Dark Developments Where Knowledge Meets Power


D#B Backup&Recovery Notes [PART5]: Citrix XenServer

Posted by Dark#Basics


XenServer Hosts use a per-host database to store metadata about VMs and associated resources such as storage and networking. When combined with storage repositories, this database forms the complete view of all VMs available across the pool. Thus, it is important to understand how to backup this database in order to recover from physical hardware failure and other disaster scenarios.


In a pool scenario, the master host provides an authoritative database which is synchronously mirrored by all the slave hosts in the pool. This provides a degree of built-in redundancy to a pool; the master can be replaced by any slave since each of them have an accurate version of the pool database.

This level of protection may not be sufficient; for example, if your shared storage containing the VM data is backed up in multiple sites, but your local server storage (containing the pool metadata) is not. To fully recreate a pool given just a set of shared storage, you must first backup the xe pool-dump-database against the master host, and archive this file.

Making a manual backup can be done follow CLI-command from within the pool master.

xe pool-dump-database filename=<filename>

This command can be automated with for example Cron.


As for recovering the metadata following CLI-command must be used.

xe pool-dump-database filename=<sourcefilename>

Do note that all of the hosts AND the node will be rolled back.



Creating a backup through the CLI can be done with the following command.

xe host-backup file-name=<filename> -h hostname -u root -pw <password>

This can be automated Cron. By using a Bash-script made by Andy Burton it is possible to make a snapshot from all, running, none and specifically (by VM uuid) set VMs.


Recovering a VM can be done with both CLI and XenCenter. With XenCenter just use Import VM under File to import the backup image.

Not only the snapshot but also the metadata of the VM will be restored.

If you want to restore a XenServer Host from a specific backup, run the following command while the XenServer Host is up and reachable.

xe host-restore file-name=<filename> -h hostname -u root -pw <password>

This restores the compressed image back to the hard disk of the XenServer Host. In this context “restore” is something of a misnomer, as the word usually suggests that the backed-up state has been put fully in place. The restore command here only unpacks the compressed backup file and restores it to its normal form, but it is written to another partition (/dev/sda2) and does not overwrite the current version of the filesystem.

To actually use the restored version of the root filesystem, you need to reboot the XenServer Host using the XenServer installation CD and select the Restore from backup option.

After the Restore from Backup is completed, reboot the XenServer Host machine and it will start up from the restored image.

Finally, restore the VM meta-data using the xe pool-database-restore command.



D#B Backup&Recovery Notes [PART4]: WSUS, WDS & TS

Posted by Dark#Basics

Windows Server Update Services (WSUS) provides a software update service for Microsoft Windows operating systems and other Microsoft software. WSUS is a locally managed system that works with the public Microsoft Update website to give system administrators more control. By using Windows Server Update Services, administrators can manage the distribution of Microsoft hotfixes and updates released through Automatic Updates to computers in a corporate environment.

WSUS - Backup
A backup from the configuration can be made from within the CLI. The CLI-tool itself exports all the metadata of the service. It isn't possible to make a backup of the updatefiles, update-approvals and the other settings. If you really want to make a backup of these files it's possible by using the Windows Server Backup-role.

wsusutil.exe export <location>.cab

WSUS - Restore
Recovery of the WSUS-settings can be done with wsusutil, this will load the settings into the service.

wsusutil.exe import <localtion>.cab


Windows Deployment Services is a technology from Microsoft for network-based installation of Windows operating systems. It is the successor to Remote Installation Services. WDS is intended to be used for remotely deploying Windows Vista, Windows 7 and Windows Server 2008, but also supports other operating systems because unlike its predecessor RIS, which was a method of automating the installation process, WDS uses disk imaging, in particular the Windows Imaging Format (WIM). WDS is included as a Server Role in all 32-bit and 64-bit versions of Windows Server 2008, and is included as an optionally installable component with Windows Server 2003 Service Pack 2.

WDS - Backup
Backup of the WDS-settings is not possible with GUI or console. It is possible to preform a backup from the WDS-images with for ex. Robocopy.

WDS - Recovery
Recovery of the images can be done through the Windows Deployement Services Snap-in and choosing the Add Image Group option.

Remote Desktop Service, formerly known as Terminal Services, is one of the components of Microsoft Windows (both server and client versions) that allows a user to access applications and data on a remote computer over a network, using the Remote Desktop Protocol (RDP). Terminal Services is Microsoft's implementation of thin-client terminal server computing, where Windows applications, or even the entire desktop of the computer running terminal services, are made accessible to a remote client machine. The client can either be a fully-fledged computer, running any operating system as long as the terminal services protocol is supported, or a barebone machine powerful enough to support the protocol (such as Windows FLP). With terminal services, only the user interface of an application is presented at the client. Any input to it is redirected over the network to the server, where all application execution takes place. This is in contrast to appstreaming systems, like Microsoft Application Virtualization, in which the applications, while still stored on a centralized server, are streamed to the client on-demand and then executed on the client machine. Microsoft changed the name from Terminal Services to Remote Desktop Services with the release of Windows Server 2008 R2 in October 2009. RemoteFX is being added to Remote Desktop Services as part of Windows Server 2008 R2 SP1.

TS - Backup
Just like WSUS there isn't an available method to export the important data. In case of Terminal Services the important data is the database of the license server. In the license server, as the name says, the lincenses of the published applications are stored.

The best way for Terminal Services is the use of the Windows Server Backup and selecting the System State and the TS Licensing database.

TS - Recovery
When there is a System State backup available with the TS Licensing database it is possible to restore this service with System Recovery or even a Bare Metal recovery.

Source :



D#B Backup&Recovery Notes [PART3]: Printer Services, IIS, NPS and ADCS

Posted by Dark#Basics

Printer Services

Printer Services - Backup

Making backups of the network printer services is really handy. When for some reason the service needs to be reinstalled on another server you will be able te restore lost of settings and drivers.
When preforming a backup of the Printer Services you'll backup the configurations and the drivers for all the configured printers.

A backup can be made by the CLI-tool Printbrm. It's a CLI-tool that is only available when you install the Printer Services-Role on that server. The tool enabled us to not only preform a backup but also to migrate to a new server.

Exporting the drivers and configuration can be done with the following syntax.

Printbrm -B -F <filename>.<extension>

The allowed extensions are .cab and .printerExport .

Printer Services - Recovery

A recovery can be done with the same CLI-tool using following syntax or by using the Printer Services Management Snapin.

Printbrm -r -F <filename>.<extension>


Internet Information Services (IIS) – formerly called Internet Information Server – is a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows. It is the most used web server after Apache HTTP Server: As of March 2010, it served 22.7% of all websites on the Internet. IIS 7.5 supports HTTP, HTTPS, FTP, FTPS, SMTP and NNTP. It is an integral part of Windows Server family of products, as well as all editions of Windows Vista and Windows 7, although some features are not supported on client versions of Windows. IIS is not turned on by default when Windows is installed.

IIS - Backup

Making a backup of all the IIS-settings like application pool configurations, bindings,... (this does not include the websites) can be done by the integrated IIS-CLI tool called appcmd.

appcmd add backup <filename>

If you want to make sure that the websites are also available for restore I suggest you use Robocopy for these website folders (ex.: wwwroot).

IIS - Recovery

Recovering the settings is as easy as preforming the backup with the CLI-tool.

appcmd restore backup <filename> /stop:false


Network Policy Server (NPS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy in Windows Server 2008. NPS is the replacement for Internet Authentication Service (IAS) in Windows Server 2003.

As a RADIUS server, NPS performs centralized connection authentication, authorization, and accounting for many types of network access, including wireless and virtual private network (VPN) connections. As a RADIUS proxy, NPS forwards authentication and accounting messages to other RADIUS servers. NPS also acts as a health evaluation server for Network Access Protection (NAP).

Active Directory Certificate Services (AD CS) provides customizable services for issuing and managing public key certificates used in software security systems that employ public key technologies. AD CS is available as a server role in Windows Server 2008 and Windows Server 2008 R2.

NPS & ADCS - Backup
Exporting ADCS can be done with the certutil CLI-command. When using this command the whole database en the certificate is exported to the location specified.

certutil -backup -p "<apassword>" -f -seconds -v <destination>

NPS can be exported using netsh, the NPS-configuration will be exported to an XML-file.

netsh nps export filename=<filename>

NPS & ADCS - Recovery
Recovering the ADCS configuration and certificate can be done with certuril.

certutil -restore <filename>

Recovering the NPS configration by using the XML-file can be done by using netsh or the Network Policy Server GUI.

netsh nps import filename=<filename>



D#B Backup&Recovery Notes [PART2]: DNS, DHCP & GPO’s

Posted by Dark#Basics


The Dynamic Host Configuration Protocol (DHCP) is an auto configuration protocol used on IP networks. Computers that are connected to IP networks must be configured before they can communicate with other computers on the network. DHCP allows a computer to be configured automatically, eliminating the need for intervention by a network administrator. It also provides a central database for keeping track of computers that have been connected to the network. This prevents two computers from accidentally being configured with the same IP address.

DHCP - Backup
Making a backup of DHCP is handy for the configuration of the pools (range, subnet,...) and the reserved IP's. DHCP servers permit you to reserve an IP address for a client. This means that the specific network client will have the same IP for as long as you wanted it to.

A backup can be done through CLI with the netsh-command.

netsh dhcp server dump > <filename>

DHCP - Recovery
Running a recovery of the DHCP-settings can be done with the exact same CLI-command.

netsh exec <filename>

Do note that it's also possible to preform a recovery from the DHCP Management snap-in.









DNS - Backup
DNS-records can be dumped to a file using the dnscmd-command. If DNS is integrated in the domain controller a backup of the DNS records can be made with dnscmd but also with the System State backup (Previous Paper).

dnscmd /zoneprint <zonename> > <filename>

DNS - Recovery
Recovering the DNS-records can be done with the same CLI-command.

dnscmd /zoneadd <zonename> /primary /file <filename> /load


Group Policy is a feature of the Microsoft Windows NT family of operating systems. Group Policy is a set of rules which control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications and users' settings in an Active Directory environment. In other words, Group Policy in part controls what users can and can't do on a computer system. Although Group Policy is more often seen in use for enterprise environments, it is also common in schools, smaller businesses and other kinds of smaller organizations. Group Policy is often used to restrict certain actions that may pose potential security risks, for example: to block access to the Task Manager, restrict access to certain folders, disable the downloading of executable files and so on.

GPO's - Backup
Backup of the GPO's can be done with two methods. The first one is through the System State backup, second method is by using VBScript's. These VBScript's are originally created for Windows Server 2003 when the Group Policy Management Console was installed.

These scripts are not available by default in Windows Server 2008 but can be downloaded from the Windows Download Center. With one of these scripts it is possible to preform a full backup of the GPO's.

cscript.exe BackupAllGPOss.wsf <destination>

GPO's - Recovery
GPO's can be recovered using various methods. First method is by using the Group Policy Management snap-in and selecting the Manage Backups option.

The second method is by using another VBScript called RestoreAllGPOs.

cscript.exe RestoreAllGPOs.wsf <location>



D#B Backup&Recovery Notes [PART1]: Active Directory

Posted by Dark#Basics

Active Directory


With Windows Server 2003 you can make a backup with NTBackup and the corresponding GUI. With this tool it's possible to make a backup from the System State of the machine. System State holds every setting, registry entries, Active Directory and other important system files that can recover a crashed server. In Windows Server 2008 R2 NTBackup this tool isn't available anymore and has been replaced with the Windows Server Backup role. Before you can perform a backup with Windows Server Backup, you have to install the feature, using either Server Manager, or the SERVERMANAGERCMD command-line utility.

servermanagercmd -install Backup-Features

If you are installing Windows Server Backup on a Windows Server 2008 Server Core installation, use the OCSETUP command (it's important to note that the OCSETUP command is case-sensitive):

ocsetup WindowsServerBackup

System state backups, which include only select files and some application databases (rather than entire volumes) is handy and often essential. But early builds of Windows Server 2008 didn't support system state backups and restores. Instead, the backup tool just backed up critical system volumes (meaning any volumes necessary for recovering and rebooting the OS and key applications). These critical system volumes were the volume-oriented equivalent of a system state backup. You can only perform a system state backup using the WBADMIN.EXE command-line program—the MMC snap-in doesn't provide this option. To perform a system state backup, you use this command:

wbadmin start systemstatebackup -backuptarget:<destination>

With this created image you can do a System State recovery. However if you want to be safe and be able to preform a bare metal recovery you'll have to use the allcritical option when running a System State backup.

wbadmin start backup -allcritical -backuptarget:<destination>

Recovery of System State

If you need to recover from some sort of Active Directory-related problem—such as recovering a deleted OU from backup—you should restore the Active Directory Domain Services (ADDS) database to an earlier state, rather than restore the entire system. Even though you can stop ADDS like a service in Windows Server 2008, you still need to boot the server into Directory Services Restore Mode (DSRM) to perform a system state restore on a domain controller. You can boot in Recovery Mode using the BCEDIT-command.

bcdedit /set safeboot dsrepair

Before you use WBADMIN to start a system state restore, you must identify the backup from which you want to restore. WBADMIN can perform a system state restore from either a full system backup, a backup that contains just the critical system volumes, or a system state backup. In any of these cases, you have to specify the version of the backup you want to use.

wbadmin get versions

wbadmin 1.0 - Backup command-line tool

(C) Copyright 2004 Microsoft Corp.
Backup time: 22/2/2007 5:58 PM
Backup target: Fixed Disk labeled Backup(E:)
Version identifier: 12/03/2007-00:58
Can Recover: Volume(s), File(s), Application(s), Bare Metal Recovery, System State

After selecting the backup for you System State backup we'll start the process.

wbadmin start systemstaterecovery -version:12/03/2007-00:58

When the backup is done don't forget to remove the Recovery Flag that we set in the beginning.

bcdedit /deletevalue safeboot

Bare Metal Recovery

When preforming a Bare Metal recovery you will have to boot form the CD-ROM. But instead of clicking on Install Now, you'll have to select the Repair My Computer option, can be found in the lower left corner of the window. When you are asked to select a recovery mode, you'll have to pick Windows Complete Restore.






Followed by this you will have to select the correct backup image from which you will restore the system. It is also possible to select a network share, USB-drive,.. by using the Restore a different backup option and selecting the Advanced button. You can set additional parameters for the recovery: format all drives, restart after recovery, setup drivers,... in the next screen of the wizard.







After that just browse through the wizard and select Finish. You'll system will start the recovery process.