Off) a user-defined password will also be required. Automatically, the following is defined during installation: Node name (same as machine name) Password (Only if the Authentication setting on the Server is On) Policy domain as STANDARD with STANDARD Policy set and management class Compress setting off (the user can change this option by modifying the dsm.opt file) Delete setting On for archive and Off for backup versions of files Administrative user with Client Owner Privilege is defined
3.3 Server storage

Independently of the backup strategy (which should already be defined in Tivoli Storage Manager Server) some guidelines must be considered to modify the strategy (if it applies) and resize your Database, Recovery Log and Storage pools: The age of an Active Directory backup should not exceed the Active Directory Tombstone Lifetime (this is the time period that deleted objects
32
remain in the Active Directory before the system permanently removes them; the default is 60 days). If you try to restore Active Directory data older than the Tombstone date, the restore APIs will reject data as out of date. Backups must be done frequently. To estimate the Database, Recovery Log and storage pools size needed to store information about Windows 2000 systems, the following information in Table 6 could be useful:
Table 6. Typical disk space occupancy, Windows 2000 Systems (system data)
Windows 2000 Professional 650 MB
Windows 2000 Server 1 GB
Windows 2000 Advanced Server 1 GB
Note
Additional space can be occupied by user data and applications.
In the following sections we provide some guidelines to size disk storage volumes to allow you set up or modify your Tivoli Storage Manager Server environment to support the Windows 2000 clients. If additional planing information is needed, it is recommended that you review Getting Started with Tivoli Storage Manager: Implementation Guide, SG24-5416.
3.3.1 Database size calculation

First, it is recommended that you complete the fields in the worksheet as shown in Table 7 with at least the information shown here (additional information could be added).
Table 7. Sample client requirements worksheet
Client 1 Client name Contact information Operating systems Number of files backed up Number of backed up GB John Mack Servers Group Windows 2000 Professional 1000 2
Client 2 Alice Reynolds Desktops Group Windows 2000 Server 2000 2
Client 3 Sarah Smith Mobiles Group Windows 2000 Adv. Server Not Available 3
33
Client 1 Number of backup versions to keep GB changed per backup Data compression Backup window (hrs.) 2 0.02 0.66 4
Client 2 2 0.01 0.5 5
Client 3 3 0.3 0 6
To estimate new and additional space to your current database, follow these steps: 1. Add the Number of backed up files for all clients with the same Number of Versions to keep. 2. Multiply this number by Number of Versions to keep to obtain the total files to be stored. 3. Multiply this number by 600 bytes to obtain the total bytes needed in the database to store information about files to be stored. 4. Add the Number of GB backed up for all clients with the same Number of versions to keep and multiply this number by Number of versions to keep and by 5% to obtain the total bytes needed in the database to store information about files to be stored. 5. Add the results obtained from steps 3 and 4 to obtain the total bytes needed in the database for backup files. 6. If you use a copy storage pool, multiply the results of step 2 by 200 to obtain the total bytes needed in the database to store storage pool file information. 7. If you use a copy storage pool, multiply the sum of Number of GB backed up for all clients with the same Number of versions to keep and multiply this number by Number of versions to keep and by 1% to obtain the total bytes needed in the database to store storage pool file information. 8. Add the results obtained from steps 6 and 7 to obtain the total bytes needed in the database for copy storage pool files. 9. Add the results in steps 5 and 8 to obtain the total bytes needed in the database. 10.Multiply the results obtained in step 9 by 135% to provide some tolerance to your estimation.
34
For example, using the information provided in Table 7 on page 33, the formula for calculating the sample database size is as follows: 1. 1,000 + 2,000 = 3,000 files 2. 3,000 * 2 = 6,000 files 3. 6,000 * 600 = 3,600,000 bytes 4. 4,000,000 * 3 * 0.05 = 600,000 bytes 5. 3,600,000 + 600,000 = 4,200,000 bytes 6. 6,000 * 200 = 1,200,000 bytes 7. 4,000,000 * 0.01 = 406,000 bytes 8. 1,200,000 + 406,000 = 1,606,000 bytes 9. 4,200,000 + 1,606,000 bytes = 5,806,000 bytes 10.5,806,000 * 1.35 = 7,838,100 bytes new/additional database size for backup files.
3.3.2 Recovery Log size calculation

To estimate the Recovery Log size, the database size should be multiplied by the percentage of data changes for each backup cycle. Table 8 shows typical file change rates:
Table 8. Rules of thumb for selecting percentage of data changed
Configuration Large file server, very busy Small file server, not very busy Workstation Database server using Tivoli Data Protection Agent Database server not using Tivoli Data Protection Agent
Percentage of data changed (%) 10 5 1 10-20 100
It is suggested that you double the results to allow two backup cycles to occur without a database backup. For example, taking into account the database size obtained in the previous example and supposing a small file server, the estimated Recovery Log size would be: 7,838,100 bytes * 0.05 * 2 = 783,810 bytes.
35
3.3.3 Primary storage pool size calculation

It is recommended that you use a primary storage pool as large as the total amount of data backed up in an entire cycle. To estimate this pool size, perform the following steps: 1. Using Table 7 on page 33, multiply the GB changed per backup by (one minus the data reduction rate obtained from Table 8) to obtain the total bytes transferred for each client. Table 9 shows the typical data compression rates.
Table 9. Typical data compression
Compression rate Database data Print and file server data Executables, compressed data, encrypted data 3:1 - 4:1 2:1 1:1
Data reduction 0.66 - 0.75 0.5 0
2. Add the total bytes transferred for all clients to obtain the total bytes transferred per backup cycle. 3. Add 15 percent to the results obtained in the previous step to provide tolerance. For example, using the previous example we have: 1. 0.02 x (1- 0.66), 0.01 x (1 - 0.5), 0.3 x (1 - 0) 2. 0.0068 + 0.0050 + 0.3 = 0.3118 3. 0.3118 * 1.15 = 0.35857 GB Primary Storage Pool size
3.4 Network bandwidth

The network speed to back up clients should be enough to transport common data and backup data. Generally, the backup should be done during nonworking hours. We call this period the backup window. While it is possible to split client backups to minimize network bandwidth, it makes the backup administration more difficult. A normal approach to estimate the network bandwidth needed is to consider all client information backed up in the same backup window using the following procedure: 1. Using the Table 7 on page 33, multiply the GB changed per backup by (one minus the Data reduction rate from Table 8) to obtain the total bytes transferred for each client.
36
2. Add the total bytes transferred for all clients to obtain the total bytes transferred per backup cycle. 3. Divide the total by the number of hours in your backup window. Using the information provided in Table 7 on page 33, we have: 1. 0.02 x (1- 0.66), 0.01 x (1 - 0.5), 0.3 x (1 - 0) 2. 0.0068 + 0.0050 + 0.3 = 0.3118 3. 0.3118 / 3 (minimum backup window) = 0.104 GB/hr. = 0.237 Mb/sec. The obtained bandwidth should be considered as additional to the normal network load during the backup window. Although NetBIOS and TCP/IP are supported protocols for client/server Tivoli Storage Manager communications, we recommend that you use TCP/IP because it is the easiest to set up from a Tivoli Storage Manager perspective. Also, some functions like Web communications require this protocol. Tivoli Storage Manager communication also requires machine names. If you are using NetBIOS, there is no additional set up needed. Using TCP/IP, you need to configure the Name Service Resolution of your choice (Host file for each client, WINS Server or DNS Server). DNS is the preferred option for Windows 2000 environments.
3.5 Warnings about migration from a previous client level

Following are some items to consider when performing a migration from a previous client level. 1. If previous Tivoli Storage Manager client installations exist, Tivoli advises you to reinstall into the same directory. This will install the new Tivoli Storage Manager client over a previous Tivoli Storage Manager client installation providing a choice to keep your dsm.opt file. 2. If an ADSM V3R1 Administrative GUI exists, it is not be removed. 3. If you install the Tivoli Storage Manager client files in a different directory than the one where you previously installed them, you should uninstall previous versions first, before installing the new version, to save disk space. 4. If your current client version is 3.1.0.3 or lower, existing filespace names are migrated from volume label names to Universal Naming Convention names (UNC). For example: C: drive will be \\client_name\c$. The UNC is updated for local and remote points, except removable media partitions
37
which continue using the volume label. While the migration is transparent, it affects the way filespace names are specified, especially from the command line backup-archive client. 5. If you have file names with international characters (umlauts, accents, and so forth) and you are upgrading from client version 3.1.0.5 or below, then after installing you may experience the symptoms of APAR IC21764. These symptoms include many ANS1304W Active object not found messages during incremental backups of files with international characters. To fix this problem you can search the index.storsys.ibm.com FTP site. The file names are: - IC21764L2.README.FTP - IC21764L2.README.1ST - IC21764L2.EXE You must first read the information provided in the IC21764L2.README.1if this is a new client installation, it is not necessary to use this fix. 6. If you run a client uninstall (version 3.1 or version 3.7) after installing Tivoli Storage Manager Client 4.1, some files of the 4.1 client could be deleted. Complete the following steps to correct this problem: a. Execute Add/Remove programs from the Control Panel. b. Choose Tivoli Storage Manager and double-click. c. On the Program Maintenance Dialog Box, select the Repair radio button.
3.6 Software requirements

When installing Tivoli Storage Manager client, you need Microsoft Windows 2000 System with TCP/IP or NetBIOS configured. TCP/IP is the recommended protocol for Tivoli Storage Manager client.
3.7 Hardware requirements

The hardware required for installing Tivoli Storage Manager client includes any properly configured machine with an Intel Pentium or higher processor and at least 64 MB of memory. Disk space requirements will depend on the type of installation. Examples of various types of installations are shown in Table 10. However, keep in mind that Windows 2000 with additional services could have more requirements.
38
Table 10. Disk requirements for Tivoli Storage Manager Client
INTEL
Tivoli Storage Manager directory 75.5 MB 27.7 MB 26.1 MB
WINNT\SYSTEM32 directory 1.2 MB 1.2 MB 1.2 MB
Total
Full install (all languages) Full install (one language) Complete (typical) install
76.7MB 28.9 MB 27.3 MB
3.8 User permissions for Windows 2000

To install Tivoli Storage Manager client software you must log on the computer as a user that belongs to the Administrator Local Group. If the computer is logged in a Domain, you need to be sure that the Domain Admins Group is included in the Local Admins Group. To back up and restore system objects (System State objects) you need to log on the computer as a user that belongs to the Administrator Local Group. To back up and restore normal files, it is only necessary to belong to the Backup Operators Group. Be sure that Manage auditing and security log right has been assigned to this group, otherwise backup and restore operations may fail.
MS Restriction
A user must have admin authority to back up and recover system state information.
3.9 System information

Prior to every backup, it is a good idea to have some system information noted which could serve as a way to check the total files backed up (if the scheduler was used) or to check if the restore has been successful. The
39
information in Table 11 is our recommendation, but feel free to add more fields according to your needs.
Table 11. System Information sheet
User information
Local group name Administrators
User name John Mack July Jackson
Global group name
Password admin
Domain Admins
Backup Operators
Carl Bellini Sara Smith Ron Terry Domain Backup Operators Authority full control Change
Permissions
Resource name c:\program files d:\data
Local Group Name Administrators Backup Operators
Printers
Name Executive Heavy duty
port LPT1: 9.1.1.1:PASS Status Running Stopped Stopped Running Partition Size / Type Total Files / Directories Total Bytes Used
Services
Service name Alerter Application Management Indexing Service Computer Browser
Data
Drive
40
C:[Applications] D:[Information] General Network informations Computer Name: Server Domain: Domain1 Protocols: TCP/IP (DHCP), NetBIOS Junction points Type DFS Root DFS Link Volume mount Replicated files Type DFS Root Def. Normal Dir.
4 GB / NTFS 16 GB / FAT Desktop information Settings: 800x600 16bit Color Res. Background: Deep blue
3000 Files / 1000 Dirs 5000 Files / 2000 Dirs
2 GB 4 GB
Name myshare Public Drive Z Source c:\myshare d:\public
Shared name myshare Public files Drive Z Target \\gold\c\mysha re2 \\gold\d\public
Path c:\ \\Server\c:\ c:\ Master \\bronze \\gold
This information becomes useful during the restore operation, and especially with bare metal restores, where the information is needed at that moment. Also, this information is used as a way to verify your restore was completed successfully.
Note:
To make it easy to list service information, it is recommended that you run the svcinfo.exe utility included in the resource kit for windows 2000. Also, any Systems Management Applications such as Tivoli IT Director, could be really useful in obtaining all of this information automatically.
41
42
Chapter 4. Installation and setup

In this chapter, we discuss installing and configuring the TSM 4.1.2 client on a Windows 2000 system. We recommend an Include-exclude list to use for Windows 2000 clients. The install procedures and the uninstall procedures are documented. Some tips and hints regarding the installation are provided.
4.1 Include-exclude list

To back up files and directories, any product needs to know what should be selected for the backup. TSM uses an entity in the dsm.opt file called the include-exclude list. This list defines what is to be backed up by specifying files, directories or drives to be either included or excluded by using keywords and patterns to match to the potential backup object. By default (no include-exclude list specified and no domain specified), all files and directories from the domain ALL-LOCAL are included for backup. Each time an application is installed, check application documentation and the Registry for files that may need to be included or excluded, and modify the include-exclude lists in the dsm.opt files or client option set accordingly. Using the Windows 2000 program regedit or some similar command, check the Registry for a list of files that Microsoft (and others) recommend be excluded from backup. Look in the Registry key HKLM\SYSTEM\CurrentControlSet\BackupRestore\FilesNotToBackup for the list. The directory \adsm.sys must not be excluded in the include-exclude list as this staging directory is where Tivoli Storage Manager actually backs up many system objects. We recommend using an explicit INCLUDE specification at the bottom of the include-exclude list to ensure this directory is picked up. Be aware of EXCLUDE.DIR statements, which take precedence over other include-exclude statements no matter where they are positioned in the list. System objects are assigned the default management class. Another management class cannot assigned to system objects.
43
Backing up the DHCP, WINS, and Terminal services causes errors due to the database files that are open. If excludes are entered for these directories, Tivoli Storage Manager skips subdirectories containing the services own backups for the database files. Tivoli Storage Manager will not be able to restore these \backup files and a recovery of the services database will not be possible. An example of this is the %systemroot%\ is skipped if the %systemroot%\system32\dhcp folder is placed in the exclude list.
Note
Do not use the include-exclude list from the sample files or the standard documentation. Use the include-exclude list recommended below.
Figure 7 is our recommended and tested include-exclude list for Windows 2000. This list is valid for backing up and restoring Windows 2000 Professional and Windows 2000 Server systems, including all the System Objects. It does not contain statements for site specific applications or files or for non-critical files such as \TEMP that you may decide to eliminate from processing.
EXCLUDE "*:\WINNT\CSC\...\*" EXCLUDE "*:\WINNT\REGISTRATION\*.CLB\...\*.CRMLOG" EXCLUDE "*:\DOCUMENTS\...\INDEX.DAT" EXCLUDE "*:\PAGEFILE.SYS" EXCLUDE "*:\WINNT\SYSTEM32\DTCLOG\MSDTC.LOG" EXCLUDE "*:\WINNT\NETLOGON.CHG" EXCLUDE "*:\HIBERFIL.SYS" EXCLUDE "*:\WINNT\SCHEDLGU.TXT" EXCLUDE "*:\WINNT\DEBUG\*.*" Exclude "*:\...\ea data. sf" * The following exclude parameter will prevent a registry backup unless * the include *:\adsm.sys\...\* is also present. Exclude "*:\...\system32\config\...\*" Exclude.dir *:\...\ntfrs\jet Exclude.dir *:\...\ntds Exclude.dir "*:\System Volume Information" Exclude.dir "*:\...\Temporary Internet Files" Exclude.dir *:\Recycled Exclude.dir *:\Recycler Include *:\adsm.sys\...\* Figure 7. Recommended include-exclude list
44
4.2 Tivoli Storage Manager 4.1.2 client install procedure

This section discusses the Tivoli Storage Manager client installation process. It assumes that the reader is familiar with the planning considerations as detailed in Chapter 3, Implementation planning on page 31. The installation process for the Tivoli Storage Manager client is relatively straight forward. The options presented are basically the same as previous versions of the Tivoli Storage Manager client. Windows 2000 does not present any special considerations when installing the client application. In accordance with Microsofts recommendations, the Tivoli Storage Manager client installation uses the Microsoft Windows Installer (MSI). If the client has been downloaded from the Tivoli FTP site at
http://www.tivoli.com/support/storage_mgr/clients.html#intel, it will come in
the form of a self-extracting InstallShield wizard.

Note
Ensure the screen resolution is running at a minimum resolution of 800 x 600. If the screen is running at 640 x 480, some of the buttons in the TSM client are displayed off-screen. This issue is due to be fixed in a future release of the client.
After double-clicking on the package, the wizard unpacks the Tivoli Storage Manager client files into the default temporary folder
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Remove_After_Install\TSM_BA_Client
(which can be changed if desired) and then it automatically launches into the install process. The install wizard screens are presented in the following order: 1. As show in Figure 8, select the installation language.
Figure 8. Select language
45
2. Start the installation of Tivoli Storage Manager on this machine using the install wizard as shown in Figure 9.
Figure 9. InstallSheild starts
46
3. Choose the directory to hold the Tivoli Storage Manager code as shown in Figure 10.
Figure 10. Choose destination folder
47
4. Select the type of install to perform as shown in Figure 11. The COMPLETE option installs all code necessary to run a typical client. The CUSTOM option allows picking the options to install, including the Administrator command line interface.
Figure 11. Select type of install
48
5. If CUSTOM is selected, this screen shows how to choose to install the administrator command line interface. As shown in Figure 12, click the plus sign beside the CLIENT entry to show each of the sub-entries. An X in the box indicates the entry is not selected. Click an entry to bring up any sub-entries or options to select or deselect that entry.
Figure 12. Custom setup menu
49
6. Now, as shown in Figure 13, the Tivoli Storage Manager installation is ready to begin.
Figure 13. Ready to install
50
7. Installation begins. Once the install has successfully completed, the screen shown in Figure 14 is presented.
Figure 14. InstallSheild complete
4.2.1 Tivoli Storage Manager Client configuration wizards

The Tivoli Storage Manager client configuration wizards assist in completing the installation of the Tivoli Storage Manager client. The areas addressed by the wizard are: Configuring the dsm.opt file Installing and configuring the Web client services Installing and configuring the client scheduler Each of these areas can be installed or configured manually. The dsm.opt file can be edited directly. The services can be installed using the dsmcutil program. See the dsmcutil.txt README file in the directory c:\Program Files\Tivoli\TSM\doc for more information.
51
To select the setup wizard from the menu bar, click Utilities ---> Setup Wizard as shown in Figure 15.
Figure 15. Start setup wizard
This brings up a screen allowing the selection of 3 areas to configure: Tivoli Storage Manager Backup Archive client Tivoli Storage Manager Web client Tivoli Storage Manager client scheduler
52
As shown in Figure 16, select the options required for your install by clicking the appropriate boxes.
Figure 16. Choose type of install using the wizard
4.2.1.1 Backup Archive client The Backup Archive client wizard assists in configuring the dsm.opt file for this client. 1. The options file task screen allows for the creation of a new dsm.opt options file or to copy a previously existing dsm.opt file from another location as shown in Figure 17. We recommend setting up a standard dsm.opt file and importing this file to each new client. This reduces the number of client option problems encountered later on.
53
Figure 17. Create a new dsm.opt file
2. Specify the node name of this client, as shown in Figure 18. Choose a node name that is unique and descriptive, yet is tied to this machine.
54
If open registration of clients is allowed, the open registration panels will be displayed. These panels are not shown in this book.
Figure 18. Enter node name
55
3. Choose the communication methods to be used by this client as shown in Figure 19.
Figure 19. Choose communication method
56
4. Assuming the TCP/IP option is selected, enter the name of the Tivoli Storage Manager server. We recommend using the fully qualified name to reduce the potential for errors or confusion. For example, use BRAZIL.US.IBM.COM instead of just BRAZIL as is shown in the example in Figure 20.
Figure 20. Set TCP/IP parameters
57
5. The include-exclude list and the domain list may be modified from the panel shown in Figure 21. See 4.1, Include-exclude list on page 43 for a discussion of include-exclude lists.
Figure 21. Modify domain and include-exclude list
6. The customization of the dsm.opt file is complete.
58
4.2.1.2 Web Client 1. Select the Web Client option to install and configure the Web client services.They consist of two services on the Windows 2000 system: the client acceptor service, and the remote client agent. See Figure 22 for an example of the screen.
Figure 22. Install a new Web client
59
2. Select the dsm.opt option file that the Web client should use. The default is to use the backup archive options in C:\Program Files\Tivoli\TSM\baclient\dsm.opt. Unless this Web client has special requirements, use the dsm.opt from the backup archive client. See Figure 23 for an example of the screen.
Figure 23. Select options file
60
3. Enter the TCP/IP port number to be used to access the Web client. The default is 1581. As shown in Figure 24, selecting YES to the second question restricts an administrator with client access privileges such as help desk personnel, from accessing this client using the Web client interface. Administrators with client owner privilege, system administrators, or policy administrators are not restricted from accessing this client through the Web client with this option.
Figure 24. Set Web client parameters
61
4. Enter the node name and password of this Tivoli Storage Manager client. The default is to use the same name as the backup archive client. See Figure 25 for an example of the screen.
62
5. Select the user account that the Web client is to use for the service running the client acceptor service and the remote client agent service, which manage the Web client. We suggest using the system account to ensure that backups and restores of the system objects can be accomplished without security errors. See Figure 26 for an example of the screen. An issue exists with the Web client in this version of Tivoli Storage Manager. The configuration wizard for the Web client gives a choice on whether to set the Web client services to manual or automatic startup. This configuration option is applied to both services: Tivoli Storage Manager client acceptor; and Tivoli Storage Manager remote client agent. If this setting is not changed, the Web client will not function. As shown in Figure 36 on page 71, the correct startup settings are: - Tivoli Storage Manager client acceptor service = Automatic - Tivoli Storage Manager remote client agent = Manual The Tivoli Storage Manager remote client agent service automatically starts when the Web client backup/restore Java applet is launched. If it is running before the Web client is launched, the Java applet fails with a TCP/IP communications error.
.
Figure 26. Enter login account ID
63
6. The Web client configuration is complete. See Figure 27 for an example of the screen.
Figure 27. Web client is done
4.2.1.3 Client scheduler The Tivoli Storage Manager client scheduler is a service running on the Windows 2000 client that communicates with the Tivoli Storage Manager server to perform actions on the client that are scheduled by the server. 1. If the check box for the Tivoli Storage Manager client scheduler was selected in the Setup Wizard, the client scheduler wizard starts up to install and configure the Tivoli Storage Manager client scheduler. See Figure 28 for an example of the screen.
Figure 28. Install a new client scheduler
64
2. Enter a name for the scheduler service running on the client. We recommend using a descriptive name such as TSM Scheduler. See Figure 29 for an example of the screen. This wizard can be used to install the client scheduler service on another machine; however, this is not covered in this book.
Figure 29. Enter scheduler name
65
3. Select the dsm.opt option file the client scheduler should use. The default is to use the backup archive options in C:\Program Files\Tivoli\TSM\baclient\dsm.opt. Unless this client scheduler has special requirements, use the dsm.opt from the backup archive client. See Figure 30 for an example of the screen.
Figure 30. Choose scheduler options file
66
4. Enter names to be used by the scheduler for its log and its error log. The defaults are dsmsched.log for the scheduler log and dsmerror.log for the error log, and both default to being stored in the c:\Progarm Files|Tivoli|TSM\baclient directory. Select event logging if detailed events for the client scheduler should be logged in the Windows 2000 Event Log. See Figure 31 for an example of the screen.
Figure 31. Set log file names
67
5. Enter the node name and password of this Tivoli Storage Manager client. The default is to use the same name as the backup archive client. See Figure 32 for an example of the screen.
68
6. Select the user account the client scheduler is to use for the service to access the files and objects it will be managing. We suggest using the system account to ensure that backups and restores of the system objects can be accomplished with out security errors. See Figure 33 for an example of the screen. We recommend setting the scheduler to start automatically when Windows 2000 boots to ensure the scheduler is always available to execute scheduled commands. See Figure 36 on page 71, for a display of the correct settings of this service.
Figure 33. Select login account ID
69
7. Click Finish to complete the configuration of the client scheduler as shown in Figure 34.
Figure 34. Scheduler options done
8. The client scheduler installation is complete. See Figure 35 for an example of the screen.
Figure 35. Client scheduler installed
70
4.2.1.4 Check if services are running Check that the client services are configured and running as desired. From the Windows 2000 Start button, select Start --> Settings --> Control Panel --> Administrative Tools --> Services to check which services are running. See Figure 36 for an example of the screen. The correct settings are shown in Table 12.
Table 12. Tivoli Storage Manager services settings
Service TSM Client Acceptor TSM Remote Client Agent TSM Scheduler
Status Started
Startup Type Automatic Manual
Started
Automatic
Figure 36. Tivoli Storage Manager Client Service settings
4.3 ODBC
The ODBC package has been separated from the Tivoli Storage Manager client install package. It is available in the Tivoli Storage Manager ODBC Driver install package on the Tivoli Web site.
Note
We did not install or test the ODBC driver package for this redbook.
71
4.4 Post install

Delete the temporary directory used to hold the unpacked version of the code. The default location for this directory is C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Remove_After_Install\TSM_BA_Client.
4.5 Uninstalling the client

To completely uninstall the Tivoli Storage Manager client code, a number of steps must be taken. Before continuing, check the README.TXT files for additional information about uninstall.
4.5.1 Remove services

The services called TSM Client Acceptor, TSM Remote Client Agent, and the client scheduler named in the install, such as the recommended TSM Scheduler, all have to be stopped and removed from the Windows 2000 system. The setup wizard used to install these services also can be used to remove the services. Start the wizard from the Tivoli Storage Manager client GUI menu by selecting Utilities --> Setup Wizard. Check the boxes for the Web Client and the Tivoli Storage Manager client scheduler if they are installed. Each service is removed in turn by presenting a screen requesting to continue. Then the service is removed.
4.5.2 Remove code

The code needs to be uninstalled in a manner where the Windows 2000 system can be informed of the procedure. The correct procedure is to select the Start --> Settings --> Control Panel --> Add/Remove Programs. Highlight the Tivoli Storage Manager Client entry and click the Remove button. The client code is removed and the entries in the Start --> Programs menu are deleted.
4.5.3 Remove temporary files

If the temporary files created during the install process were not removed, they can be deleted using the command. Delete the directory and all its contents. The default is at C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Remove_After_Install\TSM_BA_Client.
72
4.5.4 Remove miscellaneous files

Some files and directories are left behind by the code removal process. The five files left behind are found in the directory structure c:\Program Files\Tivoli\TSM\Baclient, assuming the product was installed into the default location. The file names are:
dsm.ini dsm.opt dsmerro.log dsmsched.log dsmwebcl.log
These files are left under the assumption that another client version may be installed. These files are useful to maintain continuity over a version change. If another client is not being installed, delete the directory at c:\Program Files\Tivoli and all its contents.
4.6 Tips and hints

This section provides some hints and tips for installing the Tivoli Storage Manager client.
4.6.1 Installation using Terminal Server

We installed the Tivoli Storage Manager client code using a Terminal Server client session and we did not notice any irregularities from that install.
4.6.2 Renaming the Tivoli Storage Manager client node name

The Tivoli Storage Manager client node name is stored in dsm.opt and the Registry. If the Tivoli Storage Manager client node name is renamed on the Tivoli Storage Manager server, it also needs to be renamed at the client. Run the Tivoli Storage Manager client setup wizard found in the Backup Archive client menus at Utilities --> Setup Wizard, for: Backup Archive client Web client Client scheduler Change the node name specification in the dsm.opt file as well.
73
74
Chapter 5. Windows 2000 backup

In this chapter, we discuss topics related to backup of the system and system objects. We discuss the permissions required to perform a backup. The various methods that Tivoli Storage Manager uses to perform a backup are discussed, such as using the: Scheduler GUI Web interface Command line
How to perform backups of various system objects and Windows 2000 Professional are also discussed. A process for retaining multiple backups of system objects is presented. Some recommendations and hints are presented.
5.1 Philosophy
Tivoli Storage Manager uses documented Microsoft application programming interfaces (APIs) to backup system objects. Some objects such as the Active Directory database have APIs that allow Tivoli Storage Manager to directly access the database. Other objects such as the Registry do not have interfaces that Tivoli Storage Manager can directly access. In these instances, Tivoli Storage Manager internally uses Microsoft utilities to copy the system objects to a staging directory and then the objects are backed up from that directory. A restore is performed in the reverse order. Tivoli Storage Manager keeps only the active copy of system objects implying that there are no inactive backups for system objects. Since the ability to restore an older version of a system object is useful and sometimes necessary, a manual procedure to capture inactive copies of the system objects is required. This task falls to the Tivoli Storage Manager administrator. See 5.6.3, Creating inactive versions of System Objects on page 84 for a suggested procedure. Our understanding is that the restore of inactive copies for system objects will be available in a future release of the Tivoli Storage Manager client. The backup and restore of a single Registry hive may be useful. Tivoli Storage Manager only backs up and restores the full Registry. Since Tivoli Storage Manager uses a staging directory, a clever Tivoli Storage Manager administrator may be able to create procedures to process individual Registry
75
hives. We are not that clever. See the Microsoft Windows 2000 Server Resource Kit for more information.
5.2 Permissions required

To properly back up all files and system objects on a client, the Tivoli Storage Manager client must have adequate permissions to those files.
5.2.1 Back up system objects

Microsoft documentation indicates that an administrator or backup operator account can be used to back up system objects and an administrator account must be used to do the restore. Despite what the literature says, Microsoft now claims that the System State (that is, Tivoli Storage Manager system objects) must be backed up and restored using an administrator account. Microsoft currently does not support using a backup operator account with any of the Windows 2000 system objects.
Note
We recommend using an ID from the administrator group only.
5.2.2 Back up regular files

Tivoli Storage Manager requires access to regular files, the directory or the local drive in order to back them up. To backup regular files, Tivoli Storage Manager must have access rights on the local drive or directory containing those files. The file systems (e.g., C: drive) can be backed up and restored by a member of the Backup Operators group as long as the Backup Operators group has been granted the Manage auditing and security log security policy.
Note
We recommend using an ID from the administrator group only.
76
5.3 Scheduled backups

Most backups are performed by setting up a client schedule on the Tivoli Storage Manager server to issue an incremental backup command to the client machine. The backup is normally unattended by a person and is initiated from the Tivoli Storage Manager server. In previous versions of the Tivoli Storage Manager client software, the system objects were not included when running a standard incremental backup. A second schedule had to be defined to explicitly pick up the system objects. In version 4.1.2 of the Tivoli Storage Manager client, system objects are automatically included in the ALL-LOCAL domain, so the second schedule is no longer required. The Tivoli Storage Manager client option BACKUPREGISTRY is now redundant as the Windows 2000 Registry is backed up by default. If the SYSTEMOBJECT domain is not specified in the dsm.opt file for a Windows 2000 system, Tivoli Storage Manager will honor the setting specified in the BACKUPREGISTRY option.
5.4 Client-controlled backups

Client-controlled backups are typically initiated by a person at the client machine by using either the GUI interface, the Backup Archive command line interface or the Web client interface. Choosing to back up local files or the system objects in the GUI works just as it has in the past. Click the plus signs to expand the directory tree. Click the grey boxes to select files, directories, or objects for backup.
5.4.1 GUI
New system objects for Windows 2000 show up in the backup and restore screens of the graphical user interface according to what services are available on the system that Tivoli Storage Manager is attempting to back up. To back up a system object, click the appropriate grey box to select that object and click the BACKUP button. Figure 37 shows an example of the GUI displaying some of the new system objects.
77
Figure 37. Example of System Objects in the GUI
5.4.2 Command line

From the command line interface for the Backup Archive client, the new BACKUP SYSTEMOBJECT command can be used to back up all valid system objects on a Windows 2000 system. Other backup commands can be used to back up individual entries for the system objects.
5.4.3 Web client interface

The Web client interface (or WUI - Wooo Eeee as it is affectionately know) has similar interface changes as the GUI.
5.5 Backing up Windows 2000 Professional

We found that there are no considerations for backing up the Windows 2000 Professional system. As with all systems, ensure that all applications are closed and all users logged off during the backup.
78
5.6 Backing up system objects

Tivoli Storage Manager backs up the System State as Microsoft calls it, to system objects. The whole system object can be backed up as an entity, or individual components of the system object can be selected to be backed up. Tivoli Storage Manager manages these backed up objects in a simulated filespace called the SYSTEM OBJECT. This filespace appears in the GUI as its own separate clickable object, which reveals the system objects currently backed up or available to be backed up in the simulated filespace. Because it is treated as a filespace, the Delete Filespace, Rename Filespace, and Query Filespace commands work on the SYSTEM OBJECT filespace.
Note
Because of the way system objects are now being stored, a backup must be performed from a Tivoli Storage Manager 4.1.2 client prior to attempting to restore system objects from the Tivoli Storage Manager 4.1.2 client.
Microsoft indicates that the way to restore objects is to restore the whole System State at the same time from the same backup. This implies that the whole system must be restored to restore just one object. For example, restoring the Active directory will also restore the COM+ database, effectively back- leveling it at the same time. Take this into consideration prior to starting a restore of the system object. System objects which must be backed up together include the following. Microsoft does not support restoring these objects individually. Active directory (domain controller only) Certificate server database Cluster Database (cluster node only) COM+ database Registry System and boot files System volume
Other System Objects that can be backed up individually include: Event logs (system, security and application) Removable Storage Management Database (RSM) Replicated file systems
79
5.6.1 \ADSM.SYS contents

The directory %systemroot%\ADSM.SYS is created by Tivoli Storage Manager to store temporary copies of some, but not all, system objects during the backup and restore process. System objects that cannot be directly backed up are first exported from their original location to directories and files under %systemroot%\ADSM.SYS. Then, Tivoli Storage Manager backs up the directories and files under %systemroot%\ADSM.SYS.
The %systemroot%\ADSM.SYS directory must not be excluded from backup by the
include-exclude list. The components that use the directory %systemroot%\ADSM.SYS and where the copies of the Windows 2000 object are stored are: Registry contents are in %systemroot%\adsm.sys\w2kreg Cluster database are in %systemroot%\adsm.sys\clusterdb COM+ database are in %systemroot%\adsm.sys\compdb Event logs are in %systemroot%\adsm.sys\eventlog
During restore processing of the Registry, a copy of the current Registry is first placed into the directory %systemroot%\adsm.sys\w2kreg.sav. This directory may be able to be used to restore the Registry in the event of a restore failure. See either the online help for the Restore Registry command or the manual Tivoli Storage Manager for Windows Using the Backup-Archive Client for more information.
5.6.2 Individual system object component backup

Microsoft does not support the individual restore of System State objects. The Tivoli Storage Manager 4.1.2 client has the ability to back up and restore system object components individually. The backup of an individual system object component adds the component to the existing system object filespace in the Tivoli Storage Manager server. It does not recreate a totally new system object filespace, unless there is no existing system object filespace. This affects the integrity of the system object when it is used for a restore since the system object must be restored from a backup of all the system object components taken in one backup session. The TSM client gives very little indication that this situation has happened. Because of this, there is great potential to use an invalid restore scenario.
80
For example, the whole system object is backed up on Monday. On Tuesday, the Registry component is backed up individually before making a system change. On Wednesday, the Active Directory requires a restore, which implies restoring the Registry from the same backup. Since the GUI interface of Tivoli Storage Manager does not provide a direct indication that the components are not synchronized, you proceed with the restore. However, because the Active Directory was backed up on Monday and the Registry on Tuesday, the restore may not produce the expected results. Queries of system object filespaces in the Backup Archive client GUI do not display any date and time stamp information indicating when these objects were backed up. Figure 38 shows this behavior on the restore screen after a valid backup. No information for the system objects is shown.
Figure 38. Example of a System Object Restore
A Query Filespace command for a System Object filespace displays zero capacity and zero percentage used. Although this is what Tivoli Storage Manager displays after a valid backup, it is misleading and uninformative. The zeros do not tell if it is a valid backup, nor do they tell what components were backed up or how much or when. Figure 39 displays the same information from the Backup Archive client command line interface.
81
tsm> query filespace Num --1 tsm> Figure 39. Query filespace command Last Incr Date -------------00/00/0000 00:00:00 Type ---NTFS File Space Name --------------SYSTEM OBJECT
Curiously, by issuing the new command QUERY SYSTEMOBJECT from the Backup Archive client command interface, the backup date and the space used for each object is displayed. See Figure 40 for an example of this information.
tsm> query systemobject Size Backup Date -------------17,661 12/07/2000 10:55:37 135,258 12/07/2000 10:55:56 231,108,288 12/07/2000 10:55:29 18,093 12/07/2000 10:55:50 48,267,344 12/07/2000 10:55:54 10,006,668 12/07/2000 10:55:38 117,074 12/07/2000 10:55:38
A/I --A A A A A A A
OBJECT\GOLD\COMPDB OBJECT\GOLD\EVENTLOG OBJECT\GOLD\SYSFILES OBJECT\GOLD\SYSVOL OBJECT\GOLD\NTDS OBJECT\GOLD\REGISTRY OBJECT\GOLD\RSMtsm>
Figure 40. Example of a Query Systemobject command
The number of files backed up for the total System Object can be displayed by using the Query Occupancy command from an Administrator session. An example if this command is shown in Figure 41.
tsm: BRAZIL>query occupancy gold Node Name Physical Logical Space Space Occupied Occupied (MB) (MB) ---------------- ---- ---------- ---------- --------- --------- --------GOLD Bkup SYSTEM DISKPOOL 1,930 290.39 290.39 OBJECT tsm: BRAZIL> Type Filespace Name Storage Pool Name Number of Files
Figure 41. Example of Query Occupancy command
82
It is possible to obtain information about the restore in the GUI by using a convoluted method of renaming the System Object filespace to something else and then browsing the renamed filespace in the restore section. Figure 42 shows the GUI restore screen with renamed filespaces and dates and times of their backup. See 5.6.3, Creating inactive versions of System Objects on page 84 for more information about creating this situation.
Figure 42. GUI restore screen showing dates, times System Objects backed up
Attention
From the above, it becomes very apparent that Microsoft and Tivoli have provided more than enough rope to hang yourself! We strongly recommend checking backup timestamps by issuing the Query SYSTEMOBJECT command prior to initiating any System Object restore to ensure all System Object timestamps are for similar times. Be careful!
83
5.6.3 Creating inactive versions of System Objects

Tivoli Storage Manager only maintains one copy of the current System Objects. Many restore scenarios require the availability of multiple versions of the System Objects, so a manual process needs to be devised. Our understanding is that inactive copies of System Objects will be available in the future. 5.6.3.1 Steps The following steps should be taken to create an inactive version of System Objects. 1. Run an incremental backup of the domain ALL-LOCAL. This will automatically pick up the System Objects. 2. At the successful conclusion of the backup, rename the SYSTEM OBJECT filespace to something like SYSTEM OBJECT 2000-11-29 06:19:34 to create a backup version of the System Object. Using a Tivoli Storage Manager administrator ID, issue a Rename Filespace command.For example:
rename filespace gold \system object \system object 2000-12-05 06:47:39
By specifying the -NOCONFIRM parameter on the dsmadmc command when starting the administrator session, the yes/no prompt will not be issued.
Note
We recommend performing this rename immediately after the backup has successfully completed. This prevents accidentally overwriting the current backup copy of the System Objects by performing another backup with any of the Backup Archive GUI, Web Client or command line interface. None of these interfaces call the recommended Postschedulecmd command to perform this rename. 3. Check the number of System Object filespaces that have been renamed and kept. If the number is greater than the number of versions to be kept, issue a Delete Filespace command for the oldest version from an administrator ID. For example:
delete filespace gold \system object 2000-10-05 06:43:11
84
Note
The Active Directory tags entries that have been logically deleted from the database and places them in a tombstone state. Garbage collection on the Active Directory deletes database entries in the tombstone state that are older than the tombstone lifetime (the default is 60 days). The restore of a domain controller (Active Directory) from a backup older than the Windows 2000 tombstone lifetime may create inconsistencies between domain controllers as the restored Active Directory may not have a record of some of deletions. Keeping an Active Directory version older than the specified tombstone lifetime date may not be useful. See Figure 42 on page 83 for an example of a number of renamed System Objects. We suggest utilizing the Postschedulecmd command of the Backup Archive client to run a Windows 2000 .bat file immediately after the Tivoli Storage Manager backup completes.
5.7 Backing up DFS

You can backup Distributed File Systems (DFS) without the DFS options. The ALL-LOCAL backup of a system with DFS installed will back up the DFS information. The shares will need to be re-created before the restore. The DFSBACKUPMNTPT option should only be used when attempting DFS-only backup/restore scenarios. It is generally not recommended to change these options. Figure 43 displays a simple DFS configuration.
85
Figure 43.
a simple DFS configuration
We recommend that notes be kept manually about DFS root name and path name, and the path \\machine1\c:\Havier which is used by Tivoli Storage Manager, instead of a filespace name. This allows for a quick restore without having to guess about what connects to what.
5.7.1 DFSBACKUPMNTPNT YES

Use this Tivoli Storage Manager client option to back up the whole DFS structure. The metadata consists of the data required to create the folders X and Y and the MYSHARE folder. This metadata can be backed up separately. It is stored in the Registry in a stand alone version of a DFS server or in the Active Directory in an Active Directory version of a DFS server. You can back up actual data on other machines. You need to decide which is more efficient for data: Tivoli Storage Manager on a DFS machine or Tivoli Storage Manager on another machine.
86
You need to back up the root folder using normal Tivoli Storage Manager backup on the DFS machine. You need to backup Shared folders on other machines using normal Tivoli Storage Manager backup on those machines or using a SHARE on the DFS machine. We recommend using YES (the default).
5.7.2 DFSBACKUPMNTPNT NO
This is used to transform the DFS structure to a single machine. You cannot restore root with this option.
5.8 Tips and hints

In this section, we propose some tips and hints for dealing with Tivoli Storage Manager backups.
5.8.1 Backup frequency

Microsoft documentation recommends a weekly backup of a domain controller with the tapes sent off site monthly. Additionally, they recommend that if the domain controller is also the primary Global Catalog Server, backups should be made nightly with weekly off-site storage. Utilizing automated scheduling, network backups, and off-site copies, Tivoli Storage Manager can perform these tasks quickly, easily, and in an automated fashion. We recommend that backup of all the System Objects take place nightly, if possible, and that all System Objects be backed up together. Due to the requirement of restoring many System Objects at the same time from the same backup to maintain integrity, a backup of one object alone may not be sufficient. For example, it may be tempting to backup only the Active Directory database on a server every night and backup all the System Objects once a week. It is unclear whether this would allow for a successful restore the Active Directory from the nightly backups. It is quite possible that the only successful restore would be from the weekly backup.
5.8.2 Perform test restores

Backups are performed for the sole purpose of being able to restore data. A backup (valid or not) is a waste of time, resources, and hope if the required
87
data cannot be restored from the backup. Unless the restore process is tested, recovery of any data is at risk. Numerous errors can slip in to corrupt your process, such as: An unreadable tape Configuration changes that inhibit backing up all the data Configuration changes that prevent recovering properly Incorrect procedures Human error
To minimize the potential of your recovery procedure failing, we recommend testing all restore procedures regularly. A suggested time frame follows. 5.8.2.1 Simple file restores Test a file restore to every file server client at least once a month. A client request for a file restore during the month would satisfy this requirement. Use real data that is changing as opposed to static test data to perform the test. Test a file restore to a sampling of desktop clients at least once a month. 5.8.2.2 Full system restores Test a full system restore every six months to at least one client of every client type, for example a file server, Active Directory server, clustered server, and desktop. If possible, restore the image to a spare, stand alone machine.
5.8.3 Windows 2000 user profiles

Backups taken while a user is logged on locally at the system console will fail for the user profile file ntuser.dat for the current logged on user. Restoration of the users profile from that backup session will not be possible. We recommend all users be logged off during a backup if user profiles may need to be restored.
5.8.4 Transaction limits

Tivoli Storage Manager makes use of the logical file grouping function introduced in Tivoli Storage Manager Server 3.7.3. This logical file grouping is used during backup of System Objects to send all the System Objects as one transaction. It overrides any server or client transaction limits that may be set. Due to the number of files sent during some System Object backups, the recovery log may overflow if the recovery log size is set very small, especially if roll forward mode is selected. We observed 1500-2000 files sent during System Object backups.
88
5.8.5 MSINFO command

An easy way to gather pertinent hardware and configuration information about a machine is to run the Windows 2000 command MSINFO32.exe This command executes either in a window or a command line. Running the command using the Tivoli Storage Manager Preschedulecmd client option prior to a backup and backing up the resulting output file gives a snapshot of the current system hardware and configuration. To run the MSINFO command and place the output into a file named msinfo32.rpt, issue:
1. cd \program files\common files\microsoft shared\msinfo 2. msinfo32 /report msinfo32.rpt /categories +all
Place this file in the same location in each client so it can be found easily. Ensure that the Tivoli Storage Manager client include-exclude list does not exclude the resulting file.
5.8.6 Tree view

If a number of backups are being performed in succession from the same general area in the directory tree, set the client option guitreeviewafterbackup to yes to return to the tree view after a backup, restore, archive or retrieval is complete.
89
90
Chapter 6. Windows 2000 restores

This chapter discusses the process required to perform various restores using the Tivoli Storage Manager client. Scenarios ranging from complete system bare-metal restores to individual item granular restores are covered. Although all recoveries have been performed from backups that were taken using the Tivoli Storage Manager Scheduler, there is no reason to believe that a backup taken using the GUI client should perform any differently. We recommend that before using the documented procedures in a production workspace, the reader should verify them in their own test environment. We have only been able to test the Tivoli Storage Manager client in a fairly generic environment that will not mirror every possible Windows 2000 permutation..
Note
Good reference material covering Windows 2000 backup and restore issues are: Windows 2000 Help Windows 2000 Resource Kits - Server and Professional Editions Windows 2000 Server Disaster Recovery Guidelines. This can be found online at http://www.microsoft.com/TechNet/win2000/recovery.asp.
6.1 Permissions to restore Windows 2000

The account that is used to restore Windows 2000 must have administrator rights for the operation to be successful. For Windows 2000 domain controllers, the account must be a member of the local domain-based administrators group. For a Windows 2000 member server or Windows 2000 Professional system, the account must be a member of the local administrators group. Some documentation states that it is sufficient to be a member of the Backup Operators group in order to perform restores. This statement is true to some degree and it must be qualified with the following precautions: The Backup Operators group must be granted Manage auditing and security log rights.
91
Only file objects can be restored with Backup Operators rights. All other restores, that is, System Object components, require Administrator privileges. With this in mind, the safest option is to perform restores using an account with administrator rights.
6.2 Restoring a Windows 2000 system

This section discusses issues and processes involved with performing a complete recovery of a Windows 2000 system. This is usually required due to a complete hardware or software failure. Scenarios involving Windows 2000 systems running as domain members and domain controllers are covered.
6.2.1 Restore methodology

At one point we considered calling this section Windows 2000 bare-metal restores. We then asked ourselves what does a bare-metal restore really mean?. Most people take bare-metal restore to mean booting a system from a floppy or tape and beginning a complete restore without first having to install the operating system, the backup software, and so on. The implementation of Active Directory means that it will not be possible to achieve a true bare-metal restore by using the current MS Windows 2000 backup and restore APIs. The procedures detailed in this chapter do not use the bare-metal restore concept. Instead, we use the process of first installing the operating system and Tivoli Storage Manager client, then initiating a restore. While we acknowledge that this may not be the most efficient recovery process, we believe it acts as a solid foundation from which other procedures can be developed. 6.2.1.1 How should Windows 2000 be installed? While the main focus of this chapter is on the actual restoration process, to get to this point, it is necessary to load the Windows 2000 operating system and then the Tivoli Storage Manager client software. How this is achieved is not really a big issue and as long as the operating system is configured as we have documented (for example, do not make the system a domain member) there should not be any problems. We have documented a process that is the lowest common denominator something that anyone can perform without requiring additional software. Once you are comfortable that the process works in your environment, we
92
recommend that you investigate more efficient operating system installation methods because this will reduce your down time should you have to perform real-life system recovery. Two examples are unattended scripted installs or using a disk imaging product.
6.2.2 The role of the System Object in the restore process

Without doubt, the most important component in the restoration process is the Tivoli Storage Manager client System Object. It acts as a logical place holder for all the core components, services and applications running on any Window 2000 system. Because many of the System Object components are interlaced with dependencies, only restore the entire System Object. This may seem excessive in a situation where you only want to restore a single user account from Active Directory, but until future releases of Windows 2000 permit the backup and restore process to be enhanced, it is not possible to mandate a more granular approach. By selecting the entire System Object as part of any restore process, the Tivoli Storage Manager client restores all components in a valid sequence, merging the Registry information as the final step. Processing the entire System Object as a single entity is the only way to be assured that its components are restored in a consistent manner. 6.2.2.1 Checking the consistency of the System Object backup Since the System Object is central to the success of any restore, before running a recovery of any of the System Object components, it is essential to verify the integrity of the backup. Unfortunately, version 4.1.2 of the Tivoli Storage Manager client does not contain any automatic safeguards to prevent individual components from being backed up in isolation, and thus affecting the integrity of the overall System Object backup. Therefore, it is necessary to manually check the System Object prior to commencing a restore. To confirm that all of the System Object components were backed up as a single entity, run the command query systemobject. This will display the backup times for each component and it should be obvious if a rogue backup of an isolated System Object component exists. Although this is an unlikely event, it is still worth taking the time to check, given the problems that it could cause.
93
You need to check that all the System Object components were backed up within a few seconds or minutes of each other (depending upon the size of the components). See Figure 44 for an example of this command.
tsm> query systemobject Size Backup Date -------------17,661 12/07/2000 10:55:37 135,258 12/07/2000 10:55:56 231,108,288 12/07/2000 10:55:29 18,093 12/07/2000 10:55:50 48,267,344 12/07/2000 10:55:54 10,006,668 12/07/2000 10:55:38 117,074 12/07/2000 10:55:38 tsm>.
A/I --A A A A A A A
OBJECT\GOLD\COMPDB OBJECT\GOLD\EVENTLOG OBJECT\GOLD\SYSFILES OBJECT\GOLD\SYSVOL OBJECT\GOLD\NTDS OBJECT\GOLD\REGISTRY OBJECT\GOLD\RSM
Figure 44. Example of Query systemobject command
6.2.3 Restoring a Windows 2000 Professional or member server

This section discusses the steps required to perform a complete restore on systems that are domain members, that is, non-domain controllers. Restore scenarios are covered for Windows 2000 Professional, Server and Advanced Server. Although the restore procedures cover systems that are members of a domain, there is no reason why the same process cannot be applied to systems running in a standalone environment (that is, as workgroup members). 6.2.3.1 Summary. Table 13 summarizes the restore process for Windows 2000 Professional or a member server. This is for informational purposes only. For a working procedure, please follow the detailed procedure in section 6.2.3.5, Recovery procedure on page 96.
Table 13. Windows 2000 Restore Process Summary
1 2 3 4 5
Perform a minimal installation of Windows 2000 server in a workgroup with network connectively to the TSM server Install the Windows 2000 service pack that was running on the original system Create any additional disk partitions that were on the original system Install Tivoli Storage Manager client Restore file level data to the Windows 2000 boot / system partition
94
1 6 7 8 9 10
Perform a minimal installation of Windows 2000 server in a workgroup with network connectively to the TSM server Restore the entire System Object as single entity Reboot system Restore data back onto other drives Reboot system Check System
6.2.3.2 Assumptions This section details assumptions that the reader should be aware of. The system being recovered is a member of a domain. In the case of Windows 2000 Server and Advanced Server, the system is a member server, not a domain controller. For details on recovering a Windows 2000 domain controller, see 6.2.4, Restoring a Win 2000 domain controller (non-authoritatively) on page 102 in this chapter. This process is applicable to 3 variants of Windows 2000: Professional, Server and Advanced Server. For the sake of clarity, the generic term Windows 2000 system will be used to refer to all three products. The systems hardware components have already been correctly installed and configured. This includes, but is not limited to: System has power to all components Keyboard, mouse and monitor are connected Network controllers are installed and connected to the network Cabling of disk controllers and array controllers is complete Check that the hardware firmware is at the correct level (ideally this firmware should be at the same level as when the backup was taken)
The restore is done using Tivoli Storage Manager Backup Archive client not using a scheduled job. Each step in the procedure should be executed successfully before continuing with the next. If you do experience any errors, investigate them before proceeding. 6.2.3.3 Requirements This section details the pre-restore requirements. The Windows 2000 installation media should be available. An account with local administrator privileges must be used for the entire restoration process.
95
The Tivoli Storage Manager 4.1.2 client software should be available. Know the following about the Windows 2000 system being restored: Hard drive partitioning information Original computer name used for the Windows 2000 system Original TCP/IP address Which Windows 2000 service packs were running on your system
Know the host name and IP address of the Tivoli Storage Manager server that will be used for recovery. The original computer account of the system being restored must still exist in the domain. Do not delete this account as it will complicate the recovery process. 6.2.3.4 Restore issues concerning DFS or junction points There are issues that need to be considered when restoring a Windows 2000 system that has a Distributed File System or junction points installed. There is the potential to recover some data twice when restoring drives that have junction points defined. To avoid this we recommend only restoring the junction point definitions. Please refer to 6.3.2.3, Complete system restores and DFS on page 145 for details on how to address this issue. 6.2.3.5 Recovery procedure Because the major differences between Windows 2000 Professional, Server and Advanced Server are related to scalability features (rather than the key differences in the operating system that distinguishes a domain controller), we have found that the same recovery procedure can be applied to all three versions. Obviously, a Windows 2000 Professional system will have less services installed than a server-based system, but this should not affect the overall outcome of the restore. It should be noted that the procedures were developed on a Windows 2000 Advanced Server system, allowing the process to be scaled down to the two other product variants. 1. Perform any vendor specific configuration on the system. For example, define disk arrays, RAID partitions, and so on. 2. Install either Windows 2000 Professional, Server or Advanced Server (the product must match the system being recovered). - Make the Windows 2000 boot partition the same size as the system being recovered. The partition should also be formatted using the same file system (FAT32 or NTFS). The partition should have the same drive letter.
96
- The Windows 2000 operating system folder must be named the same as the system being recovered (this will usually be WINNT). - Configure the server with the same computer name as the system being recovered. - Make sure you record the password used for the local administrators account. This is required later on in the procedure. - Set the time and date correctly. - It is only necessary to perform a minimal install of Windows 2000 with just the networking components required to get the system on the network. Ensure the network card is using the correct drivers and that its configuration parameters are set to optimal settings for restore purposes. - There is no need to install additional services or applications that will not be used by the recovery process. For example, Terminal Server or Macintosh services. Installing such items will only increase the amount of time required to complete the operating system installation and may in fact add unnecessary complications to the restore process. To speed up the install time, you can deselect the components which are installed by default: Accessories, Internet Information Server, Indexing Service and Script Debugger. - Place the server into a temporary workgroup (use a workgroup name that does not exist). Do not make the server a domain member. 3. Install any service packs, patches or drivers that were running on the original system that directly interact with components used by the restore process. For example, network card drivers, disk controller drivers, operating system patches.
Important
We have found that a critical step in the restoration process is to install any Windows 2000 service packs that were originally running on the system. Do this before you start to restore using the Tivoli Storage Manager client. Failure to do this will probably compromise the success of the restore. 4. Configure the Windows 2000 system to contact the Tivoli Storage Manager server. There may be a requirement to place entries in the TCP/IP hosts file or point the Windows 2000 system to a DNS server to achieve this.
97
5. Recreate the same number of disk partitions that were on the original system. Ensure the following partition properties match the original system: Partition type (primary or logical/extended) File system type (FAT32 or NTFS) Disk type (basic or dynamic) Drive letters (D:, E:, F: and so on)
Note
Although, it is desirable to get the partition sizes to match the original system, this is not absolutely crucial. As long as there is sufficient space to restore all the data, it should not affect the success of the recovery. 6. Install the Tivoli Storage Manager client software. For more details, see section 4.2, Tivoli Storage Manager 4.1.2 client install procedure on page 45. - For compatibility reasons, ensure that the version of the Tivoli Storage Manager client used for the restore matches the one used for backup. - Install the Tivoli Storage Manager client into the same path and folder as the original system. 7. Run the Tivoli Storage Manager client configuration wizard. - Only configure the Backup / Archive client. It is not necessary to configure the TSM Scheduler or Web client. - Ensure the Tivoli Storage Manager client node name is the same as it was on the original system. - Configure the client to point to the Tivoli Storage Manager server.
Note
Ensure the screen resolution is running at a minimum resolution of 800 x 600. If the screen is running at 640 x 480, some of the buttons in the Tivoli Storage Manager client are displayed off-screen. This issue is due to be fixed in a future release of the client.
8. Before starting the restore, confirm the consistency of the System Object backup by running the command query systemobject from the Tivoli Storage Manager client command line. See 6.2.2.1, Checking the consistency of the System Object backup on page 93.
98
9. Start the Tivoli Storage Manager Back Archive client and select the Restore tab.
Tip
To prevent the Restore window from closing after each restore job has completed, enable the checkbox option Return to tree window after function completed. This option is found in Edit --> Preferences -->General. 10.Restore the boot / system partition: a. Expand File Level and select the drive designated as the Windows 2000 boot / system partition (this is usually the C drive). b. Select the Restore Options button (between the Estimate and Point in Time buttons) and set the collision options for files that already exist as shown in Figure 45.
Figure 45. Restore options
c. Continue the restore process. When prompted, select to restore files to their original location. d. The restore should run cleanly without errors. e. At the end of the restore, do not select to reboot.
99
11.Restore the entire System Object. a. Select the System Object for restore. Do not select individual objects for restore. b. Continue the restore process. You will be presented with three prompts. Respond as follows: 1. When you are asked if you wish to the activate registry keys after the restore. Select Yes. 2. When you are asked to select a destination for the restored object, select to restore to the original location (selecting to restore to an alternative location will have no effect as System Objects cannot be redirected to another location). 3. Shortly after the restore starts you will be asked if you wish to force an overwrite on located files. Select Overwrite and check to apply this action to all files. c. The restore should run cleanly without errors. d. At the end of the restore, select to reboot. 12.Restart the system. 13.Restore any other data onto other drives on the system (D:, E:, and so on) setting the restore options as shown in Figure 45, Restore options on page 99. 14.Restart the system.
Note
The event logs are not restored back into the operating system (that is, they do not become active). They are restored into the folder \adsm.sys\eventlog. To view the logs you should point the event log viewer the appropriate log file in this folder.
100
15.Confirm that the system restore has been successful. Suggested items to check are: - Confirm that the system is a domain member again. From the desktop select My Computer --> Properties --> Network Identification. Also validate this by logging onto the system with a domain-based account. - Check Windows 2000 event logs for errors. In particular check for service and device driver failure. If the event logs were restored, check back to see if any errors that may be occurring are new or are just a legacy of the original system. - Check that all services show the correct status; that is, running, stopped, automatic, manual, and so forth. - Check that locally defined user and group accounts are present. If the system is part of a domain, check that domain-based accounts are members of local groups (check to see that the domain-based global administrators group is part of the local administrators group). - Check that print queues are present and functioning. - Check security on objects, for example, print queues and NTFS files and folders. - Check that the time zone and system time is correct. - Ask all users who use the system to check that their profiles have been restored.
Note
This list is by no-means exhaustive and should not be taken as a definitive checklist. Administrators should thoroughly check the components (services, devices, etc) of all applications running on the server. 16.If the system checks do not highlight any problems, the restore can now be considered complete (see Figure 46).
Figure 46. Successful Windows 2000 recovery
101
6.2.4 Restoring a Win 2000 domain controller (non-authoritatively)

This section discusses the process required to perform a complete restore of a Windows 2000 system running as a domain controller. The restore scenario covered is for systems running Windows 2000 Server or Advanced Server. The Active Directory component of the domain controller will be restored non-authoritatively in this procedure. Because Active Directory is the key component that sets a domain controller apart from other Windows 2000 systems, it is recommended that you are familiar with 6.3.1.2, Active Directory restores on page 112 as this covers details specific to Active Directory restore. 6.2.4.1 Issues to consider before recovering a domain controller The follow section discusses some issues which must be addressed before the recovery of a domain controller can take place. Is restoring from backup the most effective recovery method? If a system suffers from a catastrophic failure due to a hardware or software failure, usually the only cause of action is to restore the system from backup. With a Windows 2000 domain controller there are two methods that can be used: Restore data from backup Restore data using replication Although the focus of this chapter is aimed at situations where it is necessary to restore from backup, it is worth considering the second method, as it may prove to be an efficient way of restoring the failed system. To recover, Windows 2000 must be reinstalled and configured as a domain controller. Once the domain controller is back online, the normal replication process will repopulate the Active Directory database. This method is probably only worth considering if the domain controller is running in a fairly basic configuration, just hosting an Active Directory service. The other major factor to be considered is the size of the Active Directory database and how long it will take to replicate from its partners. Replicating a 1 GB database over a 64K WAN link is obviously not going to be a workable solution. For more information on recovering using replication, please refer to the Windows 2000 Server Distributed Systems guide. Are FSMO roles involved? Although Windows 2000 domain controllers run in a multi-master configuration where any system can update the Active Directory, there are
102
specific updates which can only be made by a single domain controller. The domain controllers which take on these roles are said to hold operation masters roles. There are a total of five Flexible Single Master Operations roles (FSMO) that exist in a Windows 2000 network. Some of the roles are domain-based, while others are forest-based. The five roles are shown in Table 14.
Table 14. Windows 2000 Domain Controller FSMO Roles
FSMO Role
Function The only domain controller that can perform write updates to the directory schema. This is a forest-based role. Main function is to add and remove domains from a forest. This is a forest-based role. Allocates sequences of relative IDs to each domain controller in its domain. These are used in the creation of security principals (user, group, and so on) by a domain controller. This is a domain-based role. Is responsible for updating the cross-domain group-to-user references when a new user is added. This is a domain-based role. Main role is to emulate a Windows NT primary domain controller providing backward compatibility for Windows NT systems participating in a Windows 2000 based domain. This is a domain-based role.
Schema Master
Domain Naming Master
Relative Identifier (RID) Master
Infrastructure Master
Primary Domain Controller Emulator
The important thing to remember about FSMO roles is that they were created to avoid conflict situations. This means that there can only be one domain controller running that role within a domain or forest. For example, it would be very undesirable to have two systems trying to update the Active Directory Schema, hence the role of the Schema Master. FSMO roles can be moved to other domain controllers. In the case of a role holder that is going off-line for a scheduled outage, the role can be gracefully reassigned to another domain controller. If a domain controller becomes unavailable due to an unplanned outage, then it is possible to forcibly seize the role onto another domain. In this situation the original domain controller must never be allowed to come back online as conflict will occur (and corruption may follow). There is the potential for this to happen when restoring a domain controller from backup. Like any backup application, the Tivoli Storage Manager client
103
will back up a domain controllers FSMO role as part the system backup. This also means that the role will be restored along with all other components of the operating system. When a FSMO role domain controller fails, there are a number of things to be considered before restoring the system. These include: If the failed domain controller needs to be restored and brought back online, then the FSMO role must not be seized onto another system. If the role has been seized onto another domain controller, do not restore the system and bring it back online. In many cases a Windows 2000 forest or domain can function for period without a particular FSMO role. Although this is not recommended for a long period (that is, many weeks or months), it does mean that is no need to panic into unnecessarily seizing a FSMO role onto another domain controller. How long a FSMO role can be unavailable depends upon what the role is and how often it is used. For example, the Schema Master is only required when updates to the Active Directory schema are made. For many Windows 2000 environments, this may only occur a few times a year; therefore, the need to bring the schema master role back online may not be an urgent one. 6.2.4.2 Summary of domain controller restore Table 15 summarizes the restore process for a non-authoritative restore of a domain controller. This is for informational purposes only. For a working procedure, please follow the detailed procedure in section 6.2.3.5, Recovery procedure on page 96.
Table 15. Domain Controller Restore Process Summary
1 2 3 4 5 6 7 8 9 10
Perform a minimal installation of Windows 2000 server in a workgroup with network connectivity to the TSM server. Install the Windows 2000 service pack that was running on the original system. Create additional disk partitions that were on the original system. Install Tivoli Storage Manager client. Restore file level data to the Windows 2000 boot / system partition. Restore the entire System Object as single entity. Reboot system. Restore data back onto other drives. Reboot System. Check System.
104
6.2.4.3 Assumptions This section details assumptions that the reader should be aware of. The system being recovered is a domain controller. For details on recovering systems running Windows 2000 professional or Windows 2000 Server and Advanced Server running as a member server, please refer to 6.2.3, Restoring a Windows 2000 Professional or member server on page 94. Although both Windows 2000 Server and Advanced Server can run as a domain controller, for the sake of clarity, the generic term Windows 2000 server will be used to refer to both products. The systems hardware components have already been correctly installed and configured. This includes, but is not limited to: System has power to all components. Keyboard, mouse, and monitor are connected. Network controllers are installed and connected to the network. Cabling of disk controllers / array controllers is complete. Check that the hardware firmware is at the correct level (ideally this firmware should be at the same level as when the backup was taken).
The restore is done using Tivoli Storage Manager Backup Archive client, not using a scheduled job. Each step in the procedure should be executed successfully before continuing with the next. If you do experience any errors, investigate them before proceeding. Also, check Section 6.5, Troubleshooting on page 154. 6.2.4.4 Requirements This section details the pre-restore requirements. The Windows 2000 server installation media should be available. An account with local administrator privileges must be used for the entire restoration process. The Tivoli Storage Manager 4.1.2 client software should be available. Know the following about the Windows 2000 server being restored: Hard drive partitioning information. Original computer name used for the Windows 2000 system. Original TCP/IP address. Which Windows 2000 service packs were running on your system.
Know the host name and IP address of the Tivoli Storage Manager server that will be used for recovery.
105
The original computer account of the system being restored must still exist in the domain. Do not delete this account as it will complicate the recovery process. 6.2.4.5 Restore issues concerning DFS or junction points There are issues that need to be considered when restoring a Windows 2000 domain controller that has a Distributed File System or junction points installed. There is the potential to recover some data twice when restoring drives that have junction points defined. To avoid this, we recommend only restoring the junction point definitions. Please refer to 6.3.2.3, Complete system restores and DFS on page 145 for details on how to address this issue. 6.2.4.6 Recovery procedure Because the major differences between Windows 2000 Server and Advanced Server are related to scalability features (rather than differences in the operating system), the same recovery procedure can be used for either version. 1. Perform any vendor specific configuration on the system. For example, define disk arrays, RAID partitions, and so on. 2. Install either Windows 2000 Server or Advanced Server (the product must match the system being recovered). - Make the Windows 2000 boot partition the same size as the system being recovered. The partition should also be formatted using the same file system (FAT32 or NTFS). The partition should have the same drive letter. - Name the Windows 2000 operating system folder the same as the system being recovered (this will usually be WINNT). - Configure the server with the same computer name as the system being recovered. - Make sure you record the password used for the local administrators account. This is required later on in the procedure. - Set the time and date correctly. - It is only necessary to perform a minimal install of Windows 2000 with just the networking components required to get the system on the network. Ensure the network card is using the correct drivers and that its configuration parameters are set to optimal settings for restore purposes.
106
- There is no need to install additional services or applications that will not be used by the recovery process. For example, Terminal Server or Macintosh services. Installing such items will only increase the amount of time required to complete the operating system installation and may in fact add unnecessary complications to the restore process. To speed up the install time, you can deselect the components which are installed by default: Accessories, Internet Information Server, Indexing Service and Script Debugger. - Place the server into a temporary workgroup (use a workgroup name that does not exist). Do not make the server a domain member.
Note
Once Windows 2000 has finished installing and rebooted, do not convert the server into a domain controller. 3. Install any service packs, patches or drivers that were running on the original system that directly interact with components used by the restore process. For example, network card drivers, disk controller drivers, operating system patches.
Important
We have found that a critical step in the restoration process is to install to any Windows 2000 service packs that were originally running on the system. Do this before you start to restore using the Tivoli Storage Manager client. Failure to do this will probably compromise the success of the restore. 4. Configure the Windows 2000 server to be able to contact the Tivoli Storage Manager server. There may be a requirement to place entries in the TCP/IP hosts file or point the Windows 2000 server to a DNS server to achieve this. 5. Recreate the same number of disk partitions that were on the original system. Ensure the following partition properties match the original system: Partition type (primary or logical/extended) File system type (FAT32 or NTFS) Disk type (basic or dynamic) Drive letters (D:, E:, F: and so on)
107
Note
Although it is desirable to get the partition sizes to match the original system, this is not absolutely crucial. As long as there is sufficient space to restore all the data, it should not affect the success of the recovery. 6. Install the Tivoli Storage Manager client software. - For compatibility reasons, ensure the version of the Tivoli Storage Manager client used for the restore matches the one used for backup. - Install the Tivoli Storage Manager client into the same path and folder name folder as the original system. 7. Run the Tivoli Storage Manager client configuration wizard. - Only configure the Backup / Archive client. It is not necessary to configure the TSM Scheduler or Web client. - Ensure the Tivoli Storage Manager client node name is the same as it was on the original system. - Configure the client to point to the Tivoli Storage Manager server.
Note
Ensure the screen resolution is running at a minimum resolution of 800 x 600. If the screen is running at 640 x 480, some of the buttons in the Tivoli Storage Manager client are displayed off-screen. This issue is due to be fixed in a future release of the client 8. Before starting the restore, confirm the consistency of the System Object backup by running the command query systemobject from the Tivoli Storage Manager client command line. See 6.2.2.1, Checking the consistency of the System Object backup on page 93. 9. Start the Tivoli Storage Manager Back Archive client and select the Restore tab. 10.Restore the boot / system partition: a. Expand File Level and select the drive designated as the Windows 2000 boot / system partition (this is usually the C drive).
108
b. Select the Restore Options button (between the Estimate and Point in Time buttons) and set the collision options for files that already exist as shown in Figure 47.
Figure 47. Restore options
c. Commence the restore process. When prompted, select to restore files to their original location. d. The restore should run cleanly without errors. e. At the end of the restore, do not reboot. 11.Restore any other data onto other drives on the system (D:, E:, and so on) setting the restore options as shown in Figure 47. 12.Reboot the system.
Note
The event logs are not restored back into the operating system (that is, they do not become active). They are restored into the \adsm.sys\eventlog folder. To view the logs, you should point the event log viewer to the appropriate log file in this folder.
109
13.Confirm that the system restore has been successful. Suggested items to check are: - Confirm that the system is now running as a domain controller. From the desktop, select My Computer --> Properties --> Network Identification. - Check Windows 2000 event logs for errors. In particular, check for service and device driver failure. If the event logs were restored, check back to see if any errors that may be occurring are new or are just a legacy of the original system. - Check that all services show the correct status; that is, running, stopped, automatic, manual, and so forth. - Check that Active Directory has restored successfully. - Check that any print queues are present and functioning. - Check security on objects, for example, print queues and NTFS files and folders. - Check that the time zone and system time is correct. - Ask all users who use the system to check that their profiles have been restored. - Check that the Active Directory and related components (for example File Replication Service and System Volume), are functioning correctly. Please refer to the Section , Validating an Active Directory restore on page 127 for guidance on this.
Note
This list is not exhaustive and should not be taken as a definitive checklist. Administrators should thoroughly check the components (services, devices, and so on) of all applications running on the server.
14.If the system checks do not highlight any problems the restore can now be considered complete (see Figure 48).
Figure 48. Successful Windows 2000 recovery
110
6.3 Restoring Windows 2000 objects

This section discusses issues and processes involved with performing a restore of Windows 2000 objects. An object can be anything from a file, an item in the Active Directory database or the COM+ database. A restore is usually required due to the deletion or corruption of an individual object or a number of objects. Restore scenarios can range from recovering a single file to one involving more complex scenarios like restoring Active Directory objects, or even the actual Active Directory database itself. Some of objects can only be recovered on domain controllers (for example Active Directory or the System Volume) while others, such as the Registry, event logs or COM+ database, can to restored onto systems running any implementation of Windows 2000.
6.3.1 Restoring components from the TSM System Object

We already discussed that an isolated restore of a single System Object component should not be attempted because of the varied and complex dependencies that exist between the System Object components on a Windows 2000 system. This leaves you with no choice but to recover the entire System Object even if the focus of your restore is just a single component (for example, the COM+ database). The main focus of this section is to look at the components where you have a choice to do a bit more than just restoring the System Object. We will explain how to extract data from the following components of a restored System Object: Active Directory Registry Event logs 6.3.1.1 Issues and considerations This section discusses the issues and considerations that are common to the restoration of all System Object components. Restore location The Tivoli Storage Manager client does not support restoring System Object components (including Active Directory) to an alternative location (that is, another Windows 2000 system). In general, the concept of restoring the entire system to an alternate location is not supported by Microsoft. Taking this a degree further, it is not possible to redirect System Object components to a different location on the local system. For example, the
111
Active Directory will always be restored back into the \system32\Ntds folder. It is not possible to redirect the restore to an alternative folder. The only exception to this rule is the Windows 2000 event logs. These are not restored back into the \system32\config folder, but are placed in the \adsm.sys\eventlog folder. It is not possible to redirect the event logs to an alternative location on the server. For more information on Windows 2000 event log restores, please see 6.3.1.4, Event logs on page 129. Dependency issues In 6.2.2, The role of the System Object in the restore process on page 93, we already discussed the importance of restoring the entire System Object due to the dependency issues that exist between several of the Windows 2000 components. Adhering to this requirement will ensure that the component at the focus of the restore is kept in a consistent state. Checking the integrity of the System Object backup Before running any restore involving the System Object components, it is essential to verify the integrity of the backup. It should be confirmed that all of the System Object components were backed up as part of the same backup job. To do this, run the command query systemobject. You need to check that all the System Object components were backed up within a few seconds or minutes of each other (depending upon the size of the components).
tsm> query systemobject Size Backup Date -------------17,661 12/07/2000 10:55:37 135,258 12/07/2000 10:55:56 231,108,288 12/07/2000 10:55:29 18,093 12/07/2000 10:55:50 48,267,344 12/07/2000 10:55:54 10,006,668 12/07/2000 10:55:38 117,074 12/07/2000 10:55:38 tsm>.
A/I --A A A A A A A
OBJECT\GOLD\COMPDB OBJECT\GOLD\EVENTLOG OBJECT\GOLD\SYSFILES OBJECT\GOLD\SYSVOL OBJECT\GOLD\NTDS OBJECT\GOLD\REGISTRY OBJECT\GOLD\RSM
6.3.1.2 Active Directory restores There are two types of Active Directory restores: authoritative and non-authoritative. While the Tivoli Storage Manager client is only able to perform non-authoritative restores, authoritative restores can be accomplished in conjunction with Windows 2000 using Ntdsutil (the Active Directory diagnostic tool). This is installed by default on all Windows 2000 domain controllers.
112
Tombstone dates Before commencing a restore involving the Active Directory, the backup must be checked to verify that its age does not exceed the Active Directory tombstone lifetime. Do not attempt to restore the Active Directory from a backup that is older than the tombstone date. The default tombstone date is 60 days; however, do not assume this. Check what it has been set to before commencing a restore. Process summary Table 16 summarizes the process used for both authoritative and non-authoritative restores. This is for information purposes only. When conducting the actual restore, please refer to the relevant sections later in this chapter.
Table 16. Active Directory Restore Summary
Description
Required for Non-Auth. Restore? Y Y Y N Y N Y
Required for Auth. Restore? Y Y Y Y Y Y Y
1 2 3 4 5 6 7
Check integrity of System Object backup Restart domain controller in Direcotory Services Restore mode Restore entire System Object as single entity Use Ntdsutil to mark object(s) as authoritative Restart server back into normal mode Restore System Volume (SYSVOL authoritative restore) Check system
Non-authoritative restores A non-authoritative restore means that when the Active Directory is restored from backup, the restored data is then updated by way of normal replication. The process works as follows: 1. Active Directory is restored using the Tivoli Storage Manager client. This is performed with the domain controller off-line from its replication partners. 2. When the domain controller is brought back online, it talks to its replication partners and detects that the restored data has not been updated since the backup was performed. This triggers the restored Active Directory database to commence receiving and applying updates from its replication partners.
113
3. Once the updates are completed, the domain controllers database will be synchronized with its replication partners. Non-authoritative restores are only performed when the entire Active Directory component on a domain controller needs to be restored. This might be because the Active Directory on a domain controller is damaged, but the Windows 2000 operating system is still functioning. Alternatively, there may have been a domain controller failure and a non-authoritative restore is performed as part of the domain controller recovery process. Potential for data loss after a Non-authoritative restore It is worth noting that some data loss can occur after the Active Directory has been restored using a non-authoritative restore process. The likelihood of this occurring depends upon how often the domain controller replicates Active Directory data to its partners. Any new Active Directory transactions that occurred on the domain controller but were not replicated to its partners before the failure time will be lost. As an example, consider the following scenario: A domain controller called Saturn participates in a domain with 2 other replication partners. The WAN link between Saturn and its partners only allows replication to occur every 6 hours. Over the course of a day, the events listed in Table 17 occur.
Table 17. Example scenario
10:00 am 11:00 am 12:00 pm 2:30 pm 3:30 pm 4:00 pm 6:00 pm
Saturn is fully backed up. User account Joe is added to the Active Directory running on Saturn. Saturn replicates with its partners. User account Dave is added to the Active Directory running on Saturn. A hard drive failure on Saturn causes Saturn to crash. A decision is made to rebuild the system. Saturn is successfully restored from the backup taken at 10:00 am. Its Active Directory database is non-authoritatively restored. Saturn opens up a replication session with its partners. Active Directory on Saturn is sent changes that have occurred on the other domain controllers.
114
Because the Active Directory database on Saturn reflects its state at the time of backup (10:00 am), it will only receive updates that it sent in the 12:00 pm replication (user Joe) plus any that have occurred on the other domain controllers. User Dave will be lost because this account had not been replicated to the other domain controllers before the failure occurred. Non-authoritative restore process The following process should be followed for non-authoritative restores. 1. Before starting the restore, confirm the consistency of the System Object backup by running the command query systemobject from the Tivoli Storage Manager client command line. See 6.2.2.1, Checking the consistency of the System Object backup on page 93. 2. Restart the server into Directory Services Restore Mode: a. On boot, when the Starting Windows screen appears, press F8 Troubleshooting and Advanced Options when prompted. You only have a few seconds to select F8. b. Select Directory Services Restore Mode from the Windows 2000 Advanced Options list. c. When Windows 2000 starts, you should see Safe Mode on all four corners of the desktop. d. You must logon using the servers local administrator account. 3. Start the Tivoli Storage Manager Back Archive client and select the Restore tab. 4. Restore the entire System Object. a. Select the System Object for restore as shown in Figure 49 on page 116. Do not select individual objects for restore.
115
Figure 49. System Object Restore
b. Continue the restore process. You will be presented with three prompts. Enter the following responses: 1. When you are asked if you wish to the activate register keys after the restore, select Yes. 2. When you are asked to select a destination for the restored object, select to restore to the original location (selecting to restore to an alternative location will have no effect as System Objects cannot be redirected to another location). 3. Shortly after the restore starts you will be asked if you wish to force an overwrite on located files. Select Overwrite and check to apply this action to all files. c. The restore should run cleanly without errors. 5. Once the restore has completed, select to reboot the system. 6. Allow the system to boot back into normal mode (that is, not Directory Services Restore Mode). 7. Check that the Active Directory and related components (for example, File Replication Service and System Volume) are functioning correctly. For guidance, refer toValidating an Active Directory restore on page 127.
116
Authoritative restores
Caution!
The task of performing an authoritative restore is not one that should be taken lightly and should only be performed as a last resort. Because the effect of an authoritative restore is to update every domain controller with the restored object, extreme caution should be used when performing this task. It is recommended that you become comfortable with the Ntdsutil application in a test lab before using it in a production environment.
An authoritative restore must always occur after Active Directory has been restored non-authoritatively. An authoritative restore can be performed on an entire Active Directory database, a subtree or individual objects. When an object is marked as being authoritative, it is designated to take precedence over any other occurrences of that object on all domain controllers. The restored object is then replicated from the domain controller where the authoritative restore took place to all of its replication partners. The actual marking of objects as being authoritative is done using the Ntdsutil utility. This is a procedure common to all backup products (including NTbackup) and is not due to a limitation in the Tivoli Storage Manager client. The most common requirement for an authoritative restore is when objects are accidentally deleted from Active Directory. A more serious scenario (but thankfully less common) is if the Active Directory is corrupt on all domain controllers. In this situation, the entire Active Directory database is marked as authoritative and replicated to all partners. Again, it is worth re-emphasizing that an authoritative restore is not a trivial exercise and should only be performed as a last resort. If you wish to validate that the restored data is correct before allowing it to replicate, disconnect the domain controller from the network before it is rebooted. The domain controller can then be rebooted and contents of the Active Directory can be checked to ensure that the correct data has been restored. Once you are satisfied that the restore was successful, the domain controller can be reconnected to the network for replication to occur. If, on the other hand, the wrong data has been restored a potentially damaging situation can be averted.
117
For more information on Active Directory restore, please refer to the Microsoft Windows 2000 Server Distributed Systems Guide. How USN numbers affect the success of an authoritative restore Each domain controller maintains a counter called the Update Sequence Number (USN) which is incremented with every update transaction to Active Directory. Each Active Directory object and attribute stores a USN. The multiple master replication process compares the USNs on all domain controllers to determine the most recent copy of any Active Directory object. By comparing USNs, the multi-master replication can determine when an update has been made to an Active Directory object on any domain controller. This will trigger the updated object to be propagated to all other domain controllers. The process to authoritatively restore an active directory object (or the entire directory) increases the object s Update Sequence Number. This gives the restored object precedence over all the other instances which are stored on the Active Directory of replication partners. The object is then propagated using multi-master replication. For the authoritative restore to be successful, the Update Sequence Number of the restored object must be higher than the USN on the other domain controllers. By default, the authoritative restore process increases the USN by 100,000. In some situations this may not be enough, causing the authoritative restore to be ineffective. To overcome such situations the verinc parameter must be used when using the authoritative restore command. This allows the USN to be increased by a number higher than 100,000. It should be noted that it is extremely unlikely that you will ever be faced with this situation (given that the requirement to even have to run an authoritative restore should be very rare!). However, we have found that if an authoritative restore does not work, this may be the most likely cause.
Note
Before using the verinc parameter in an authoritative restore you should have a good understanding of how USNs and replication work. Please refer to the Windows 2000 Server Resource Kit Distributed Systems Guide for more information.
118
Situations where it may be necessary to override the version increase are: When an object is restored from the same backup more than once. This is best illustrated by considering the following situation: An user account object with a USN of 18000 is backed up. The user account is then updated (perhaps by a password change) and the USN goes to 18001. The user account needs to be authoritatively restored from backup. By default, the restore increases the user accounts USN by 100,000 to 118,001. This gives the user account a higher USN number than all other occurrences in the domain and it is propagated to other domain controllers. This authoritative restore has worked. The user account is accidently deleted and must be authoritatively restored again. At this point, the Active Directory on all domain controllers knows that the object had a USN of 118001 before it was deleted. The authoritative restore is re-run (remember, the USN number of the object on the backup will be 18,000). On completion, the user accounts USN is increased by 100,000 to 118,000. The other domain controllers know that the deleted user account had a USN of 118001; therefore, once replication kicks in the restored account will be deleted, meaning the authoritative restore has not worked. To overcome this, use the verinc parameter to take the USN number above 118,001; for example:
restore subtree cn=user1,dc=pacific,dc=com verinc 120,000.
When an object is restored from a very old backup. Updates to the object (since the backup was taken) have increased the objects USN number by more than 100,000. Recovery of the entire Active Directory database The restore of an entire Active Directory database should only be considered as a last resort. The implications of an authoritative restore can be severe, especially when a large amount of data needs to be relocated across a low capacity network. We advise extreme caution before proceeding with this process. The last part of this process is to restore the Sysvol folder. This additional step is required to keep the System Volume consistent with the Active Directory database.
119
Process to restore the entire active directory database 1. Before starting the restore, confirm the consistency of the System Object backup by running the command query systemobject from the Tivoli Storage Manager client command line. See 6.2.2.1, Checking the consistency of the System Object backup on page 93. 2. Perform a non-authoritative restore as described in the section titled, Non-authoritative restores on page 113. Perform the steps as described, except do not select to reboot after the System Object has been restored. 3. From the Windows 2000 command prompt typing the command ntdsutil. This will start the Active Directory Diagnostic Tool. 4. Enter the command authoritative restore. 5. Enter the command restore database. This will authoritatively restore the entire active directory. See Figure 50 for an example of the sequence events that should occur when the restore is running.
.
This is screen.ntdsutil: authoritative restore authoritative restore: restore database Opening DIT database... Done. The current time is 12-13-00 15:51.37. Most recent database update occured at 12-13-00 13:50.18. Increasing attribute version numbers by 100000. Counting records that need updating... Records found: 0000001570 Done.
Found 1570 records to update. Updating records... Records remaining: 0000000000 Done.
Successfully updated 1570 records. Authoritative Restore completed successfully. authoritative restore:
Figure 50. Example of authoritative restore command
6. Once the restore has completed, type quit twice to exit the Ntdsutil and restart the server in normal mode. 7. Log on locally at the server once it has restarted.
120
8. Restore the Sysvol folder. Because certain Active Directory objects (for example, OUs, domains and site objects) may have group policies associated with them, and these group policies are stored in the System Volume folder, it is also necessary to restore the Sysvol folder. This will ensure that the Active Directory and System Volume are kept consistent. Perform the following steps to restore the Sysvol folder: a. Wait for the System Volume (Sysvol) to be published. Check to see that a directory structure exists under the Sysvol folder. If a structure exists, this indicates that the Sysvol has been published. You can check the Sysvol structure on a replication partner as it will provide a good indication of what to look for (it will be similar but not identical, to that shown in Figure 55 on page 125). It can take several minutes before the Sysvol is published. a. Use the Tivoli Storage Manager to restore the System Volume component from the System Object (see Figure 51). This is one of the few occasions where it is safe to perform an isolated restore of a System Object component.
Figure 51. Restore System Volume
4. Once the System Volume has been restored, check that the contents of the sysvol\<domain> folder contains a scripts and policies folder as shown in Figure 52.
121
Figure 52. Example of a Complete Sysvol Directory Structure
9. The authoritative restore process is now complete. 10.Check that the restore has been successful by referring to, Validating an Active Directory restore on page 127. Restoring a specific active directory object An individual Active Directory object can be anything from a user account or security group to an organizational unity (OU). A restore can be performed on any object in the directory. All that the user needs to know is the relative distinguished name for the object, plus the names of container objects and domains that contain the object. The distinguished name of an object identifies its location in a directory tree. Every object in Active Directory has a distinguished name. For example, the user Darwin shown in the directory tree in Figure 53 has a distinguished name of cn=darwin,ou=nt,ou=australia,dc=pacific,dc=com. This identifies the user object Darwin as being in the organizational units Australia, and NT in the domain pacific.com. It is strongly recommended that anyone performing authoritative restores of Active Directory objects become familiar with the distinguished names syntax. More information on this subject can be found in the online help for Windows 2000 server or in the Windows 2000 Server Resource kit.
122
Figure 53. Example of Active Directory Tree
The restore of an individual Active Directory object is performed by restoring the Active Directory from backup, then using Ntdsutil to mark the object as authoritative. Once the domain controller comes back online, the marked object takes precedence over all other occurrences of the object that may exist in the domain. The normal replication process will replicate the restored object from the domain controller to its replication partners. The last part of the process is to restore a portion of the Sysvol folder. This additional step is required to keep the System Volume consistent with the Active Directory database. Process to restore an Active Directory object 1. Before starting the restore, confirm the consistency of the System Object backup by running the command query systemobject from the Tivoli Storage Manager client command line. See 6.2.2.1, Checking the consistency of the System Object backup on page 93. 2. Perform a non-authoritative restore as described in the section titled, Non-authoritative restores on page 113. Perform the steps as described, except do not select to reboot after the System Object has been restored. 3. From the Windows 2000 command prompt, type the command ntdsutil. This will start the Active Directory Diagnostic Tool. 4. Enter the command authoritative restore.
123
5. Enter the command restore subtree <distinguished name>. This will perform an authoritative restore of the object. For example, restore subtree cn=darwin,ou=nt,ou=australia,dc=pacific,dc=com. See Figure 54 for an example of the sequence events that should occur when the restore is running.
:\Documents and Settings\Administrator.GOLD>ntdsutil ntdsutil: authoritative restore authoritative restore: restore subtree cn=darwin,ou=nt,ou=australia,dc=pacific,dc=com Opening DIT database... Done. The current time is 12-13-00 14:47.02. Most recent database update occured at 12-13-00 13:50.18. Increasing attribute version numbers by 100000. Counting records that need updating... Records found: 0000000001 Done.
Found 1 records to update. Updating records... Records remaining: 0000000000 Done.
Successfully updated 1 records. Authoritative Restore completed successfully. authoritative restore:
Figure 54. Example of authoritative restore command
6. Once the restore has completed, type quit twice to exit Ntdsutil. Do not restart the system. 7. Locate the Sysvol folder as shown in Figure 55. Copy the entire Sysvol folder to a temporary location on the server. If you do not know how to locate the Sysvol folder, enter the command net share from the Windows 2000 command prompt. By default, the Sysvol folder is located in the path c:\winnt\sysvol\sysvol.
124
Figure 55. System Volume (sysvol) Folder
8. Restart the server in normal mode. 9. Log on locally at the server once it has restarted. 10.You must now restore the Sysvol policy folders. This must be done to maintain consistency between any policy objects that have been restored into Active Directory and the Sysvol folder. To do this, perform the following steps: a. Wait for the System Volume (Sysvol) to be published. Check to see that a directory structure exists under the Sysvol folder. If a structure exists, this indicates that the Sysvol has been published. It may take several minutes before the Sysvol is published. You can check the Sysvol structure on a replication partner as it will provide a good indication of what to look for (it will be similar to that shown in Figure 55). b. Locate the Sysvol folder that was copied to a temporary location prior to rebooting the server. c. After the SYSVOL share is published, copy only policy folders (identified by the GUID) corresponding to the restored policy objects from the temporary location over the existing ones. Before you can copy the policy folder, you need to identify the GUID associated with the policy object that has been restored. This will then enable you to identify the policy folder that must be copied. The following steps detail how to do this (based on Microsoft Technet article Q216359): 1. Open Active Directory Users and Computers administrative tools. Click Properties on the context menu of a domain, site, or organizational unit object in the Active Directory.
125
2. Click Group Policy tab --> GPO --> Properties. The Unique Name field contains the GUID of the selected GPO as shown in Figure 56. Note the GUID; you will need to refer to this later.
Figure 56. Group policy object GUID
3. On a domain controller (in the domain where the restore is being performed), determine the domain drive which hosts the system volume (SYSVOL). You can use the net share command to show the path where the SYSVOL share resides. 4. Using Windows Explorer, open the Sysvol folder. 5. The following folders exist: Domain, Staging, Staging Areas, and Sysvol. Change to the Sysvol folder. 6. A folder with the name of the domain that the local domain controller is a member of should exist (in Figure 57, this is pacifc.com). Change to the following folder path as shown in Figure 57: Sysvol\sysvol\<domain name>\Polices
126
Figure 57. System Volume Policy Folder s Identified by GUID
7. Using the GUID you recorded in step 2, you should now be able to identify the policy folder that must be copied from the temporary location over the existing one. d. If you have not already done so, copy the policy folder from the temporary location over the existing one. e. The SYSVOL copy is now complete. 11.The Active Directory object restore has now been completed. 12.Check that the restore has been successful by referring to , Validating an Active Directory restore on page 127. Validating an Active Directory restore This section outlines some of the checks that can be performed to validate that Active Directory has been restored successfully using both authoritative and non-authoritative restore methods. These checks should be performed both when restoring a domain controller or if just the Active Directory database has been restored.
Note
For details on performing an advanced verification of Active Directory restores, we encourage you to refer to Chapter 9 in the Microsoft Windows 2000 Server Distributed Systems Guide. This details checks for both authoritative and non-authoriative restores. The Distributed Systems Guide is part of the Windows 2000 Server Resource Kit. ISBN: 1-57231-805-8.
127
- View Active Directory objects by way of Active Directory Users and Computers. Review the Active Directory content for accuracy. - Use the Active Directory Replication Monitor (installed with the Windows 2000 support tools). Replication may take quite a while depending upon domain topology and speed of network links. With default settings, we found that waiting for replication to occur between partners on a LAN took up to 1.5 hours. If you wish to force a synchronization between replication partners, you can use the Replication Monitor utility to do this. - Check the Directory Service log in Event Viewer. You should see messages indicating: The Directory Services (Active Directory) database has been restored from backup. The Directory Services database is receiving updates. USNs are being updated to reflect the status of the restored domain controller status. - You should also check that the File Replication Service is functioning correctly, as this is the mechanism that Active Directory uses for replication. 6.3.1.3 Registry Windows 2000 only allows the entire Registry to be backed up or restored. It should not be processed in isolation from the other System Object components. Tivoli Storage Manager handles the processing of the Registry by using the ADSM.SYS staging area. Figure 58 shows the directory structure that is created in the staging area. If you traverse right down the Registry tree you will eventually reach he Registry hive file. The file for the Registry hive HKEY_local_machine\system is shown in Figure 58.
128
Figure 58. Registry staging area
The restore process works as follows: 1. During the restore process, the Tivoli Storage Manager client places restored Registry hive files in the \adsm.sys\w2kreg folder. 2. If you choose to activate the keys, the Tivoli Storage Manager client backs up the current Registry to the \adms.sys\w2kreg.sav folder. This gives you a good backout option if the Registry being restored causes problems. 3. The Registry hives in \adsm.sys\w2kreg are placed into the live Registry for activation after the system is restarted. If you want to restore the Registry but not activate it, you are quite safe to restore the Registry component from the System Object in isolation (you do not need to restore the whole System Object). This will place the Registry hive files in \adsm.sys\w2kreg. From here you can access individual hives using a tool such as RegRest. The Registry hive files are dumped into \adsm.sys\w2kreg and \adms.sys\w2k.sav in a format that is compatible with the Microsoft Registry backup tool: Regback. This means that individual registry hives can be recovered from either area using any tool that is compatible with the Regback format. RegRest from the Windows 2000 resource kit is an example of such a tool. 6.3.1.4 Event logs The Windows 2000 event logs can be safely restored as a single component without any dependencies on other System Object components.
129
The Tivoli Storage Manager client always restores the event logs into the staging area folder adsm.sys\EventLog. Event logs are not restored back into the original location of \%systemroot\system32\config. For more information about how the staging area is used in backup, see 5.6.1, \ADSM.SYS contents on page 80. To perform a restore, either use the Tivoli Storage Manager Backup Archive and select the Event log component from the System Object (see Figure 59), or run the backup client command restore eventlog.
Figure 59. Event Log Restore
To view a restored Event log file, point the Windows 2000 Event Viewer at the adsm.sys\EventLog folder and choose the appropriate file. Windows 2000 imposes different behavior on the Tivoli Storage Manager client, affecting the way the Event logs are stored. It is not possible to select individual logs for restore. All logs are restored when the event log component is selected for restore. The restore location cannot be altered - logs will always be directed to the adsm.sys\EventLog. From here they can be moved to another folder using standard Windows 2000 file management tools.
130
6.3.2 Distributed File System (DFS)

Windows 2000 DFS comes in two configurations: Domain-based Stand-alone Domain-based DFS stores its configuration information in the Active Directory, so this information is available on multiple domain controller in the domain. This configuration provides high availability because a DFS root has the following features: It must be installed on a Windows 2000 domain controller. It has its topology published automatically to Active Directory and accessible through UNC paths. It can have root-level shared folders. It supports root and file replication through the file replication service (FRS). It needs NTFS 5 partition (because it is based in junction points). Stand-alone DFS stores its configuration in the Registry of the local computer. It is intended to provide backward compatibility with previous versions of DFS. This configuration has the following features: It does not use Active Directory or FRS. It cannot have replicas at the root level. It needs NTFS 5 partition (because it is based in junction points). New configurations generally use the domain-based DFS, but in this section we cover both kinds of restores. 6.3.2.1 Restoring DFS on Windows 2000 Servers In this section we discuss restoring DFS onto a Windows 2000 Server or Advanced Server running as a member server. Comments Depending on the selected value for the DFSBACKUPMNTPNT option when you backed up your DFS structure, you will be able to restore the DFS structure junction points information and/or the data at which they point to. But, you should consider the following points: 1. If you backed up with the DFSBACKUPMNTPNT option established to YES you will be able to restore: a. Definitions for DFS junction points or Root.
131
b. Files and directories pointed by the junction points, but not the Root directory and neither the junction points itself (for Tivoli Storage Manager, these are drives). 2. If you backed up with the DFSBACKUPMNTPNT option set to NO, you will be able to restore: a. Directories for DFS junction points, subdirectories and files for the Root directory and DFS junction points 3. With both backup options you will get the following DFS filespace names at the moment to restore: + \\machine\root + \\machine\root\link1 + \\machine\root\link2
Inside the + \\machine\root you will find Link1 and Link2. The functionality of all this filespace structure could be explained better looking at Table 18.
Table 18. What is restored for each DFSBACKUPMNTPNT option
+ Filespace
- Filespace (inside level)
DFSBACKUPMN TPNT YES (DEFAULT) DFS Root definition
DFSBACKUPMN TPNT NO DFS Root directory Junction point directory Junction point directory Files inside the directory pointed by link1 Files inside the dir1 Files inside the dir2 Files inside the directory pointed by link1 Files inside the dir3 Files inside the dir4
\\machine\root + link1 + link2 \\machine\root\link 1 + dir1 + dir2 \\machine\root\link 2 +dir3 +dir4
Junction point definition Junction point definition Files inside the directory pointed by link1 Files inside the dir1 Files inside the dir2 Files inside the directory pointed by link1 Files inside the dir3 Files inside the dir4
132
4. As you can see, none of the backup options enable DFS bare metal restores for just backing up and restoring the DFS structure. For that reason, we provided the backup strategies described previously. 5. It is recommended that you have your DFS structure previously noted, because at the moment of restore, the DFS structure is included inside the file level branch, which means that there is no special structure called DFS anymore. 6. You need only be Local Backup Operator to perform a DFS restore; however, be sure that you belong to the Local Backup Operator Group of each involved system, if you are restoring data to remote machines. 7. The DFS restore is only available through the Web or the Graphical User Interface. 8. It is recommended to use the following procedures to restore the suggested schema in the DFS backup section to provide complete DFS restores. 9. The restoration on a stand-alone server is always authoritative because the File Replication service is not used and it is assumed that there are no other copies of the restored files on other servers. As a result, the replica being restored replicates its data to other members of the replica set. Procedure to restore DFS definitions Previous to this we assume that: You backed up your DFS Root or junction points using the DFSBACKUPMNTPNT YES option. You could check your options file to be sure. 1. Log on the system using a Local Backup Operator or Local Administrator Account. 2. Start the Restore User Interface using Start --> Program --> Tivoli Storage Manager -->Backup Archive GUI --> Restore, or just double-click the TSM Backup Archive shortcut --> Restore.
Note:
If you prefer, use the Web client with your internet browser and type:
http://localhostname:1581
133
3. Choose the desired link by clicking + Machine name --> + File level. You should see all filespaces and network drives backed up under your machine, as shown in Figure 60. Check your DFS diagram to search the name of the DFS Root and click + DFS Root name.
Note:
In Tivoli Storage Manager Client, the DFS Root and the junction points are seen as network drives at the moment of restore.
Figure 60. File level restore tree
134
4. Check your DFS diagram again and click the appropriate checkbox, then finally click the Restore button. Before you click the Restore button, you should see a screen similar to Figure 61.
Figure 61. DFS Link selection
135
5. Immediately after clicking the Restore button, a dialog box appears to give you an option to restore the junction or Root information in its original target directory or in another. The most common case is to restore in the original target, because it is assumed that you are restoring a lost definition. You should see a screen similar to Figure 62.
Figure 62. Dialog box to specify objects destination
6. After clicking the Restore button with the Original location option selected, the Tivoli Storage Manager Client tries to restore two types of information: a. The junction point or Root definition b. The files and subdirectories pointed by the junction point or inside the Root If the junction point or Root definition already exists, its not restored. So if for some reason you want to restore it, you must first delete it in the Windows DFS utility. If the files pointed at by the junction point already exist, you are prompted to overwrite them, as shown in Figure 63.
136
Figure 63. File replace dialog box
7. When you have made your selections and the junction points and the root definitions, subdirectories, and/or files are restored, you will obtain a status box similar to the one shown in Figure 64.
Figure 64. Status report post restoration
137
8. Now in order to verify your restore, we recommend to start the Windows DFS utility program Start --> Administrative tools --> Distributed file system. After that, select the restored junction point or Root, and from the menu, select Action --> Show status. Yo should see a check mark indicating a successful restore. Comments: When trying to restore the DFS Root definition, all DFS junction points are selected and there is no way to restore the Root without all of them. However, you can restore separate junction points without restoring the Root. Previous to the restore of any DFS junction point or Root definition, the shared directory pointed or target must exist. You will not be able to restore DFS junction points if the Root does not exist. Typical error messages or situations are listed below:
Figure 65. Not available share
The error in Figure 65 means that the DFS junction point definition that you tried to restore point to a directory not shared or not available anymore. 9. Situation: The junction point definition was restored as a normal directory This means that your DFS Root definition does not exist.
Figure 66. Not able to restore
138
This error could means many things but it is usually showed when the DFS Root directory share is not present or there is already a normal subdirectory called with the same name as the junction point you are trying to restore. Procedure to restore files in DFS structures Previous to this we assume that: You backed up your DFS root or branch using the DFSBACKUPMNTPNT YES option, you could check your options file to be sure 1. Log on the system using a Local Backup Operator or Local Administrator Account 2. Start the Restore User Interface using Start --> Program --> Tivoli Storage Manager -->Backup Archive GUI --> Restore, or just double-click TSM Backup Archive shortcut --> Restore.
Note
3. Choose the desired link by clicking + Machine name --> + File level. You should see all file spaces and network drives backed up under your machine as shown in Figure 67. Check your DFS diagram to search the name of the DFS Junction point or Root and click the + DFS Desired_name branch or just on the Checkbox if you want to restore the entire content.
Notes
In Tivoli Storage Manager Client DFS junction points and Root are seen as network drives at the moment to restore. If you are trying to restore files or subdirectories inside the Root please do not confuse the junction points with the real data directories, they seem very similar you should check your DFS drawing again. If you are trying to restore files or subdirectories inside any other Link, we recommend to do it from its separated network drive and not from the Root netword drive to avoid accidental junction points restauration.
139
Figure 67. Selecting data to restore
4. Once made your file and directory selections click the Restore button, a dialog box appear to give you option to restore data in its original target directory or in another. You should see a screen similar to Figure 62 on page 136. 5. If the files pointed by the junction point or inside the Root already exist, you are prompted to overwrite them as the Figure 63 shows. 6. Made your selections and your subdirectories and/or files restored you obtain a dialog box similar to the one shown in Figure 64 7. If your backup was scheduled and you keep the log file check it out to verify your restore. Additionally or if you do not have the log file check the files with your users. Comments: To restore data pointed by the junction points or inside the Root, these last must exist previously To restore data inside a Directory pointed by a Junction, the shared directory must exist first Typical error messages or situations are listed below: 1. Situation: No objects being restored This frequently happens when you are trying to make a complete restore of data inside a target Directory and this does not exist.
140
Figure 68. Nonexistent target directory
This message is frequently related with the absence of the target Directory pointed by the Junction Point and the intention to restore partial data inside it. Procedure to restore files and directories in DFS structures Previous to this we assume that: You backed up your DFS root or branch using the DFSBACKUPMNTPNT NO option, you could check your options file to be sure 1. Log on the system using a Local Backup Operator or Local Administrator Account 2. Start the Restore User Interface using Start --> Program --> Tivoli Storage Manager -->Backup Archive GUI --> Restore or just double-click the TSM Backup Archive shortcut --> Restore.
Note:
3. Choose the desired link clicking on + Machine name --> + File level. You should see all file spaces and network drives backed up under your machine as shown in Figure 60 on page 134. Check your DFS diagram to search the name of the DFS Root or junction point directory desired. If you want to restore DFS junction point Directories you must search the junction under the DFS Root network drive
Note:
In Tivoli Storage Manager Client DFS directories are seen as network drives at the moment of restore.
141
4. Once on the desired directory, click the checkboxes of your selected files and directories, finally click the Restore button. Prior to clicking the Restore button, your screen should seem similar to the Figure 69 if you are restoring junction points directories or like Figure 70 if you are just interested in restore files inside the directories.
Figure 69. Restoring links directories
Figure 70. Restoring files from links
5. Immediately after clicking the Restore button, a dialog box appear to give you option to restore the files and/or directories in its original target directory or in another as is shown in Figure 62 on page 136.
142
6. If you click the Restore button with the Original location option selected, Tivoli Storage Manager Client could do two things: a. If the junction point definition is established, then you will restore files and subdirectories inside the Root directory and/or inside the directories by the junction points b. If the junction point definition does not exist, the files and subdirectories previously pointed by the junction point and the junction point directory itself are restored inside the Root directory If you selected the Following Location option, the files and subdirectories previously pointed by the junction point, inside the Root and the junction point directory itself are restored inside the new target directory. If the files being restored already exist, you are prompted to overwrite them as the Figure 63 on page 137 shows. 7. Made your selections, your junctions points directories, subdirectories and/or files restored you obtain a dialog box similar to the one shown in Figure 64 8. If your backup was scheduled and you keep the log file check it out to verify your restore. Additionally or if you do not have the log file check the files with your users. Comments: Previous to restore any file or subdirectory pointed by any DFS junction point or inside the Root, they must be properly defined and the shared directory target available. You can not be able to restore DFS junction points directories in its original location if the DFS root does not exist. Remember that using this procedure you can restore any file or directory (excepting the through pointed by any junction point or inside the Root directory, but you can not restore DFS definitions. Typical error messages or situations are listed below:
Figure 71. Nonexistent pointed directory
143
The error in Figure 71 means that the files or subdirectories that you tried to restore were in a pointed directory not available or not shared anymore. 9. Situation: The files or directories pointed by a junction point definition were restored inside the root Directory This means that your DFS definition no longer exists. 6.3.2.2 Restoring DFS on Windows 2000 domain controllers Comments 1. To restore a DFS configuration in a Domain environment you can perform the same procedures described before on Section 6.3.2.1, Restoring DFS on Windows 2000 Servers on page 131, but first be sure to disable the Replication Policy settings from any of the healthy Domain controllers 2. If you lost the list of systems involved in the Replica, please check your System Information sheet described on Chapter 11, System Information sheet on page 40. Still when the File Replication Server could keep this record till, it is possible to be necessary to check and/or redefine. 3. In this case we could restore Replication information in two ways: - Using an Authoritative restore to mirror exactly the contents in the tape backup (Junction Point definitions) to each Domain controller involved in the replica - Using a non Authoritative restore to restore one or more of the not actually available junction points Procedure to perform an authoritative restore of a DFS replica Previous to this we assume that: You restored your local DFS structure using the procedure described before You disabled the Replication Policy configuration from any involved domain controller and you continue using this healthy system 1. Remove the failed member from the Replica set using the Windows 2000 DFS utility (check your Windows 2000 help if necessary) 2. Disable the replication in the host server (primary) 3. Add the member back as a new replica. Specify it as the Initial master 4. Check your configuration turning off your actual Domain controller and accessing the defined shares provided by the restored DFS server Procedure to perform a non-authoritative restore of a DFS replica Previous to this we assume that:
144
You restored your local DFS structure using the procedure described before You disabled the Replication Policy configuration from any involved domain controller and you continue using this healthy system 1. Remove the failed member from the Replica set using the Windows 2000 DFS utility (check your Windows 2000 help if necessary) 2. Disable the replication in the host server (primary) 3. Add the member back as a new replica. Do not specify it as the initial master 4. Check your configuration turning off your actual Domain controller and accessing the defined shares provided by the restored DFS server 6.3.2.3 Complete system restores and DFS If you are restoring a complete drive where the DFS structure was stored (definitions), this DFS structure is restored such as if you had selected the special DFS filespace name and the same rules apply (see , Comments on page 144 about DFSBACKUPMNTPNT option). So in this case its unnecessary that you specify to restore the DFS structure using its special filespace name. If you are restoring a complete drive where the DFS structure was stored, Tivoli Storage Manager client will just restore the definitions (Root and Links), if you want to restore the data pointed it is necessary to restore the special filespace defined for this after restoring the definitions. These special filespaces can be restored just if you backed up the DFS structure purposely. You can identify all junction points and root definitions easily because they do not have the dollar sign ($) in front of them. For example:
\\machine\c$ (C:)
We can know that this is a normal drive filespace name.

\\machine\root
This is a root or maybe a junction point definition Anyway it is recommended to have the Chapter 11, System Information sheet on page 40 to check the correct names. Our recommendation is just to restore the real drives where DFS definitions are stored (those with $). If your definitions point to drives being restored and you ask to restore the junction points filespaces you would restore the same data two times. If your definitions point to drives in other machines you need to consider remote permissions and you would be in a
145
not common situation, because each machine should backup and restore its own files.
6.3.3 Disk quotas

Microsoft disk quotas is a NTFS 5 feature and do not affect the amount of data you can back up with Tivoli Storage Manager Client. The following two scenarios apply if more data is restored from Tivoli Storage Manager than the Microsoft disk quota allows: If the user performing the restore also has a disk quota (for example, belongs to the Backup Operator Group), Tivoli Storage Manager will not restore any data that exceeds the restore user's disk quota and will display a "Disk Full" message. If the user performing the restore does not have a disk quota (for example, belongs to the Administrator Group), Tivoli Storage Manager will restore all data and transfer ownership of those files which exceed the original owner's disk quota to the user performing the restore (in this case, the Administrator). The information about disk quotas is stored in the local user profiles, but if you have never logged on locally, that information is stored in the File System and there is no a single object to backup to keep the Disk Quota information, so our recommendation is to Export the Disk Quota to a single file and backup this file each time you have change in that information, when necessary restore to Import that file, you could backup just one file containing all user information or many files for selected users. To do this, right-click the Disk --> Properties --> Quota --> Quota entries and select the users, after that select Import or Export from the Action menu and perform the required task.
6.3.4 Sparse files

Tivoli Storage Manager client will back up a sparse file as a regular file if the compression setting is Off (in the options file). It is recommended to turn this setting On when backing sparse files to minimize the network transaction and maximize the server storage space. When you restore sparse files to a non-NTFS 5 file system, it is recommended to set the Tivoli Storage Manager Server communication time out value (idletimeout) to the maximum value of 255 to avoid client session timeout. The Figure 72 shows how to do it using the Web Server interface.
146
Figure 72. Changing the IDLETIMEOUT parameter
6.3.5 Junction points

These Windows 2000 objects is seen by Tivoli Storage Manager Client as a separate filespace (the only exception is DFS Junction points see 6.3.2, Distributed File System (DFS) on page 131). You can backup/restore files and directories using your normal procedures. But at the moment to restore take in count the following: Using the directly the Drive branch defined by the Junction point: If the junction point already exists the data is restored normally to the pointed drive or directory If the junction point does not exist then the data is restored to the parent root filespace name, for example:
\\machine_name\c$
is parent of
\\machine_name\c$\Mount volume Public
147
Tivoli Storage Manager restore the junction point definition, ONLY if you backed the Junction point from its parent. Special comments to complete system restores To avoid undesirable data collocation, always restore the drive where Junction points are defined first and after the drive branch itself if it applies Remember that Junction points just point to data already stored in normal Volumes or Directories that could have been already restored, so many times it is just necessary to restore the Junction definition and not the data pointed by again You can identify junction points and real drive filespace names because these last have the dollar sign ($) in front of them. For example
\\machine\c$ (C:)
We can know that this is a normal drive filespace name.

\\machine\junction
This is a DFS root or maybe a junction point definition Anyway it is recommended to have the Chapter 11, System Information sheet on page 40 to check the correct names. Our recommendation is just to restore the real drives where junction definitions are stored (those with $). If your definitions point to drives being restored and you ask to restore the junction points filespaces you would restore the same data two times. If your definitions point to drives in other machines you need to consider remote permissions and you would be in a not common situation, because each machine should backup and restore its own files.
6.3.6 Removable Storage Management (RSM)

RSM is a standard service for Windows 2000 Servers (not available for Windows 2000 Pro) and it needs a NTFS 5 to store its information. The restore process of the RSM database is a two-stage process. Tivoli Storage Manager restores the files comprising the database (ntmsdata and ntmsreg) to the %windir%\system32\ntmsdata\export directory and tells an API function that there is a database to import to the %windir%\system32\ntmsdata. The restore could be performed using Graphical or Web User Interface as the next procedure outline:
148
Procedure to restore the RSM database 1. Log on the system using a Local Backup Operator or Local Administrator Account 2. Start the Restore User Interface using Start --> Program --> Tivoli Storage Manager -->Backup Archive GUI --> Restore or just double-click the TSM Backup Archive shortcut --> Restore.
Note:
If you prefer, use the Web Client with your Internet browser and typing:
3. Choose the RSM object clicking on + Machine name --> + System object --> RSM. You should see a screen similar to Figure 73. Click the Restore button.
Figure 73. Selecting the RSM database
4. Once you have restored the RSM database, Tivoli Storage Manager shows you a message to restart the system now or afterwards, as shown in Figure 74. Click the button you prefer.
149
Figure 74. Reboot option after RSM restore
5. In order to verify your restore, check the RSM configuration after Reboot clicking on Start --> Programs --> Administrative tools --> Computer Management --> + Removable Storage You should get back: The configuration and state of the library, drive, and media Media pool configuration and contents Library work list Operator requests
6.3.7 Other Windows 2000 databases

There are several Windows 2000 applications, such as WINS and DHCP, which store information in a database format. The backup and recovery of these databases has not been tested or documented in this redbook. Many applications originated on Windows NT and have not significantly changed on Windows 2000. Therefore the requirements to backup and restore these are still the same. For example, WINS and DHCP need to be stopped before the database files can be directly backed up to Tivoli Storage Manager. WINS and DHCP also have built-in functionality which gives the option of backing up the databases to a folder on the server. For DHCP the database automatically generates a backup every 60minutes in the %Systemroo%\System32\dhcp\backup directory. Thus its ok to exclude the open database from backup and just backup the automatically generated backup copy. We recommend that you explore each of this applications and implement the best solution for your environment
6.4 Restoring user profiles

Everyone who logs on locally, creates a user profile that includes all user specific settings such as program items, colors, network and printer
150
connections, mouse settings, windows size and positions which are stored in the folder called My documents and settings\%username%.
Note
Tivoli Storage Manager will not backup by default any user profile when the user is logged on. This is because the user profile information (registry hive HKEY_CURRENT_USER) is stored in the ntuser.* files and these are in use while the user is logged. User profiles are backed up normally as part of the boot / system partition backup (generally C:\). But be sure to backup this specially when you are not doing an entire backup of the C drive. To restore one or more user profiles (many could be restored at once), follow the steps below: 1. Log on the system using a Local Backup Operator or Local Administrator Account 2. Start the Restore User Interface using Start --> Program --> Tivoli Storage Manager -->Backup Archive GUI --> Restore or just double click the TSM Backup Archive shortcut --> Restore.
Note
3. Choose the proper profile clicking on + Machine name --> + File level --> + \\Machine name\c$ --> + Documents and settings. And select the desired user name. You should see a screen similar to Figure 75. Click the Restore button.
151
Figure 75. Restoring a user profile
Note:
Still when it is possible to restore individual folders inside the profile folder, we recommend to restore the entire directory to keep consistency with the ntuser.* files. These last always should be restored. 4. After you click the Restore button, a window similar to Figure 62 shows you the option to restore in another location. The user profiles must be restored in their original location if you want Windows 2000 recognize them. 5. If there is already a profile of files with the same names to which are being restored, you should see the Figure 76. Select Apply action to all remaining files and click the Restore button.
152
Figure 76. File replace dialog box for user profiles
6. If the profile you are restoring it is currently in use, you should see the Figure 77. Select again. Apply this action to all remaining files and click the Replace at Reboot button.
Figure 77. File replace on reboot for user profiles
153
7. Finally, you should see the panel in Figure 78. Select the most convenient option.
Figure 78. Reboot message to apply changes
8. Check the your restored user profiles with their users.
6.5 Troubleshooting
In this section, we provide tips on troubleshooting.
6.5.1 Restoring Windows 2000 Professional or member server

The most likely source of problems when recovering a Windows 2000 Professional or member server is the restoration of the System Object. Restoring System Object components is not supported by Microsoft - the following info is for use in troubleshooting only. Check that the entire System Object was selected for restore. If you find that System Object is failing at a particular point, it may help to restore the individual components of the System Object in the order shown below. This may identify the point of failure. Although we have found this sequence to work successfully, it should be noted that restoring a Windows 2000 system in this manner is not supported by Microsoft. a. Perform a file system restore of the system / boot partition (usually C: drive) b. From the System Object, restore the System Files component. Do not reboot on completion c. From the System Object, restore the registry. Select to activate keys after restore. Do not reboot on completion d. From the System Object, restore COM+ database. Do not reboot on completion e. From the System Object, restore RSM database. f. Reboot system into normal mode - restore should be complete
154
Note
Once the problem has been identified and resolved, the system should be restored using the method described in 6.2.3, Restoring a Windows 2000 Professional or member server on page 94.
6.5.2 Restoring a Domain Controller (non-authoritatively)

The most likely source of problems when recovering a domain controller is the restoration of the System Object: Confirm that you were running in Directory Services Restore mode when the System Object restore was run. Also check that the entire System Object was selected for restore. If you find that System Object is failing at a particular point, it may help to restore the individual components of the System Object in the order shown in below. This may identify the point of failure. Although we have found this sequence to work successfully, it should be noted that restoring a Windows 2000 system in this manner is not supported by Microsoft. a. Perform a file system restore of the system / boot partition (usually C: drive) b. From the System Object, restore the System Files component. Do not reboot on completion c. From the System Object, restore Registry. Select to activate keys after restore. Reboot on completion d. Reboot into Directory Service Restore mode. e. From the System Object, restore Active Directory. Do not reboot on completion f. From the System Object, restore System Volume. Do not reboot on completion g. From the System Object, restore COM+ database. Do not reboot on completion h. From the System Object, restore RSM database. i. Reboot system into normal mode - restore should be complete
155
Note
Once the problem has been identified and resolved, the system should be restored using the method described in 6.2.4, Restoring a Win 2000 domain controller (non-authoritatively) on page 102.
156
Appendix A. Special notices

This publication is intended to help Windows 2000 systems administrators to back up and restore Windows 2000 systems using Tivoli Storage Manager. The information in this publication is not intended as the specification of any programming interfaces that are provided by Tivoli Storage Manager. See the PUBLICATIONS section of the IBM Programming Announcement for Tivoli Storage Manager for more information about what publications are considered to be product documentation. References in this publication to IBM products, programs or services do not imply that IBM intends to make these available in all countries in which IBM operates. Any reference to an IBM product, program, or service is not intended to state or imply that only IBM's product, program, or service may be used. Any functionally equivalent program that does not infringe any of IBM's intellectual property rights may be used instead of the IBM product, program or service. Information in this book was developed in conjunction with use of the equipment specified, and is limited in application to those specific hardware and software products and levels. IBM may have patents or pending patent applications covering subject matter in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to the IBM Director of Licensing, IBM Corporation, North Castle Drive, Armonk, NY 10504-1785. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact IBM Corporation, Dept. 600A, Mail Drop 1329, Somers, NY 10589 USA. Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The information contained in this document has not been submitted to any formal IBM test and is distributed AS IS. The use of this information or the implementation of any of these techniques is a customer responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. While each item may have been reviewed by IBM for accuracy in a specific situation, there is no guarantee that the same or similar results will be obtained elsewhere. Customers
157
attempting to adapt these techniques to their own environments do so at their own risk. Any pointers in this publication to external Web sites are provided for convenience only and do not in any manner serve as an endorsement of these Web sites. The following terms are trademarks of the International Business Machines Corporation in the United States and/or other countries:
e (logo) IBM AIX AT IBM.COM Redbooks Redbooks Logo RS/6000 Wizard Notes NetView
The following terms are trademarks of other companies: Tivoli, Manage. Anything. Anywhere.,The Power To Manage., Anything. Anywhere.,TME, NetView, Cross-Site, Tivoli Ready, Tivoli Certified, Planet Tivoli, and Tivoli Enterprise are trademarks or registered trademarks of Tivoli Systems Inc., an IBM company, in the United States, other countries, or both. In Denmark, Tivoli is a trademark licensed from Kjbenhavns Sommer - Tivoli A/S. C-bus is a trademark of Corollary, Inc. in the United States and/or other countries. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and/or other countries. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. PC Direct is a trademark of Ziff Communications Company in the United States and/or other countries and is used by IBM Corporation under license. ActionMedia, LANDesk, MMX, Pentium and ProShare are trademarks of Intel Corporation in the United States and/or other countries. UNIX is a registered trademark in the United States and other countries licensed exclusively through The Open Group.
158
SET, SET Secure Electronic Transaction, and the SET Logo are trademarks owned by SET Secure Electronic Transaction LLC. Other company, product, and service names may be trademarks or service marks of others.
Appendix A. Special notices
159
160
Appendix B. Related publications

The publications listed in this section are considered particularly suitable for a more detailed discussion of the topics covered in this redbook.
B.1 IBM Redbooks publications

For information on ordering these publications see How to get IBM Redbooks on page 165.
Book Title Publication Number Tivoli Enterprise Performance Tuning Guide SG24-5392 Tivoli Storage Manager Version 3.7: Technical Guide SG24-5477 A Project Guide for Deploying Tivoli Solutions SG24-5310 ADSM Operation and Management with TME 10 SG24-2214 ADSM Server for Windows NT Configuration and Recovery Examples SG24-4878 ADSM Server-to-Server Implementation and Operation SG24-5244 ADSM/6000 on 9076 SP2 GG24-4499 All About Tivoli Management Agents SG24-5134 An Industry Around the Tivoli Framework: Examples from the 10/Plus Association SG24-2122 An Introduction to Tivoli Enterprise SG24-5494 An Introduction to Tivoli's TME 10 SG24-4948 Backup, Recovery, and Availability with DB2 Parallel Edition on RISC/6000, SG24-4695 ADSM Client Disaster Recovery: Bare Metal Restore SG24-4880 Creating Custom Monitors for Tivoli Distributed Monitoring SG24-5211 Deploying a Tivoli Infrastructure in Large-Scale Environments SG24-5210 Designing Tivoli Solutions for End-to-End Systems and Service Management SG24-5104 Getting Started with Tivoli Storage Manager: Implementation Guide SG24-5416 High Availability Scenarios for Tivoli Software SG24-2032 Implementing Tivoli Manager for Windows NT SG24-5519 Implementing Tivoli Remote Control in Large Enterprises SG24-5125 Laying the Foundation for Tivoli Modules SG24-5379 Managing Domino/Notes with Tivoli Manager for Domino, Enterprise Edition, Version 1.5 SG24-2104 Managing RDBMS Servers With Tivoli SG24-5240 Managing SAP R/3 with Tivoli SG24-5298 New Features in Tivoli Software Distribution 3.6 SG24-2045 Problem Management Using Tivoli Service Desk and the TEC SG24-5301 TEC Implementation Examples SG24-5216 Tivoli Enterprise Internals and Problem Determination SG24-2034 Tivoli Enterprise Management Across Firewalls SG24-5510 Tivoli Service Desk V6.0 - IT Infrastructure Planning Guide SG24-5312 Tivoli Storage Management Concepts SG24-4877 TME 10 Cookbook for AIX: Systems Management and Networking Applications SG24-4867 TME 10 Deployment Cookbook: Courier and Friends SG24-4976 TME 10 Deployment Cookbook: Inventory and Company SG24-2120 TME 10 Framework Version 3.2: An Introduction to the Lightweight Client Framework SG24-2025 TME 10 Inventory 3.2: New Features and Database Support SG24-2135
161
Book Title Using ADSM to Back Up and Recover Microsoft Exchange Server Using ADSM to Back Up Databases Using Databases with Tivoli Applications and RIM Using Tivoli Software Installation Service for Mass Installation Using Tivoli Storage Manager to Back Up Lotus Notes Using Tivoli to Manage a Large-Scale SAP R/3 Environment Using TSM in a Clustered Windows NT Environment Windows NT Backup and Recovery with ADSM
Publication Number SG24-5266 SG24-4335 SG24-5112 SG24-5109 SG24-4534 SG24-5500 SG24-5742 SG24-2231
B.2 IBM Redbooks collections

Redbooks are also available on the following CD-ROMs. Click the CD-ROMs button at ibm.com/redbooks for information about all the CD-ROMs offered, updates and formats.
CD-ROM Title IBM Networking Redbooks Collection IBM Transaction Processing and Data Management Redbooks Collection IBM Lotus Redbooks Collection Tivoli Redbooks Collection IBM Netfinity Hardware and Software Redbooks Collection IBM RS/6000 Redbooks Collection (PDF Format) IBM Application Development Redbooks Collection IBM Enterprise Storage and Systems Management Solutions Collection Kit Number SK2T-6022 SK2T-8038 SK2T-8039 SK2T-8044 SK2T-8046 SK2T-8043 SK2T-8037 SK3T-3694
B.3 Tivoli publications

These publications are also relevant as further information sources:
Book Title Tivoli Asset Management Inventory Integration System Administration Tivoli Asset Management Inventory Integration Users Guide Tivoli Asset Management System Administrators Guide Tivoli Asset Management Users Guide Tivoli Change Management System Administrators Guide Tivoli Change Management Users Guide Tivoli Data Protection for Informix V3R7: Installation and Users Guide Tivoli Data Protection for Lotus Domino for UNIX V1R1: Installation and Users Guide Tivoli Data Protection for Lotus Domino for Windows NT V1R1: Installation and Users Guide Publication Number GC31-5204 GC32-0288 GC31-5195 GC31-5194 GC31-5188 GC31-5190 SH26-4095 SH26-4088 GC26-7320
162
Book Title ADSMConnect Agent for Lotus Notes on AIX Installation and Users Guide ADSMConnect Agent for Lotus Notes on Windows NT Installation and Users Guide ADSMConnect Agent for Microsoft Exchange Server Installation and Users Guide ADSMConnect Agent for Microsoft SQL Server Installation and Users Guide ADSMConnect Agent for Oracle Backup on AIX Installation and Users Guide ADSMConnect Agent for Oracle Backup on HP-UX Installation and Users Guide ADSMConnect Agent for Oracle Backup on Sun Solaris Installation and Users Guide ADSMConnect Agent for Oracle Backup on Windows NT Installation and Users Guide Tivoli Decision Support 2.1 Administrator Guide Tivoli Decision Support 2.1 Installation Guide Tivoli Decision Support 2.1 Users Guide Tivoli Distributed Monitoring 3.6 Collection Reference Tivoli Distributed Monitoring 3.6 Release Notes (supplied with the product) Tivoli Distributed Monitoring 3.6.1 Release Notes (supplied with the product) Tivoli Distributed Monitoring for OS/390 V3.6.1 Tivoli Distributed Monitoring Users Guide 3.6 Tivoli Framework 3.6 Users Guide Tivoli Framework 3.6.1 Release Notes (supplied with the product) Tivoli Inventory 3.6.1 Release Notes (supplied with the product) Tivoli Inventory for OS/390 V3.6.1 Release Notes (supplied with the product) Tivoli Problem Management Distributed Data Manager System Administrators Guide Tivoli Problem Management System Administrators Guide Tivoli Problem Management Users Guide Tivoli Service Desk Administration Users Guide Tivoli Service Desk Installation Guide Tivoli Software Distribution 3.6 Release Notes (supplied with the product) Tivoli Software Distribution 3.6.1 Release Notes (supplied with the product) Tivoli Software Installation Service 3.6.1 Release Notes (supplied with the product) Tivoli Software Installation Services 3.6 Users Guide Tivoli Storage Manager for AIX Version 3.7 Administrators Guide Tivoli Storage Manager for AIX Version 3.7 Administrators Reference Tivoli Storage Manager for AIX Version 3.7 Quick Start Tivoli Storage Manager for AS/400 Version 3.1.2 Administrators Guide Tivoli Storage Manager for AS/400 Version 3.1.2 Administrators Reference Tivoli Storage Manager for AS/400 Version 3.1.2 Quick Start Tivoli Storage Manager for HP-UX Version 3.7 Administrators Guide Tivoli Storage Manager for HP-UX Version 3.7 Administrators Reference Tivoli Storage Manager for HP-UX Version 3.7 Quick Start
Publication Number SH26-4067 SH26-4065 SH26-4071 SH26-4069 SH26-4061 SH26-4073 SH26-4063 SH26-4086 GC32-0437 GC32-0438 GC32-0436 SC31-5118 GI10-3023 GI10-8021 GI10-8043 GC31-8382 GC31-8433 GI10-8014 GI10-8018 GI10-8048 GC31-5184 GC31-5173 GC31-5175 GC31-5205 GC31-5167 GI10-3014 GI10-8019 GI10-8015 GC31-5121 GC35-0368 GC35-0369 GC35-0367 GC35-0315 GC35-0316 GC35-0317 GC35-0371 GC35-0372 GC35-0370
Appendix B. Related publications
163
Book Title ADSTAR Distributed Storage Manager for MVS Version 3.7 Administrators Guide ADSTAR Distributed Storage Manager for MVS Version 3.7 Administrators Reference ADSTAR Distributed Storage Manager for MVS Version 3.7 Quick Start ADSM for OS/2 Version 3.1 Messages Tivoli Storage Manager for Sun Solaris Version 3.7 Administrators Guide Tivoli Storage Manager for Sun Solaris Version 3.7 Administrators Reference Tivoli Storage Manager for Sun Solaris Version 3.7 Quick Start Tivoli ADSM for VM Version 3.1 Quick Start Tivoli Storage Manager for Windows NT Version 3.7 Administrators Guide Tivoli Storage Manager for Windows NT Version 3.7 Administrators Reference Tivoli Storage Manager for Windows NT Version 3.7 Quick Start Tivoli Storage Manager Version 3.7 AFS/DFS Backup Clients Tivoli Storage Manager Version 3.7 Installing the Clients Tivoli Storage Manager Version 3.7 Messages Tivoli Storage Manager Version 3.7 Reference Cards for the Backup-Archive Clients Tivoli Storage Manager Version 3.7 Trace Facility Guide Tivoli Storage Manager Version 3.7 Using the Application Programming Interface Tivoli Storage Manager Version 3.7 for NetWare Using the Backup-Archive Client Tivoli Storage Manager Version 3.7 for UNIX Using the Backup-Archive Client Tivoli Storage Manager Version 3.7 for Windows Using the Backup-Archive Client TME 10 Enterprise Console 3.6.1 Release Notes (supplied with the product) TME 10 Enterprise Console Adapters Guide Version 3.6 TME 10 Enterprise Console Rule Builders Guide Version 3.6 TME 10 Enterprise Console Users Guide Version 3.6 TME 10 Framework 3.6 Planning & Installation Guide TME 10 Framework 3.6 Reference Manual TME 10 Framework Release Notes Version 3.6 TME 10 Inventory 3.6 Release Notes (supplied with the product) TME 10 Inventory 3.6 Users Guide TME 10 Software Distribution 3.6 AutoPack Guide TME 10 Software Distribution 3.6 Reference Manual TME 10 Software Distribution 3.6 Users Guide TME 10 Tivoli/Plus ADSM User's Guide Tivoli Framework Version 3.7 Users Guide
Publication Number GC35-0277 GC35-0278 GC35-0276 SH35-0133 GC35-0374 GC35-0375 GC35-0373 GC35-0351 GC35-0380 GC35-0381 GC35-0379 SH26-4106 SH26-4102 GC35-0382 SX26-6021 SH26-4104 SH26-4107 SH26-4100 SH26-4105 SH26-4101 GI10-8020 SC31-8507 SC31-8508 GC31-8506 SC31-8432 SC31-8434 GI10-3028 GI10-3011 GC31-8381 GC32-0294 SC31-8331 GC31-8330 GC31-8405 GC31-8433
164
How to get IBM Redbooks

This section explains how both customers and IBM employees can find out about IBM Redbooks, redpieces, and CD-ROMs. A form for ordering books and CD-ROMs by fax or e-mail is also provided. Redbooks Web Site ibm.com/redbooks Search for, view, download, or order hardcopy/CD-ROM Redbooks from the Redbooks Web site. Also read redpieces and download additional materials (code samples or diskette/CD-ROM images) from this Redbooks site. Redpieces are Redbooks in progress; not all Redbooks become redpieces and sometimes just a few chapters will be published this way. The intent is to get the information out much quicker than the formal publishing process allows. E-mail Orders Send orders by e-mail including information from the IBM Redbooks fax order form to: In United States or Canada Outside North America Telephone Orders United States (toll free) Canada (toll free) Outside North America 1-800-879-2755 1-800-IBM-4YOU Country coordinator phone number is in the How to Order section at this site: http://www.elink.ibmlink.ibm.com/pbl/pbl e-mail address pubscan@us.ibm.com Contact information is in the How to Order section at this site: http://www.elink.ibmlink.ibm.com/pbl/pbl
Fax Orders United States (toll free) Canada Outside North America 1-800-445-9269 1-403-267-4455 Fax phone number is in the How to Order section at this site: http://www.elink.ibmlink.ibm.com/pbl/pbl
This information was current at the time of publication, but is continually subject to change. The latest information may be found at the Redbooks Web site. IBM Intranet for Employees IBM employees may register for information on workshops, residencies, and Redbooks by accessing the IBM Intranet Web site at http://w3.itso.ibm.com/ and clicking the ITSO Mailing List button. Look in the Materials repository for workshops, presentations, papers, and Web pages developed and written by the ITSO technical professionals; click the Additional Materials button. Employees may access MyNews at http://w3.ibm.com/ for redbook, residency, and workshop announcements.
165
IBM Redbooks fax order form

Please send me the following: Title Order Number Quantity
First name Company Address City Telephone number Invoice to customer number Credit card number
Last name
Postal code Telefax number
Country VAT number
Credit card expiration date
Card issued to
Signature
We accept American Express, Diners, Eurocard, Master Card, and Visa. Payment by credit card not available in all countries. Signature mandatory for credit card payment.
166
Index A
Active Directory 6, 11, 20 Active Directory restore 155 ALL-LOCAL 43 ALL-LOCAL domain 21 APAR list 26 application log 9 Authoritative restore 144 DFS structure 144 DFS utility 144 DFSBACKUPMNTPNT 141, 145 DHCP 150 directory consistency 152 Directory Junctions 15 Directory Service Restore mode 155 Directory Services Restore 155 Disk Quotas 15 Disk quotas 146 Distributed File System 6, 12, 16 Distributed Link Tracking 14 distributed services 6 Drive branch 147 drives where DFS definitions are stored 145 dsm.opt 43, 51 dsmcutil.txt 51
B
Backing up the DHCP, WINS, and Terminal services 44 BACKUP EVENTLOG 25 backup of the entire System Object 7 Backup Operator Group 146 BACKUP REGISTRY 25 BACKUP SYSTEMOBJECTS 21 BACKUPREGISTRY option 26 boot.ini 8 bootsect.dos 8 broken DFS links 6
E
Encrypted File System (EFS) 13 entire System Object 155 error messages 140, 143 Event log backup 25 Event Logs 9 Event logs 20 EXCLUDE.DIR 43 Exporting the Disk Quota 146
C
Certificate Services DB 10 client implementation 31 client scheduler 51 Closed, registration 32 Cluster database 20 Cluster DB 12 COM+ 154 COM+ Class DB 10 COM+ database 20 common permissions 13 Complete system restores 148 Complete System Restores & DFS 145 Component Object Model 10
F
File Replication Service 11 File Replication Service (FRS) 12 File System (NTFS) components 12 Following Location 143
G
Group Policy 11
D
Database size calculation 33 Database, Recovery Log and storage pools size 33 default management class 43 DFS diagram 141 DFS Junction points 147 DFS junction points 143
H
Hardware requirements 38 hierarchical storage management 17 housekeeping information, Active Directory 7
I
Implementation planning 31 Include-exclude list 43
167
include-exclude list 44 Indexing service 17 install of Tivoli Storage Manager 46 Installation and setup TSM 4.1.2 client 43 InstallSheild for Windows Installer used 24 integrity of backups 7
P
Policy management 28 Primary Storage Pool size calculation 36 profile of files with the same names 152 Public Key technology 13
Q
QUERY INCLEXCL 22 QUERY of System Objects 21
J
Junction Point 141 Junction points 147
R
Rebooting system into normal mode 155 Recovery Log 32 Recovery Log size calculation 35 regedit 43 Registry 9, 20 registry hives 9 registry key 24 REGREST 9 Remote Backups and Restores 8 Remote Storage Service 17 Remote Storage Service (RSS) 17 Removable Storage Management (RSM) 148 Removable Storage Management database 20 Removable Storage Manager 16 Reparse Points 13 Replicated file systems 20 Replication Policy settings, disabling 144 RESTORE EVENTLOG 25 RESTORE REGISTRY 25 RESTORE SYSTEMOBJECT 22 Restore without services active 26 Restoring a Domain Controller (non-authoritatively) 155 Restoring DFS on Windows 2000 Domain Controllers 144 restoring files and directories in DFS structures 141 restoring individual folders 152 restoring sparse files to a non-NTFS 5 file system 146 restoring the RSM database 149 Restoring user profiles 150 Restoring Windows 2000 Professional or member server 154 RSM database 154
L
Link Tracking 15 Local backup 25, 28 Local Backup Operator 151 log file checks 143
M
Management class 25 mobile computer support 24 Multiple Named Data Streams 13
N
Network bandwidth 36 non authorative restore of a DFS replica 144 normal drive filespace name 148 normal mode 155 NTbackup 4 NTbackup v TSM 28 NTbackup, comparison to TSM 19 ntbootdd.sys 8 ntdetect.com 8 ntdlr 8 NTDS.DIT 11 NTFS 12 NTFS 5 12, 148 Number of Versions 34
O
ODBC driver not included 24 Operators Group 39 opportunistic locks 13 Other Windows 2000 Databases 150 overview of Windows 2000 products 1
168
S
security log 9 Server registration modes 32 Server storage 32 Single Instance Store 16 Software requirements 38 Sparse File support 14 Sparse files 146 Storage components disk quotas 15 Storage pools 32 Symmetric Key encryption 13 system / boot partition restore 155 System and boot files 20 System boot files 8 System File protection Service 8 System information 39 system log. 9 System Object 5 System Object component processing 8 System Objects 20, 25 System Objects managed as a group 21 System Partition Boot Files 8 System State Components 4 System State & System Object, differences 5 System Volume 6 System Volume (SYSVOL) 11 System volume (SYSVOL) 20 System Volume restore 155 SYSTEMOBJECT Domain 21 SysVol 6
U
User permissions for Windows 2000 39
V
verifying your restore 150 Volume Mount Points 15 volume points 15
W
Web access 11 web client services 51 Web Server interface 146 Windows 2000 Advanced Server 2 backup API 8 components 3 Datacenter Server 2 domain controllers 9 Event logs 7 implementations 1 Professional - overview 2 Server overview 2 Windows 2000 features 1 WINS 150
T
Tivoli Storage Manager 4.1.2 support for Windows 2000 3 System Object 5 Tivoli Storage Manager 3.7.3 server 19 Tivoli Storage Manager 4.1.2 client introduction 19 Tivoli Storage Manager Client Configuration Wizards 51 Tivoli Storage Manager Server code level 31 Tombstone Lifetime 32 transaction log files 11 Troubleshooting 154 type of install 48
169
170
IBM Redbooks review

Your feedback is valued by the Redbook authors. In particular we are interested in situations where a Redbook "made the difference" in a task or problem you encountered. Using one of the following methods, please review the Redbook, addressing value, subject matter, structure, depth and quality as appropriate. Use the online Contact us review redbook form found at ibm.com/redbooks Fax this form to: USA International Access Code + 1 845 432 8264 Send your comments in an Internet note to redbook@us.ibm.com
Document Number Redbook Title Review
SG24-6141-00 Deploying the Tivoli Storage Manager Client in a Windows 2000 Environment
What other subjects would you like to see IBM Redbooks address?
Please rate your overall satisfaction: Please identify yourself as belonging to one of the following groups: Your email address: The data you provide here may be used to provide you with information from IBM or our business partners about our products, services or activities. Questions about IBMs privacy policy?
O Very Good
O Good
O Average
O Poor O Solution Developer
O Customer O Business Partner O IBM, Lotus or Tivoli Employee O None of the above
O Please do not use the information collected here for future marketing or promotional contacts or other communications beyond the scope of this transaction.
The following link explains how we protect your personal information. ibm.com/privacy/yourprivacy/
171
Deploying the Tivoli Storage Manager Client in a Windows 2000
(0.2spine) 0.17<->0.473 90<->249 pages
Deploying the Tivoli Storage Manager Client in a Windows 2000 Environment

Using the TSM client support for Windows 2000 Planning and implementing backup scenarios Restoring Windows 2000 objects
This IBM Redbook will help you use the Tivoli Storage Manager (TSM) client at level 4.1.2 with Microsoft Windows 2000. It is intended as a supplement to other TSM redbooks and documentation. This book explains special considerations for using the TSM 4.1.2 client with Windows 2000. We cover implementation planning, installation, and setup, various backup considerations, and their associated restore methodologies. This book is not intended to be a Windows 2000 primer or to cover TSM server implementation. Readers are expected to be familiar with MS Windows 2000 administration concepts, functions, and features. Typically, they will be planning the deployment of Windows 2000, or will have already deployed it. We assume a basic understanding of TSM concepts and a good working knowledge of previous TSM clients (GUI and command line interfaces).
INTERNATIONAL TECHNICAL SUPPORT ORGANIZATION
BUILDING TECHNICAL INFORMATION BASED ON PRACTICAL EXPERIENCE IBM Redbooks are developed by the IBM International Technical Support Organization. Experts from IBM, Customers and Partners from around the world create timely technical information based on realistic scenarios. Specific recommendations are provided to help you implement IT solutions more effectively in your environment.
For more information: ibm.com/redbooks

SG24-6141-00 ISBN 073841980X

Deploying The Tivoli Storage Manager Client in A Windows 2000 Environment Sg246141

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Deploying The Tivoli Storage Manager Client in A Windows 2000 Environment Sg246141

Uploaded by

Copyright:

Available Formats

Deploying the Tivoli Storage Manager Client in a Windows 2000 Environment

Pat Randall Javier Hernandez Rod Macleod Andrew Pearce

Copyright IBM Corp. 2001

Deploying Tivoli Storage Manager for Windows 2000

Chapter 6. Windows 2000 restores . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 6.1 Permissions to restore Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . . 91

Deploying Tivoli Storage Manager for Windows 2000

Copyright IBM Corp. 2001

Deploying Tivoli Storage Manager for Windows 2000

Copyright IBM Corp. 2001

Deploying Tivoli Storage Manager for Windows 2000

The team that wrote this Redbook

Copyright IBM Corp. 2001

Deploying Tivoli Storage Manager for Windows 2000

Chapter 1. Introducing TSM client support for Windows 2000

1.1 Types of Windows 2000 implementations

2-node cluster Yes No

4-node cluster Yes Yes

Copyright IBM Corp. 2001

1.1.1 Windows 2000 Professional

1.1.2 Windows 2000 Server

1.1.3 Windows 2000 Advanced Server

1.1.4 Windows 2000 Datacenter Server

Deploying Tivoli Storage Manager for Windows 2000

1.2 Introduction to TSM 4.1.2 support for Windows 2000

Explicit Support by v4.1.2 client

yes no yes yes

Chapter 1. Introducing TSM client support for Windows 2000

Explicit Support by v4.1.2 client yes no

Encrypted File System Distributed link tracking and object IDs

1.3 System State components

Deploying Tivoli Storage Manager for Windows 2000

Figure 1. System State in NTbackup

Chapter 1. Introducing TSM client support for Windows 2000

Figure 2. System Object in Tivoli Storage Manager Client

Deploying Tivoli Storage Manager for Windows 2000

An incremental backup is not currently supported by the Microsoft API.

Chapter 1. Introducing TSM client support for Windows 2000

1.3.2 System boot files

Deploying Tivoli Storage Manager for Windows 2000

1.3.4 Event logs

Chapter 1. Introducing TSM client support for Windows 2000

Table 3. Windows 2000 event log file names

File name SysEvent.Evt AppEvent.Evt SecEvent.Evt NTDS.Evt IExplore.evt DNSEvent.evt NtFrs.Evt

1.3.5 COM+ Class DB

1.3.6 Certificate Services DB

Deploying Tivoli Storage Manager for Windows 2000

1.3.7 Active Directory

1.3.8 System Volume (SYSVOL)

1.3.9 File Replication Service

Chapter 1. Introducing TSM client support for Windows 2000

1.4 File System (NTFS) components

Deploying Tivoli Storage Manager for Windows 2000

1.4.1 Encrypted File System (EFS)

1.4.2 Reparse Points

1.4.3 Multiple Named Data Streams

Chapter 1. Introducing TSM client support for Windows 2000

1.4.4 The Change Journal

1.4.5 Sparse file support

1.4.6 Distributed Link Tracking

Deploying Tivoli Storage Manager for Windows 2000

1.4.7 Directory Junctions

1.4.8 Volume Mount Points