Today, I have solved some very interesting issue. Let me note at the very beginning that most of the things that follow are not supported by Microsoft. I just made it work because we must restore a computer to at least some state of working AD environment when the customer didn't backup properly.
A customer have had a Windows Server Backup (WBADMIN) of an Active Directory Domain Services (AD DS) domain controller (DC) in the form of the notorious WindowsImageBackup folder containing the VHD files for each partition backed up. And the DC crashed after some updates applied and didn't boot anymore.
The problem was that the backup was just image backup and didn't contain the Bare Metal Recovery information. So we were not able to boot the installation media (neither the Windows Recovery Environment - WinRE) and thus were not able to perform the System Image Recovery from the console.
What now? I tried the obvious path - take the VHD file with the operating system and mount it to a newly created virtual machine to its IDE bus. Then after several thrilling seconds no boot.
The first problem - the newly created machine just doesn't boot
No error displayed, no textual boot messages. Nothing. Just a blinking coursor. Yes, mounting and booting the Windows Server Backed-up VHD is not supported. It does not contain enough information to work so. It is just not the goal of the WBADMIN created OS VHD. The resulting VHD is not bootable.
I tried to repair the VHD from inside (booting an installation ISO and going to its command line with SHIFT-F10) with the following commands
SELECT DISK 0
SELECT PARTITION 1
But to no avail. The OS VHD image is not complete image and is not bootable by design. I had to overcome the problem slightly.
So I created a new VM with an empty VHD and installed a clean OS into it. The same version of operating system (in my case Windows Server 2008 R2). Just the OS, no updates, nothing else. I took the new clean virtual machine offline, added the backed-up OS VHD (the one I wanted to restore) as a second virtual HDD to the new system. I started the VM with Windows installation ISO, went into its command line (the Shift-F10) and just copied the whole content of the backed-up OS VHD into the newly installed operating system partition:
- note again that this is not supported and may not work in your case
- boot installation DVD/ISO, go to its command line with the magic Shift-F10
- determine the clean OS volume letter (might not be C:). This is the newly installed clean OS, even without updates and anything.
- determine the backed-up OS VHD letter (migth be even C: accidentally). The one we want to restore into the VM.
- delete pagefile.sys and BOOT folder from the backed-up OS VHD to speed up the copy process and possibly delete any other unnecessary large data such as log files from the backed-up OS VHD
- ROBOCOPY /COPYALL /B /E /R:0
This operation just added the newer contents of the backed-up OS VHD into the clean installation. Whatever was missing in the backed-up VHD remained in the clean OS installation. Whatever was changed in the backed-up OS VHD was just added to the working image. Not that it is too much a fine method, but works in case of some total disaster recovery.
Then after several seconds of thrill, BSOD (blue screen of death) telling me the following:
Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.
Not a big progress, but at least some info. I was also able to try booting into Safe mode and at least seeing the list of drivers loading. Which meant that the BOOTMGR worked finally. Except there were no drivers for the boot bus.
This is the second problem - when we move from physical machine's SCSI storage to an IDE controller of the VM
When Windows operating system boots, its BOOTMGR loader loads bus drivers for its operating system partition. How it determines what drivers it should load? It used to be more complicated with Windows XP and Windows 2003, but today, it just loads every driver which is marked to load at the boot phase.
All drivers that should be loaded by BOOTMGR and initialized during the boot phase are configured in registry, in the HKLM\SYSTEM\CurrentControlSet\Services node. There is always a key with the driver name and Start value with value of 0. Whatever is set to Start = 0 will be loaded by BOOTMGR and initialized.
During operating system installation, only the necessary bus drivers are set to load as boot drivers with Start = 0. So if your physical machine uses SCSI or anything else for its operating system drive, IDE bus driver is not set to load at boot.
So how to make the IDE bus drivers load during boot phase?
I booted the VM again from Windows installation DVD/ISO media and went to the magical mystery Shift-F10 command line. From there, you can start REGEDIT. Take care here, what you see is registry of the booted DVD. Not the registry of the offline operating system.
You must expand the HKEY_LOCAL_MACHINE node and from the File menu Load Hive of the offline operating system.
You will find its SYSTEM hive in the Windows\System32\Config\SYSTEM. You must only determine the correct operating system letter which will most probably not be C:.
In the newly opened registry hive, you need to determine what ControlSet00x is the Current. Or just do the same into all the CurrentControlSet00x nodes. Which one is Current is determined from the Select key and its Current value. That one will be CurrentControlSet when you boot into the offline operating system finally.
I went there and (according to the following support article) set the following drivers to Start = 0:
- and just to be on the safe side and avoid another reboot trip if it didn't work, I made sure that even the following two others were starting during the boot phase as well
After you are finished, do not forget to Unload Hive in the REGEDIT. This will flush your changes to the disk and everything will be safely in place.
After that, the OS went up. Active Directory started, SYSVOL mounted. Everything was at least working enough to recovery the AD database. Uff.
Wrap it up
- Create a new clean VM with an empty VHD and install the same OS. Don't bother with updates or anything else
- Turn the new VM off after it is installed and attached the backed-up OS VHD disk as a second virtual HDD into the VM. Do not remove the installed OS VHD.
- Reboot the new VM into Windows installation DVD/ISO media and with Shift-F10 and inside the magical command line just ROBOCOPY the contents of the backed-up VHD into the newly installed OS VHD. ROBOCOPY just adds when is different/newer in the backed-up VHD. leaving all the missing contents from the base installation.
- Try booting.
- If it does not work and if it fails with the 7B BSOD called inaccessible boot device, you must repair bus controller driver load order. Again from the Shift-F10 command line and its REGEDIT. Make the drivers for MSAHCI, IASTORV, PCIIDE and INTELIDE load at the boot phase - set their Start value to 0.