Carbonite Support > Performing System State Recove...

Performing System State Recovery on Windows Small Business Server 2011

Summary:

In order to perform a System State restore on Small Business Server (SBS) 2011, the computer needs to be booted into Directory Service Restore Mode (DSRM) since SBS 2011 is the Active Directory Domain controller.

DSRM, in essence, is like Windows Safe mode, with no Active Directory service running.

In the context of System State restores using Carbonite Safe Server Backup (CSSB):

  1. Your System State backup sets need to have encryption turned off.
    1. To decrypt your encrypted backups at the time of restore, CSSB will need to access the certificate which is installed into the certificate store as the amandabackup / CarboniteUser user. Since this user account will not be available in DSRM, the System State restore of encrypted backups will fail. Therefore, it is highly recommended not to encrypt System State backups, due to the complexity or even inability of restoration.
  2. To restore System State backups, you will need to reconfigure all CSSB services (Carbonite Safe Server Backup Controller / Carbonite Server Backup Controller, Carbonite Safe Server Database / Carbonite Server Database, and Carbonite Safe Server Cloud Controller / Carbonite Server Cloud Controller) to run under the LocalSystem account.
    1. All CSSB services are configured to run as the amandabackup / CarboniteUser user, which is not available in DSRM mode.
    2. Reconfigure all CSSB services to run under the LocalSystem account and restart them.
    3. Once restoration is completed, all services will be reset to run as the amandabackup / CarboniteUser user.

Note: For 64-bit machines running a server OS (Windows 2008 R2, Windows 2012, or higher) that have a Hyper-V role installed, the Carbonite Safe Server Hyper-V Service / Carbonite Server Hyper-V Service will also be running.

This article applies to:

Carbonite Plans Products Platforms
Power and Ultimate (Not sure?) Carbonite Safe Server Backup (Not sure?) Windows

Solution:

Booting into DSRM mode

To boot your computer in DSRM mode, follow these steps:

  1. Enable the built-in administrator account, which is disabled by default and assign a password.
    1. For this example, we will call it dsrm-password
  2. In normal boot, change the DSRM password to dsrm-password. See this article: http://blogs.technet.com/b/sbs/archive/2009/02/27/what-username-and-password-do-i-need-to-use-for-directory-services-restore-mode-dsrm-in-sbs-2008.aspx.
  3. Boot Windows in DSRM (press F8 during the boot process).
  4. Login to Windows using the following format: YourServerName/Administrator and dsrm-password.
  5. Reconfigure all CSSB services to run under the LocalSystem account and restart them.

Restoration Process (once in DSRM mode)

To perform a System State restore on Windows SBS 2011, please choose the scenario that best fits your situation:

The sections below are collapsed. Please click the section title to open / close a particular section.

Backups are in a Locally Attached Storage

Simply open the Carbonite Safe Server Backup user interface and proceed with the restoration of the System State backup run.

Backups are in the Cloud

  1. Change DNS setting to public DNS server, such as OpenDNS: 208.67.222.222.
    1. This setting will be reverted back by the restoration process.
    2. This step is required because by default, on Domain Controller Preferred DNS Server setting of local network adapter points to itself, but the DNS service is not running in DSRM mode.
  2. Open the CSSB user interface and proceed with the restoration of the System State backup run.
Backups are in a Common Internet File System (CIFS)/Network File System (NFS) Share

You have two options:

  1. You need to make sure that the administrator user on the SBS 2011 machine can access the network device using the dsrm-password password.
    1. Or you can map the share using different credentials.
    2. It is up to the user to test and establish correct security permission on the network share.
  2. Copy the backup data from the network share to the local drive.
  3. Use the Import Backup Sets from Local Directory option in CSSB (Advanced menu > Import Existing Backup Sets or Tools menu > Import Existing Backup Sets) to restore the backup set.

Backups are in a Windows Share

This scenario is a bit challenging as it requires connecting to the network share when the domain controller is not available.

To avoid the steps below, you can copy the backup data from the network share to the local drive, and use the Import Backup Sets from Local Directory option in CSSB (Advanced menu > Import Existing Backup Sets or Tools menu > Import Existing Backup Sets) to restore the backup set.

If moving the backup data to the local system is not possible, then please continue with these instructions:

If SBS 2011 is the Only Domain Controller on the Network (90% of installations)
  1. Reconfigure network share to give both Share and NTFS permission to the local user on the member server. This is required because the member server has to query the Domain Controller (DC) to allow connection to its share, but the DC is not available, since it is booted in DSRM mode.
  2. If the local administrator password on the member server equals the dsrm-password of the SBS 2011 server, connection to the network share should work. If not, then from the SBS 2011 server booted in DSRM, the user needs to connect or map a network drive using the local user on member server credentials and map it to the same letter as it was mapped in the original setup.
If There are Other Domain Controllers on the Network
  1. By default, restoring the System State in this case would be a non-authoritative restore: i.e. other domain controllers will replicate all changes back to the restored Active Directory. If the user needs to restore Active Directory objects, they will need to follow this article for guidelines: http://blogs.technet.com/b/sbs/archive/2011/03/31/how-to-perform-an-authoritative-system-state-restore-in-sbs-2008-2011-standard.aspx.
  2. If the local administrator password on the member server equals the dsrm-password of the SBS 2011 server, connection to the network share should work. If not, then from the SBS 2011 server booted in DSRM, the user needs to connect or map a network drive using the local user on member server credentials and map it to same letter as it was mapped in the original setup.
Feedback