Chapter 5 - Preparing for and Performing Recovery
| Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
This chapter describes what you can do to:
Reduce the possibility of problems.
Recover from problems when they occur.
There is no way to make a computer running Windows NT failure proof. You can only make the computer more failure resistant. A memory module, cabling, or controller failure can corrupt data on any disk. In this event, the only option is to restore from a tape or a backup server that contains a copy of the data.
These are some things that you can do to make it easier to recover from problems:
Develop plans and procedures for recovering from failures before you have one.
Create and test floppy disks that enable you to restart the computer when you are having trouble starting from the system partition.
Maintain software configuration information for your computers running Windows NT. At a minimum, keep track of the version of the operating system installed on each computer, including service packs and hotfixes.
Record the hardware configuration of each computer running Windows NT, especially the disk configurations.
The topics covered in this chapter are:
Maintaining configuration and other forms of information.
Understanding ARC pathnames.
Creating floppy disks to use to start the computer.
Training and testing.
Restoring disk information.
Configuring and using mirror sets and stripe sets with parity.
Using an uninterruptable power supply.
This chapter also describes using utilities on the Windows NT Server Resource Kit CD and the Windows NT Server CD to back up and restore critical data. Planning what utilities to use is as important as knowing how to use them. There is more information about these utilities in Chapter 7, "Disk, File System, and Backup Utilities."
Chapter 4, "Planning a Reliable Configuration," discusses planning what to do before failures occur, such as:
Deciding what hardware and software to procure.
Developing your plan for doing backups.
Developing training plans, disaster plans, and contingency plans.
These are some points to consider:
Investigate the various utilities for doing a task, and decide which one(s) to use for which situations.
When you have decided which utilities you want to use, prepare your floppy disks.
Know how to use the utilities that you decide to use.
Practice recovering from the common problems described in this chapter and in Chapter 6, "Troubleshooting Startup and Disk Problems."
On This Page
Maintaining Configuration and Essential System Information
Understanding ARC Pathnames
Creating Floppy Disks for Starting Your Computer
Training and Testing
Restoring Disk Information
Configuring and Using Mirror Sets and Stripe Sets With Parity
Using an Uninterruptable Power Supply
Maintaining Configuration and Essential System Information
Hardware failures, power failures, and human errors can corrupt information that your computer needs to start Windows NT.
Recovery is easier if:
You know the configuration of each computer and its history.
You back up critical system files every time you make certain changes to your Windows NT configuration.
On computers running Windows NT Server, you can purchase disk subsystems that maintain redundant information on the disks. The redundant information is either parity information, or a complete, separate copy of the data. Having redundant information makes the disk subsystems fault tolerant, meaning that you can continue to access the data when one disk in a fault-tolerant configuration fails. This fault-tolerant technology is called RAID, for Redundant Array of Inexpensive Disks. A disk subsystem that implements fault tolerance using RAID technology is also called a RAID array.
Windows NT Server implements two of the fault-tolerant configurations in software: mirror sets, and stripe sets with parity. For a description of mirror sets and stripe sets with parity, see Chapter 4, "Planning a Reliable Configuration."
For complete information about RAID, RAID terminology, and RAID arrays, see The RAIDbook, A Source Book for Disk Array Technology. The RAID Advisory Board in St. Peter, MN, publishes this book. The June 1995 edition is the basis for RAID information in this chapter. The RAIDbook, A Source Book for Disk Array Technology also contains information about parity.
Keeping a Log Book
You should have a log book for every computer, which contains information about the computer's configuration. Having current information makes it easier to rebuild your computer in the event of a serious system crash. This information also helps product support personnel to troubleshoot problems. The Registry contains information about your disk configuration in the subkeys HKEY_LOCAL_MACHINE \HARDWARE \DeviceMap \AtDisk and Scsi.
The type of information to keep includes:
Computer type, model number, and serial number.
Computer BIOS manufacturer and revision level (x86-based computers) or firmware revision level (RISC-based computers).
CMOS information for x86-based computers.
NVRAM information on RISC-based computers.
Hardware configuration information, including IRQs, DMA addresses, I/O ports, and similar information. If the computer has an EISA bus, the EISA configuration and its associated CFG files should be backed up.
SCSI controller model number, and the BIOS firmware revision level.
Jumper settings for all peripheral devices.
Complete map of the SCSI subsystem, including:
SCSI configuration information from the SCSI setup program.
Which devices are terminated and how they are terminated.
The SCSI ID and physical location on the chain of every SCSI device.
Which versions of Windows NT are installed, and the partitions on which they are installed.
Details of any device drivers or other system level software that did not come in the Windows NT retail package. This software would include such things as a Network File System (NFS) provider, network protocol, or network management software.
Troubleshooting history for any system failures or Kernel STOP errors (blue screens). This information should include:
The time and date the problem occurred.
Any error messages, or events posted to the event log.
Any troubleshooting done and the outcome.
Partition information, such as the size of the partitions and the file system used for each one. You can use the DiskMap program, described in Chapter 7, "Disk, File System, and Backup Utilities," to print a map of each of your disks by redirecting the output to a file or a printer.
Backing up the Registry
All of the Windows NT internal configuration information is stored in the Registry. It is critical to have up-to-date, reliable backups of this information. There are several ways to back up the all or part of the Registry, and you should have redundancy in this area.
If you have a backup device installed on your computer, you can include the Registry in normal backups. You have to specifically select this option in the Windows NT tape backup program Ntbackup.exe. Third-party Windows NT-compatible backup software might also require that you take specific action to back up the Registry. Be sure to test your Registry backup and restore procedures.
Note: Windows NT Backup can only back up the Registry on the local system. You cannot use Windows NT Backup to back up a computer's Registry over the network.
After any change in the configuration of the operating system, including adding new software, you should use the Repair Disk program, Rdisk.exe, to update files in the %systemroot%\Repair folder, and create a new Emergency Repair Disk. For information about using the Repair Disk program, see "Creating an Emergency Repair Disk," presented later in this chapter. It is a good idea to make a copy of the Emergency Repair Disk and store it in a separate location, perhaps off site.
You can use the Windows NT Registry Editor, Regedt32.exe, to save and restore Registry keys.
The Windows NT Server Resource Kit CD contains utilities that enable you to back up and restore all or part of the Registry. For information about the Registry Backup (Regback.exe) and Registry Restore (Regrest.exe) utilities, see Rktools.hlp.
Saving the SYSTEM Key
The HKEY_LOCAL_MACHINE \SYSTEM key contains configuration information that Windows NT uses during startup. Even though this key is copied to the Emergency Repair Disk when you use Repair Disk program, there are times that you might want to restore this key from another disk. For more information, see "Restoring the SYSTEM Key," presented later in this chapter.
You can save the SYSTEM key by using either Disk Administrator or the Windows NT Registry Editor (Regedt32.exe). The primary difference between these two methods is that the Disk Administrator always saves the key to a floppy disk, whereas you can specify any disk by using the Registry Editor.
Note: The %systemroot%\System32\Config\System file is usually larger than the SYSTEM key saved by using Disk Administrator or Registry Editor. The smaller size results because the two programs compact the file before copying it to eliminate internal fragmentation and holes.
To use Disk Administrator to save the SYSTEM key
On the Partition menu, click Configuration.
On the Configuration menu, click Save. A message is displayed describing what will be saved and where you should save it.
Insert any floppy disk with enough unused space to hold the configuration information (about 512K). Using the Windows NT startup floppy disk is highly recommended.
Click OK to write the data to the floppy disk.
To use Registry Editor to save the SYSTEM key
Run Registry Editor (Regedt32.exe).
Click the HKEY_LOCAL_MACHINE \SYSTEM key. On the Registry menu, click Save key.
Enter the path to the file where you want to save the key.
Saving the DISK Subkey
The HKEY_LOCAL_MACHINE \SYSTEM \DISK subkey in the Registry contains configuration information about currently defined drive letters, volume sets, stripe sets, stripe sets with parity, and mirror sets, as well as CD-ROM mappings and drive mappings. Any time that you make changes to your disk configuration, Windows NT updates the DISK subkey. You should save this key whenever you make changes that affect it, such as:
Creating or deleting a disk partition.
Changing a drive letter.
Creating or deleting a volume set, stripe set, mirror set, or stripe set with parity.
Having a backup is useful in situations when you do not want to restore the entire Registry or the entire SYSTEM key, such as the following:
You want to move a volume set, stripe set, or stripe set with parity to another computer because of a hardware failure.
Configuration information about a volume has been corrupted.
You need to replace hardware.
For example, if you have changed a SCSI controller, restoring the entire SYSTEM key might make it difficult to start the computer. Restoring the DISK subkey enables you to have current disk configuration information without changing anything else in the Registry.
Note: The DISK subkey does not exist the first time that you start Windows NT. Disk Administrator creates the key the first time that you run it.
To use the Registry Editor to save the DISK subkey
Run Registry Editor (Regedt32.exe).
Click the HKEY_LOCAL_MACHINE \SYSTEM \DISK subkey. On the Registry menu, click Save key.
Enter the path to the file where you want to save the key.
Creating an Emergency Repair Disk
When you install Windows NT, Setup creates the Registry information in %systemroot%\System32\Config. For recovery purposes, Setup also creates a %systemroot%\Repair folder that contains the following files:
File Name |
Contents |
|---|---|
Autoexec.nt |
Copy of %systemroot%\System32\Autoexec.nt, which is used to initialize the MS-DOS environment. |
Config.nt |
Copy of %systemroot%\System32\Config.nt, which is used to initialize the MS-DOS environment. |
Default._ |
Registry key HKEY_USERS \DEFAULT, compressed. |
Ntuser.DA_ |
Compressed version of %systemroot%\Profiles\Default User\Ntuser.dat. The repair process uses Ntuser.da_ if this one needs to be repaired. |
Sam._ |
Registry key HKEY_LOCAL_MACHINE \SAM, compressed. |
Security._ |
Registry key HKEY_LOCAL_MACHINE \SECURITY, compressed. |
Setup.log |
Log of which files were installed, and cyclic redundancy check (CRC) information for use during the repair process. This file is Read Only, System, and Hidden, so it will not be visible unless you have configured My Computer or Windows NT Explorer to show all files. |
Software._ |
Registry key HKEY_LOCAL_MACHINE \SOFTWARE, compressed. |
System._ |
Registry key HKEY_LOCAL_MACHINE \SYSTEM, compressed. |
During installation, Windows NT Setup asks whether you want to create an Emergency Repair Disk. You should choose Yes. When you create an Emergency Repair Disk during installation, or later by using the Repair Disk program (Rdisk.exe), the files are copied from %systemroot%\Repair to the floppy disk. You can also use the Emergency Repair Disk to repair a corrupt Partition Boot Sector for the system partition.
When you run the Repair Disk program, you can update the %systemroot%\Repair\Software and %systemroot%\Repair\System files with the current information in %systemroot%\System32\Config by using the Update Repair Info button.
.gif "Cc751046.xsr_f01(en-us,TechNet.10).gif")
The Repair Disk program does not update the Default, Sam and Security files if you run the program from Windows NT Explorer or My Computer. To update all the files, you can run rdisk from the command prompt by entering:
rdisk /s
You can also update all of the files by clicking the Start button, clicking Run, and entering:
rdisk /s
Using the /s switch forces the Repair Disk program to update all of the Registry keys in the %systemroot%\Repair folder.
There are several points to consider about maintaining and using your Emergency Repair Disk:
If you did not use the /s switch before you create the Emergency Repair Disk, and you use the Repair process to replace the SYSTEM Registry keys, all passwords in the system return to the passwords in effect at the time you last updated the Sam and Security files in %systemroot%\Repair. If you have more recently backed up these keys by using Windows NT Backup, Regback.exe, or Regedt32.exe, you can restore more current information.
If you did not update the Emergency Repair Disk after using Disk Administrator to configure volume sets, stripe sets, mirror sets, or stripe sets with parity, it might be difficult or impossible to recover data on these volumes. When you create any of these volumes, Disk Administrator updates the DISK subkey in the Registry and sets the fault-tolerant bit on the System ID field of the Partition Table for each partition or logical drive in the volume.
You should make a copy of your current Emergency Repair Disk.
If you convert your boot partition from the FAT file system to the NTFS file system on an x86-based computer, be sure to update your Emergency Repair Disk. The NTFS Partition Boot Sector must be on the Emergency Repair Disk, not the FAT Partition Boot Sector.
The Emergency Repair Disk is not a replacement for backups.
For more information about creating an Emergency Repair Disk, see Help for the Repair Disk program. For more information about the %systemroot%\Repair and %systemroot%\System32\Config folders, and the Emergency Repair Disk, search the Knowledge Base. For information about the Knowledge Base, see Chapter 8, "General Troubleshooting."
Chapter 23, "Overview of the Windows NT Registry," in the Windows NT Workstation Resource Guide, contains more information about these keys and the %systemroot%\System32\Config folder.
Backing up the Master Boot Record and Partition Boot Sector
No operating system can protect itself from damage to these disk areas, which can be caused by viruses, faulty SCSI configurations, device driver problems, or power outages. You should back up the Master Boot Record on a disk every time you change partition information for primary partitions or an extended partition. You should back up a Partition Boot Sector when you format a volume, install Windows NT in the volume, or convert a volume from the FAT file system to the NTFS file system.
You can back up these disk sectors by using the Windows NT-based program, DiskProbe, or the MS-DOS-based program, DiskSave. Both of these utilities are on the Windows NT Server Resource Kit CD. The procedures for using DiskProbe and DiskSave are described in Chapter 7, "Disk, File System, and Backup Utilities."
If you have more than one hard disk, or more than one partition on a disk, you should back up every Master Boot Record and Partition Boot Sector. The Master Boot Record for the startup disk and the Partition Boot Sector for your system partition are the most critical. The ones for the other disks and volumes are not as critical to the startup process, but you might not be able to access files if the Master Boot Record for the disk or the Partition Boot Sector for the volume is not correct.
Chapter 6, "Troubleshooting Startup and Disk Problems," describes how to determine if you have a problem with one of these sectors.
Backing Up Data on Your Hard Disks
Regularly backing up data on hard disks minimizes data loss or damage caused by disk failures, power outages, virus infection, and many other possible computer problems. If your backup operation is based on careful planning and reliable equipment, file recovery should be relatively easy.
Windows NT includes a backup program, Ntbackup.exe, that you can use to save data to cartridge tape on computers running Windows NT Server and Windows NT Workstation. Whether you use this program or another type of tape backup system, you need to consider the following:
What data to back up.
What hardware to get.
Where to locate your tape drive.
What type of backup procedure to use.
What backup schedule to follow.
Where to store tapes.
Once you have designed a backup operation, document both your backup and restore procedures. After your backup system is in place, it is a good idea to periodically practice restoring an entire server, as well as individual files.
For more details about what you should cover in your backup plan, see the section titled "Backup Strategy," in Chapter 4, "Planning a Reliable Configuration." For more information about the Ntbackup program, and planning your backup procedure, see Chapter 6, "Backing Up and Restoring Network Files," in the Microsoft Windows NT Server Concepts and Planning book.
Understanding ARC Pathnames
Advanced RISC Computing (ARC) naming conventions are a standard for identifying the location of a file or a program on a device such as a hard disk or a floppy disk. You must understand the ARC pathname conventions to be able to create paths to use to start the computer from the Windows NT startup floppy disk.
On x86-based computers, you use ARC pathnames to describe the location of the boot partition for each instance of Windows NT installed on the computer. If you configure your boot partition as a mirror set, you need to include a path to the shadow boot partition in the Boot.ini file. Creating the path is described in "Creating Alternate Boot Selections for an x86-based Computer," presented later in this chapter.
On x86-based computers, the ARC path to the boot partition has one of the following forms:
multi(W)disk(X)rdisk(Y)partition(Z)\%systemroot%
scsi(W)disk(X)rdisk(Y)partition(Z)\%systemroot%
On RISC-based computers, you use ARC pathnames in the NVRAM to describe the location of:
The folder containing Osloader.exe and Hal.dll.
The full path to Osloader.exe.
The path to the boot partition.
Devices detected by the firmware, such as disks, keyboard, and video.
When you create a Windows NT startup floppy disk to use on a RISC-based computer, you need to modify the NVRAM to include the ARC path to the floppy disk. If you configure your boot partition as a mirror set, you also need to include an ARC path to the shadow boot partition in your NVRAM. Creating boot selections for both the Windows NT startup floppy disk and the shadow boot partition is described in the section titled "Creating Alternate Boot Selections for a RISC-based Computer," presented later in this chapter.
On a RISC-based computer, only the scsi() syntax is used for hard disks. The boot selection has the following parts:
LOADIDENTIFIER is the name that appears on the Boot menu for this boot selection.
SYSTEMPARTITION is the FAT partition that contains Osloader.exe and Hal.dll.
OSLOADER is the path to the OSLOADER file itself.
OSLOADPARTITION is the boot partition that contains the Windows NT system files.
OSLOADFILENAME is the name of the Windows NT folder in the boot partition, with no drive letter.
OSLOADOPTIONS indicates any debugging options that should be set up when loading Windows NT.
This is an example of a boot selection for a RISC-based computer:
LOADIDENTIFIER=Windows NT Server 4.0
SYSTEMPARTITION=scsi(0)disk(0)rdisk(0)partition(1)
OSLOADER=scsi(0)disk(0)rdisk(0)partition(1)\Os\Nt40\Osloader.exe
OSLOADPARTITION=scsi(0)disk(0)rdisk(0)partition(2)
OSLOADFILENAME=\Winnt
OSLOADOPTIONS=nodebug
multi(W)disk(X)rdisk(Y)partition(Z)
This form of the ARC pathname is only used on x86-based computers. On Windows NT version 3.1, it was only valid for IDE, EIDE, and ESDI disks. In Windows NT 3.5 and later, it is valid for SCSI disks as well.
The multi() syntax indicates to Windows NT that it should rely on the system BIOS to load system files. This means that NTLDR, the boot loader for x86-based computers, will be using interrupt (INT) 13 BIOS calls to find and load Ntoskrnl.exe and any other files it needs to get the system running.
Note: The term multi() syntax refers to the multi(W)disk(X)rdisk(Y)partition(Z) form of the ARC pathname.
The W, X, Y, and Z parameters have the following meaning:
W is the ordinal number of the controller, and should always be 0.
X is not used for multi(), and is always 0.
Y is the ordinal for the disk on the controller, and is always 0 or 1 for disks connected to the primary controller. The range is 0 through 3 for disks on a dual-channel EIDE controller.
Z is the partition number. All partitions receive a number except for type 5 (Extended) and type 0 (unused) partitions. These numbers start at 1, as opposed to all other entries, which start with 0.
Theoretically, the multi() syntax could be used to start Windows NT from any disk on the computer. However, this would require that all disks be correctly identified through the standard INT 13 interface. But support for this varies from controller to controller, and most system BIOS only identify a single controller through INT 13.
For a configuration with IDE or EIDE disks, the multi() syntax works for up to four disks on the primary and secondary channels of a dual-channel controller. In a SCSI-only configuration, the multi() syntax works for the first two disks on the first SCSI controller (the controller whose BIOS loads first). When your computer has both SCSI and IDE or EIDE disks, the multi() syntax works only for the IDE or EIDE disks on the first controller.
scsi(W)disk(X)rdisk(Y)partition(Z)
The scsi() syntax is used for both RISC-based and x86-based computers, and is used in all versions of Windows NT. Using the scsi() syntax indicates that Windows NT needs to load a SCSI device driver and use that driver to access the boot partition.
Note: The term scsi() syntax refers to the scsi(W)disk(X)rdisk(Y)partition(Z) form of the ARC pathname.
On an x86-based computer, the device driver is Ntbootdd.sys, which can be found in the root of the system disk (generally C:). It is a copy of the device driver for the disk controller in use. On a RISC-based computer, the driver is built into the firmware, as required by the RISC standards, so no file is required.
The W, X, Y and Z parameters have the following meaning when using the scsi() syntax:
W is the ordinal number of the controller as identified by the Ntbootdd.sys driver.
X is the SCSI ID of the target disk.
Y is the SCSI logical unit number (LUN) of the disk that contains the boot partition. Y will almost always be 0.
Z is the partition number. All partitions receive a number except for type 5 (Extended) and type 0 (unused) partitions. These numbers start at 1, as opposed to all other entries, which start with 0.
When using scsi() syntax, the value of W depends upon Ntbootdd.sys. Each SCSI device driver used in Windows NT has its own method of ordering controllers, although the controller order corresponds to the order that the BIOS on the controllers loads (if they are being loaded).
Additionally, if you have more than one SCSI controller, and they use different device drivers, you should only count the controllers that are controlled by Ntbootdd.sys when determining the value of the W parameter. For instance, if you have an Adaptec 2940 (which uses Aic78xx.sys) and an Adaptec 1542 (which uses Aha154x.sys), W will always be 0. What changes is the Ntbootdd.sys file:
If you are loading Windows NT from a disk on the Adaptec 2940, Ntbootdd.sys will be a copy of Aic78xx.sys.
If you are loading Windows NT from a disk on the Adaptec 1542, Ntbootdd.sys will be a copy of Aha154x.sys.
Example ARC Pathnames
This section contains examples that you can use as models. The first two examples are for ARC pathnames on x86-based computers. The last example is a boot selection on a DEC Alpha AXP 150 computer, and should be good for all RISC-based computers with similar disk configurations.
More Than One SCSI Controller on an x86-based Computer
This example for an x86-based computer has the following disks and controllers:
Two Adaptec 2940s, each with two 1 GB hard disks at ID 0 and ID 1.
One Adaptec 1542, with two 1 GB hard disks at ID 0 and ID 4.
Each hard disk has a single, 1 GB primary partition. Partitions 1 and 2 are on the first 2940, partitions 3 and 4 are on the second 2940, and partitions 5 and 6 are on the 1542. These are the ARC pathnames that you would have in the Boot.ini file if each partition had a copy of Windows NT installed in a folder named Winnt:
Partition 1: multi(0)disk(0)rdisk(0)partition(1)\Winnt
Partition 2: multi(0)disk(0)rdisk(1)partition(1)\Winnt
Partition 3: scsi(1)disk(0)rdisk(0)partition(1)\Winnt
Partition 4: scsi(1)disk(1)rdisk(0)partition(1)\Winnt
Partition 5: scsi(0)disk(0)rdisk(0)partition(1)\Winnt
Partition 6: scsi(0)disk(4)rdisk(0)partition(1)\Winnt
For partitions 3 and 4, Ntbootdd.sys is a copy of Aic78xx.sys. For partitions 5 and 6, Ntbootdd.sys is a copy of Aha154x.sys. For partitions 1 and 2, you could also use the following pathnames:
Partition 1: scsi(0)disk(0)rdisk(0)partition(1)\Winnt
Partition 2: scsi(0)disk(1)rdisk(0)partition(1)\Winnt
provided that you had an Ntbootdd.sys file that was a copy of Aic78xx.sys. However, Windows NT Setup always use the multi() syntax for the first two SCSI disks.
Both EIDE and SCSI Controllers on an x86-based Computer
This example is for an x86-based computer with the following disks and controllers:
A dual-channel EIDE controller with three 1 GB disks, two on the primary channel and one on the secondary channel.
An Adaptec 2940 controller with a single 4 GB hard disk at ID 3.
The three EIDE disks each have a single 1 GB partition. Partitions 1 and 2 are on the primary channel of the EIDE controller, and partition 3 is on the secondary channel.
The SCSI disk has four 1 GB partitions. Partitions 4, 5, 6 and 7 are on the SCSI disk. Each partition would have the following ARC pathnames in the Boot.ini file, assuming that each partition has Windows NT installed in the Winnt folder:
Partition 1: multi(0)disk(0)rdisk(0)partition(1)\Winnt
Partition 2: multi(0)disk(0)rdisk(1)partition(1)\Winnt
Partition 3: multi(0)disk(0)rdisk(2)partition(1)\Winnt
Partition 4: scsi(0)disk(3)rdisk(0)partition(1)\Winnt
Partition 5: scsi(0)disk(3)rdisk(0)partition(2)\Winnt
Partition 6: scsi(0)disk(3)rdisk(0)partition(3)\Winnt
Partition 7: scsi(0)disk(3)rdisk(0)partition(4)\Winnt
Loading Windows NT from partitions 4 through 7 requires that the Ntbootdd.sys file be a copy of Aic78xx.sys.
Boot Selection on a DEC Alpha AXP 150
On a RISC-based computer, all boot paths are defined in the NVRAM. When creating a new boot selection for a RISC-based computer, the firmware menus prompt you for the information to enter. There are examples for defining boot selections in the section titled "Creating Alternate Boot Selections for a RISC-based Computer," presented later in this chapter.
The following example is a boot selection on a DEC Alpha AXP 150. The computer has a single hard disk at ID 0, which has a 4 MB system partition and a 396 MB boot partition. Windows NT is installed on the boot partition in a folder named Winnt and the OSLOADER folder is also named Winnt, although it is on the system partition. The boot selection has the following values:
LOADIDENTIFIER=Windows NT Server 4.0
SYSTEMPARTITION=scsi(0)disk(0)rdisk(0)partition(1)
OSLOADER=scsi(0)disk(0)rdisk(0)partition(1)\Os\Winnt\Osloader.exe
OSLOADPARTITION=scsi(0)disk(0)rdisk(0)partition(2)
OSLOADFILENAME =\Winnt
OSLOADOPTIONS=nodebug
Creating Floppy Disks for Starting Your Computer
For x86-based computers and RISC-based computers, you should create a floppy disk to use to start Windows NT if you cannot start up from the hard disk. For x86-based computers, you can also create a bootable floppy disk that you can use to start MS-DOS if you cannot start Windows NT.
Creating each floppy disk requires two steps:
Format the disk.
Copy files to the disk.
After you create the Windows NT startup floppy disk or the MS-DOS bootable floppy disk, run a virus scan program to make sure the disk is not infected. Lock the floppy disk after you finish running the virus scan. (Most floppy disks have a tab on their back side that you slide down to lock the disk. You cannot write on a floppy disk when the tab is in the locked position.)
You should test each disk before you have to use it. You should also be familiar with using the programs that you copy to the floppy disks.
Depending on your disk configuration and whether you are using an x86-based computer or a RISC-based computer, you might also have to create alternate boot selections to your Windows NT startup floppy disk. For a description of the ARC pathname conventions that you need to use in boot selections, see "Understanding ARC Pathnames," presented earlier in this chapter.
Whenever possible, you should use an ARC pathname created by Windows NT Setup during an installation. When in doubt, install a copy of Windows NT onto the disk that you want to use for the boot partition, and then copy that ARC pathname, changing the partition number and folder name as necessary.
Windows NT Startup Floppy Disk
You must format your Windows NT startup floppy disk when you are running Windows NT. You can use My Computer to format the floppy disk, or enter format a: at the command prompt. Both of these utilities copy the Windows NT Partition Boot Sector, which is required to load the Windows NT boot loader, to the floppy disk. Windows NT Help describes the procedure for formatting a floppy disk by using My Computer.
You can use the Windows NT startup floppy disk to start Windows NT in the following circumstances:
The Master Boot Record or Partition Boot Sector on the system partition has a problem.
There are problems with the disk that contains the system partition and the boot partition is on another disk.
You are reconfiguring hard disks and you want to be able to start Windows NT from the Windows NT startup floppy disk if you are having problems.
You can configure your system or boot partition as a mirror set. A mirror set creates an identical twin for the selected partition. Creating a mirror set is similar to making a copy of a document by using a copy machine. The original partition is like the original of the document, and the shadow partition is the copy. Unlike a copy machine, however, Windows NT continually updates the shadow partition when any changes are made to the original.
If you create a mirror set for your system or boot partition, there are more situations in which you can use the Windows NT startup floppy disk.
The system and boot partitions are the same partition, and the partition on the original disk has failed.
The system and boot partitions are different, and the system partition on the original disk has failed. Even though the boot partition is still good, the computer cannot access the startup files on the original system partition.
Your computer running Windows NT Server is an x86-based computer, the system partition is different from the boot partition, and the original boot partition has failed. Even though you still have the system partition, the ARC pathname in the Boot.ini file on the system partition points to the failed disk.
Note: On x86-based computers, if the Partition Table in the Master Boot Record has been corrupted, especially if the information for the system partition or boot partition is all zeroes, you might not be able to start up by using the Windows NT startup floppy disk. If you have a current backup of the Master Boot Record, try starting MS-DOS from the MS-DOS bootable floppy disk, and use the DiskSave program to replace the Master Boot Record.
The files that you need to copy to the floppy disk normally have the Read Only, System, and Hidden attributes set. If the files have either the System or Hidden attribute set, they are not visible. You need to make the files visible before you can copy them.
To copy files to the Windows NT startup floppy disk
Using My Computer or Windows NT Explorer, on the View menu, click Options.
On the View tab, select Show all files. Click OK.
Click the filename of the file to be copied.
On the File menu, click Properties.
In the Attributes box of the General tab, clear the Read Only, System, and Hidden check boxes, and click OK.
Do steps 3, 4, and 5 for each file that you want to copy.
Select the files, and then copy them to the floppy disk.
Files to Copy for an x86-based Computer
Copy the following files from the root folder of your system partition to the floppy disk you just formatted:
NTLDR — Windows NT boot loader program.
Boot.ini — describes the location of the boot partitions, specified by using Advanced RISC Computing (ARC) naming conventions.
Ntdetect.com — used for hardware detection.
Bootsect.dos — if you want to be able to dual-boot another operating system when using the Windows NT startup floppy disk.
Ntbootdd.sys — required only if you are using the scsi() syntax in the Boot.ini file. This file is not present in the root folder if you are using the multi() syntax.
The Ntbootdd.sys file is a renamed copy of the SCSI device driver used on your Windows NT computer. For example, if you are using the Adaptec 1542B SCSI controller, copy Aha154x.sys to the floppy disk, and then rename it to Ntbootdd.sys. If Windows NT Setup created an Ntbootdd.sys in your root folder, just copy that file.
You can find the device driver name by
Looking in the HKEY_LOCAL_MACHINE \HARDWARE \DeviceMap \Scsi Registry key.
Double-clicking the SCSI Adapters option on Control Panel. In the Devices tab, click Properties. Click the Driver tab to see the driver filename.
Creating Alternate Boot Selections for an x86-based Computer
To start Windows NT Server after the failure of the original system or boot partition on a mirror set, you need to have a path to the shadow boot partition in your Boot.ini file. Be sure to edit the Boot.ini file to create startup options for every contingency for your configuration.
Note: If you have created a mirror set of your system partition, you need to set the Boot Indicator flag in the System ID field of the shadow partition. Disk Administrator does not set the Boot Indicator flag when it creates the shadow partition. Use the DiskProbe program to set this flag. For information about DiskProbe, see Chapter 10, "Disk, File System, and Backup Utilities." For more information about the Boot Indicator flag, see Chapter 3, "Disk Management Basics."
If the configuration of the partitions on your original disk and shadow disk are not the same, be sure to use the correct partition number when you create the path to the boot partition on the shadow disk. For example, you might have an EISA configuration partition as the first partition on your original disk, but not on the shadow disk. If you create a mirror set for each of the other partitions on the original disk, the partition numbers will be different on each disk.
The scsi() syntax is often required to start from the Windows NT startup floppy disk, even though the multi() syntax works to start from the hard disk. If your system fails to start from the Windows NT startup floppy disk, try using the scsi() syntax instead of the multi() syntax for the pathname.
Note: The system BIOS controls whether your system starts up from a floppy or hard disk. The Boot.ini file controls from which hard disk and partition the computer loads the Windows NT system files.
The Boot.ini file has the Read Only attribute set by default. Remove this attribute before editing the file. Restoring the attribute is optional. Windows NT Setup sets the attribute to prevent accidental deletion.
The rest of this section has information for creating the pathnames for three different configurations of SCSI disks and controllers. In each example, the boot partition is configured as a mirror set. There is more information presented later in this chapter about configuring the system partition as a mirror set, in the section titled "Configuring the System Partition on a Mirror Set."
For more information about ARC pathnames, scsi() and multi() syntax, and examples with IDE and EIDE disks, see "Understanding ARC Pathnames," presented earlier in this chapter.
Single SCSI Controller
To be able to start from the shadow boot partition by using the multi() syntax on computers with a single SCSI controller:
The shadow boot partition must be on one of the first two disks on the computer.
If the boot partition is on the second disk, the first two disks must be on the same controller.
The BIOS must be enabled on the controller.
You must have used the same apparent geometry when you low-level formatted each disk.
The disk with the shadow boot partition must be the next available SCSI ID on the bus.
The disk with the original boot partition must be powered down or removed from the bus.
The following example uses the multi() syntax.
[boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\FT_TEST [operating systems] multi(0)disk(0)rdisk(0)partition(1)\FT_TEST="Windows NT Server" multi(0)disk(0)rdisk(0)partition(1)\FT_TEST="Windows NT Server [VGA]" /basevideo
If the original disk cannot be powered down, you need to have an entry in the Boot.ini file to force NTLDR to load from the shadow boot partition. This Boot.ini file loads the system from the shadow disk of a mirror set while the original disk is still functional. Rdisk(1) refers to the ordinal number and not the SCSI ID of the disk. This example has an entry for the shadow partition.
[boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\FT_TEST [operating systems] multi(0)disk(0)rdisk(0)partition(1)\FT_TEST="Original Disk" multi(0)disk(0)rdisk(1)partition(1)\FT_TEST="Shadow Disk"
More Than One SCSI Controller
If you have more than one SCSI controller on the computer, startup after a failure to a mirror set is much easier if you use the following guidelines:
Use identical SCSI controllers. This minimizes problems with device driver, performance, and feature set differences.
Disable translation on the SCSI controllers.
When using duplexed mirror sets, load balance the controllers. Include the same number of disks on each controller, if possible. This step helps with performance.
Use the scsi() syntax in the Boot.ini file.
Here is a typical Boot.ini file for starting a computer with a mirrored boot partition, and each disk of the mirror set is on a different SCSI controller. Both the original and shadow disks are assigned SCSI ID 0 on their respective controllers.
[boot loader] timeout=30 default=scsi(0)disk(0)rdisk(0)partition(1)\FT_TEST [operating systems] scsi(0)disk(0)rdisk(0)partition(1)\FT_TEST="Original Disk" scsi(1)disk(0)rdisk(0)partition(1)\FT_TEST="Shadow Disk"
If the shadow disk was assigned SCSI ID 3, then the second entry is:
scsi(1)disk(3)rdisk(0)partition(1)\FT_TEST="Shadow Disk"
Dual-Channel SCSI Controllers
Many SCSI controllers have more than one channel on the adapter card. Even though there is a single card, it appears to the computer as if there are two separate controllers. There is quite a bit of variation in the way different manufacturers handle multiple channels. Be sure to test starting up from each of the channels and disks.
If a valid ARC path cannot be found to start the computer from the shadow boot partition, you need to make changes in the system configuration. It might be necessary to consult with the controller vendor to determine the correct configuration to be able to start Windows NT Server from the shadow partition if the original disk or SCSI channel fails. Many dual-channel controllers have an option in their Setup program, or the EISA configuration program, that enables you to specify the channel to use for the startup disk.
Files to Copy for a RISC-based Computer
When you install Windows NT on a RISC-based computer, it creates a folder, such as \Os\Winnt40, that contains the Osloader.exe and Hal.dll files. On Alpha AXP-based computers, this folder also contains several files with the .pal extension. Some or all of these files might have the system, hidden, or read-only attributes set.
A Windows NT startup floppy disk for a RISC-based computer should have a folder tree identical to the RISC-based system partition. Therefore, you should create the \Os\Winnt40 folder on the floppy disk.
Copy the following files from the \Os\Winnt40 folder on your hard disk to the same folder on the floppy disk:
Osloader.exe
Hal.dll
*.pal (AXP-based computers only)
Creating Alternate Boot Selections for a RISC-based Computer
RISC-based computers start from the system firmware. You should define a boot selection in the NVRAM that points to a Windows NT startup floppy disk. You only need to use the Windows NT startup floppy disk if your original disk fails and it contains the system partition (the partition with OSLOADER). If you create a mirror set for your boot partition, you should also create a path to the shadow boot partition.
If the configuration of the partitions on your original disk and shadow disk are not the same, be sure to use the correct partition number when you create the path to the boot partition on the shadow disk. For example, if you have an EISA configuration partition as the first partition on your original disk, but not on the shadow disk, the partition numbers on your shadow disk will be different than the partition numbers on your original disk.
There are three types of RISC-based computers: Alpha, MIPS, and Power PC. The examples in the remainder of this section are for an Alpha AXP computer. The firmware menus that you use to create and change boot selections can be different for MIPS and Power PC computers. For more information about RISC-based menus, see Chapter 19, "What Happens When You Start Your Computer," in the Windows NT Workstation Resource Guide.
Creating a Path to the Shadow Boot Partition
To create a path to the shadow boot partition, create an alternate boot selection by using the Add a boot selection menu. These are the steps to get to that menu:
Start the computer. You see the Boot menu.
On the Boot menu, click Supplementary menu.
On the Supplementary menu, click Setup the system.
On the Setup menu, click Manage boot selection menu.
On the Boot selections menu, click Add a boot selection.
The following example shows the screens you would see and the selections you would make to create a path to the shadow boot partition. In this example, the system partition and the boot partition are separate partitions on the same physical disk. Both partitions are mirrored. If they were the same partition, you would have fewer entries to make to create the boot selection. If the boot partition and system partition are the same partition, that partition is considered to be the system partition.
Note: The right justified arrows (<----) in these examples indicate which selection was made, or the information that was entered.
Thursday, 03-07-96 11:18:43 AM Select a system partition for this boot selection: SCSI Bus 0 Hard Disk 0 Partition 1 New system partition <----------------------------------------- Enter location of system partition for this boot selection: Select Media: SCSI Hard Disk <--------------------------------------------------- Floppy Disk CD-ROM Enter SCSI bus number: 0 <------------------------------------- Enter SCSI ID: 2 <------------------------------------- Enter Partition: 1 <------------------------------------- Enter the osloader directory and name: \os\winnt40\osloader.exe <------- Is the operating system in the same partition as the osloader: Yes No <------------------------------------------------------------ Enter the location of os partition: Select Media: SCSI Hard Disk <--------------------------------------------------- Floppy Disk CD-ROM Enter SCSI bus number: 0 <------------------------------------- Enter SCSI ID: 2 <------------------------------------- Enter Partition: 2 <------------------------------------- Enter the operating system root directory: \winnt40 <--------------- Enter a name for this boot selection: Boot Shadow Disk <--------------- Do you want to initialize the debugger at boot time: Yes No <-----------------------------------------------------------
After entering the data, you will be back at the Boot selections menu. Select Setup menu. On the Setup menu, select Supplementary menu, and save changes.
Creating a Path to the Windows NT Startup Floppy Disk
Once you have created the Windows NT startup floppy disk, you need to create the path to it. If you do not create a path to the floppy disk ahead of time, and your original disk fails, you will have to create a path to the Windows NT startup floppy disk to be able to start the computer.
Listed below is a sample of the configuration options used to build an alternate boot selection when the Windows NT startup files are located on the Windows NT startup floppy disk. As in the earlier examples, the arrows indicate which selections were made or which data were entered.
Thursday, 03-07-96 11:25:13 AM Select a system partition for this boot selection: SCSI Bus 0 Hard Disk 0 Partition 1 New system partition <----------------------------------------- Enter location of system partition for this boot selection: Select Media: SCSI Hard Disk Floppy Disk <------------------------------------------------------ CD-ROM Enter floppy drive number: 0 <--------------------------------- Enter the osloader directory and name: \os\winnt40\osloader.exe <------- Is the operating system in the same partition as the osloader: Yes No <------------------------------------------------------------ Enter the location of os partition: Select Media: SCSI Hard Disk <--------------------------------------------------- Floppy Disk CD-ROM Enter SCSI bus number: 0 <------------------------------------- Enter SCSI ID: 2 <------------------------------------- Enter Partition: 2 <------------------------------------- Enter the operating system root directory: \winnt40 <--------- Enter a name for this boot selection: start from floppy disk <--------- Do you want to initialize the debugger at boot time: Yes No <-----------------------------------------------------------
After entering the data, you will be back at the Boot selections menu. Select Setup menu. On the Setup menu, select Supplementary menu, and save changes.
Using Alternate Boot Selections
When you have created alternate boot selections, you start an alternate one by selecting Boot an alternate operating system from the Boot menu. This example shows selecting the alternate operating system option.
ARC Multiboot Alpha AXP Version 3.5-11 Copyright (c) 1993 Microsoft Corporation Copyright (c) 1993 Digital Equipment Corporation Boot Menu: Boot Windows NT Server Version 4.0 Boot an alternate operating system <------------------------------- Run a program Supplementary menu. . . Use the arrow keys to select, then press Enter. Seconds until auto-boot. Select another option to override: 9
If you have added boot selections for the shadow boot partition and the Windows NT startup floppy disk, as described earlier in this section, and select Boot an alternate operating system, you would see a screen like the following.
ARC Multiboot Alpha AXP Version 3.5-11 Copyright (c) 1993 Microsoft Corporation Copyright (c) 1993 Digital Equipment Corporation Boot Menu: start from floppy disk Boot Shadow Disk Boot Windows NT Server 4.0 (Default) Use the arrow keys to select, then press Enter.
Each time you create a new boot selection, it becomes the default selection. The preceding example shows the menu you would see if you:
Installed Windows NT Server 4.0.
Added the selection for the shadow boot partition.
Added the selection for the Windows NT startup floppy disk.
You should use the Rearrange boot selections menu to change the default boot selection back to the hard disk. See the section titled "Using a RISC-based Computer's Boot Menu," in Chapter 19 of the Windows NT Workstation Resource Guide, "What Happens When You Start Your Computer," for information about managing boot selections.
MS-DOS Bootable Floppy Disk (x86-based Computers)
An MS-DOS bootable floppy disk is most useful if you have FAT partitions on your startup disk (the disk that contains the system partition that you use to start Windows NT).
Your MS-DOS bootable floppy disk contains the files that you need to start MS-DOS from the floppy disk. It also should contain utilities for examining the contents of disks, copying files, and creating and formatting partitions.
Note: You must start the MS-DOS operating system to format the floppy disk that you will be using for your MS-DOS bootable floppy disk. Running format from the command prompt does not copy the correct Partition Boot Sector to the floppy disk.
To create an MS-DOS bootable floppy disk
Start MS-DOS. Put a blank floppy disk in drive A. Type format a: /s and press ENTER. You must specify the /s switch to make the floppy disk bootable. This switch causes the format program to copy the file Command.com to the floppy disk.
Copy other MS-DOS-based utilities that you might want to use to the floppy disk. At a minimum, you should copy these files:
• Attrib
• Copy
• Format
• Fdisk
• Mem
• Sys.com
• a text editor
• DiskSave
Training and Testing
The skill and experience of the server administrators and operators is a big factor in getting a failed computer back on line with minimal cost and disruption to your company's business. You must have support personnel who are trained in troubleshooting problems and determining what recovery procedures to use when they have found the cause of a problem.
A high level of skill can only be maintained through practice.
In preparing a training plan for server operators, you should start by imagining some typical scenarios. For example, does each operator know the steps to take to restart the computer when the original disk of a mirror set fails and the disk contains the operating system? Your plan should cover the following items:
Does the server operator have a Windows NT startup floppy disk? On a RISC-based computer, is there an alternate boot selection available for it?
When was the last time the Windows NT startup floppy disk was tested?
If the problem is a controller failure, how long will it take to replace the controller? Is the hardware configuration information immediately available?
Effective training must start with the basics. Server administrators and operators should have a good understanding of Windows NT Server. The Microsoft Certified Professional Program is a good starting point.
Understanding operating system fundamentals is only the beginning. Fast, efficient recovery from crashes of a computer running Windows NT Server can only be achieved through practice, which can be done by scheduling drills that simulate a crashed computer or a disk failure. These drills should be done several times a year.
Computers that have recently been taken out of service, or are being prepared for production service, can be used for training. You can also buy and configure computers to use specifically for testing and training. Training sessions and drills are a good time to update recovery procedures, which you should document.
You should also test your disaster plan. See Chapter 4, "Planning a Reliable Configuration," for information about disaster planning.
Documenting Recovery Procedures
You should develop step-by-step procedures for getting a computer back online after various failures. You can use these procedures for:
Testing a new computer before putting the computer into a production environment.
Training new server administrators and operators.
Creating a Server Operations Handbook, which should include procedures for setting up new user accounts, doing backups, maintaining the Emergency Repair Disk, and other common administrative tasks.
You should review your documentation when you make configuration changes to your computers or network. Updating the documentation is especially important when you install new versions of the operating system or change the utilities that you use to maintain your system.
Testing
Now that you have created floppy disks to use to start the computer, created an Emergency Repair Disk, and backed up the Master Boot Record and Partition Boot Sector, you should use the utilities and floppy disks to practice recovering from problems. Going through the recovery process will force you to be diligent about making backups (Emergency Repair Disk, Master Boot Record, Partition Boot Sector, and data). You will also have an idea as to how long doing each procedure should take.
You should have a computer that you can use to do the following:
Look at the Master Boot Records, Partition Tables, and Partition Boot Sectors.
Find the backup Partition Boot Sector on an NTFS partition.
Deliberately destroy and recover Master Boot Records and Partition Boot Sectors.
Delete Windows NT system files and restore them by using the Emergency Repair Disk.
If you have multiple disks in your configuration or have more than one installation of Windows NT, you should thoroughly test using your Windows NT startup floppy disk to start the computer from each boot partition. This is especially critical on x86-based computers when you have a configuration that has both SCSI and IDE or EIDI disks. Sometimes, when the multi() syntax works to start from a SCSI hard disk, you must modify the Boot.ini file on the Windows NT startup floppy disk to use the scsi() syntax.
Be sure to test recovery procedures before bringing a new computer or server into production. Every server operator should have both primary and refresher training in recovering from the most common causes of unexpected server downtime. Testing should include:
Making sure that your Windows NT startup floppy disks do their job.
Rebuilding mirror sets and stripe sets with parity.
Testing UPS on the computer running Windows NT Server and on hubs, routers, and other network components.
Testing the disaster plan.
Restoring from your backups.
If you configure your boot partition as a mirror set, be sure to test that the path to the shadow partition on your Windows NT startup floppy disk is correct.
The following test is sufficient to determine if the ARC path is correct. The Stop error indicates that the Kernel successfully loaded from the ARC path specified. If the ARC path is wrong, the computer cannot load the Kernel and you would get a message that says so.
Testing the Windows NT startup floppy disk
Shutdown Windows NT. Power down disks and controllers, if necessary, to test the path to the shadow boot partition.
Use the Windows NT startup floppy disk to start the computer.
If your boot selection correctly specifies the alternate ARC path to the shadow boot partition, your computer should get part way through the startup sequence, and then fail with the following Kernel STOP error:
*** STOP: 0x0000001E (0xc0000006,0x801Abe58,0x00000000,0x00000000) KMODE_EXCEPTION_NOT_HANDLED
If the computer has software fault-tolerant volumes (a mirror set or a stripe set with parity), you should test the failure and replacement of one of the disks. Even though fault-tolerant volumes continue to work when one disk has failed, there is no fault tolerance until you install a replacement disk. A second disk failure during this interval will result in loss of data, because you lost the redundancy when the first failure occurred. If a backup disk is not available on site, you should know the business cost of the resulting downtime.
If you have hardware RAID arrays, your vendor's documentation should describe how to recover from disk or controller failures. Be sure to test that their procedures work for your installation.
If a network card or other network component fails on the primary domain controller (PDC), the server operator should be familiar with the procedure for promoting a backup domain controller (BDC), and demoting the failed server. Someone who is familiar with the procedure for reinstalling and reconfiguring the network card should also be available.
If a data volume fails, the server operator must be able to restore the data from the backup tape quickly and efficiently. The restore procedure should be tested frequently, both to insure the skill of the operator, and to test the quality of the backup tapes. The only way to test the quality of backup tapes is to do a full restore, which guarantees that the data are up-to-date and of consistent quality.
If your backup procedures involve the use of other computers running Windows NT Server, you must also verify that those backup and restore procedures work as expected. For information about what and how to backup, see "Backup Strategy" in Chapter 4, "Planning a Reliable Configuration."
Restoring Disk Information
If you have backed up the Registry, Master Boot Records, and Partition Boot Sectors, as recommended earlier in this chapter, you can recover from many disk and startup problems without having to reinstall Windows NT. This section describes using your floppy disks and tools to restart your computer and restore information.
One important thing that you can learn from testing is the best recovery procedure to use in a particular situation. For example, there are several methods that you can use to replace a Partition Boot Sector. You also want to learn when to use the Windows NT startup floppy disk to restart your computer, and when you have to use the repair process and the Emergency Repair Disk to replace files in order to start.
Starting Up by Using the Windows NT Startup Floppy Disk
Using the Windows NT startup floppy disk enables you to start up Windows NT so that you can troubleshoot the problem, recover from the problem, or just get the computer running again. Being able to restart the computer also enables you to finish the work that you need to get done now, and troubleshoot the problem later.
In a way, the Windows NT startup floppy disk is a troubleshooting tool. If you cannot start the computer by using the hard disk, and you can start by using the Windows NT startup floppy disk, the problem is probably one of the following:
There are problems with the disk that contains the system partition, and the boot partition is on another disk.
Something is wrong with the system partition itself, the Partition Boot Sector for the system partition, or the files on the system partition that are needed to start Windows NT.
On an x86-based computer, you are reconfiguring your disks, and your first hard disk does not have a system partition yet.
Using the Emergency Repair Disk
If your system files, Registry information, or Partition Boot Sector are corrupt, and you are unable to start Windows NT by using the Last Known Good control set, you can use the Repair process in Windows NT Setup to restore your system so you can start up.
To repair a Windows NT installation, Setup needs either the configuration information that is saved on the %systemroot%\Repair folder or the Emergency Repair Disk created when you installed the operating system (or you created later by using the Repair Disk program).
You cannot repair all disk problems by using the Emergency Repair Disk. Your Emergency Repair Disk needs to match the version of Windows NT that you have installed on your computer. It also needs to have current configuration information. If you have more than one installation of Windows NT on your computer, you should have an Emergency Repair Disk for each installation. You should never use an Emergency Repair Disk from another computer.
To use the Emergency Repair Disk
Start the computer from the Windows NT Setup disk 1. Insert disk 2 when it is requested. When prompted, select the option to Repair by pressing the R key. Setup displays the following options:
[X] Inspect Registry files [X] Inspect startup environment [X] Verify Windows NT system files [X] Inspect boot sector Continue (perform selected tasks)
A description of each of the options follows this procedure.
Clear all selections that you do not want to use. Click Continue (perform selected tasks).
After disk 3, you will be prompted for the Emergency Repair Disk. Follow the instructions.
Setup displays the following messages after it has finished the repair process:
Setup has completed repairs. If there is a floppy disk inserted in drive A:, remove it. Press ENTER to restart your computer.
Inspect Registry Files
The Repair process in Windows NT Setup is one of several ways that you can repair Registry keys. When you select Inspect Registry files, Setup provides you with a list of the Registry files that it can restore. It also warns you that restoring a Registry file can result in information being lost. These are the options:
[ ] SYSTEM (System Configuration) [ ] SOFTWARE (Software Information) [ ] DEFAULT (Default User Profile) [ ] NTUSER.DAT (New User Profile) [ ] SECURITY (Security Policy) and SAM (User Accounts Database) Continue (perform selected tasks)
Select the key(s) that you want to restore by entering an X between the brackets, such as:
[X] SYSTEM (System Information)
See "Creating an Emergency Repair Disk," presented earlier in this chapter, for information about how often to create the disk, and how to save the current keys.
Inspect Startup Environment
This option verifies that the Windows NT files in the system partition are the correct ones. If any of the files that are needed to start Windows NT are missing or corrupt, Repair replaces them from the Windows NT Server CD.
On x86-based computers, if Windows NT is not listed in the Boot.ini file, Repair adds a Windows NT option to the file. If there is no Boot.ini file, Repair creates one.
On a RISC-based computer, Repair inspects and repairs the startup information in the NVRAM.
Verify Windows NT System Files
This option uses a checksum to verify that each file in the installation is good and matches the file that was installed from the Windows NT Server CD. Repair uses the Setup.log file on the Emergency Repair Disk to determine what files were installed and their checksums. The repair process also verifies that files needed to start, such as NTLDR and Ntoskrnl.exe, are present and valid. To find out if one or more service packs need to be reinstalled, check Files.lst on each service pack. The Windows NT Server CD is required for this option.
When Repair determines that the file on the disk does not match what was installed, it displays a message that identifies the file and asks whether you want to replace it.
Inspect Boot Sector (x86-based Computers)
This option verifies that the Partition Boot Sector on the system partition still references NTLDR, and replaces it from the Emergency Repair Disk if it does not. The Repair process can only replace the Partition Boot Sector for the system partition on the first hard disk. The Repair process can also repair the Partition Boot Sector for the system partition on the startup disk.
If you have saved the Partition Boot Sector, you can also use the procedures described in "Replacing the Master Boot Record and the Partition Boot Sector," presented later in this chapter, to replace it.
Restoring Registry Information
There are several methods that you can use to restore Registry information.
You can use the Repair process in Windows NT Setup, which requires the Emergency Repair Disk.
If you have used the Ntbackup program or the Windows NT Server Resource Kit program Regback.exe to backup the Registry, you can restore the keys from the backup media.
You can restore just the SYSTEM key or the DISK subkey by using the procedures described in this section.
Note: Windows NT Setup and the Repair Disk program store Registry information on the Emergency Repair Disk in compressed format. If you decide to restore the SYSTEM key from the Emergency Repair Disk by using either Disk Administrator or the Windows NT Registry Editor (Regedt32.exe), you can uncompress the System._ file by using one of the expand utilities. See Chapter 7, "Disk, File System, and Backup Utilities."
Restoring the SYSTEM Key
You can use the procedures in this section to restore the SYSTEM key. Because the Emergency Repair Disk also contains this key, you would generally use these procedures only if:
You do not have an Emergency Repair Disk.
You cannot read the Emergency Repair Disk, or the information isn't current.
You had to reinstall Windows NT and want to have the most recent configuration information.
To use this procedure, you need to have saved the information, following the procedures in the section titled "Saving the SYSTEM Key," presented earlier in this chapter.
To use Disk Administrator to restore the SYSTEM key
On the Partition menu, click Configuration.
On the Configuration menu, click Restore.
A message warns you that this operation will overwrite your current disk configuration information with what was previously saved on the floppy disk. Also, any changes made during this session will be lost.
Insert the floppy disk containing the saved configuration information.
Click OK.
Disk Administrator initiates a restart of your computer.
If you do not have a floppy disk that contains the current SYSTEM key, you can search for other Windows NT installations and restore the key from %systemroot%\System32\Config\System. In this case, the information might not match the configuration that you had been using.
To use Disk Administrator to search for and restore the SYSTEM key
On the Partition menu, click Configuration.
On the Configuration menu, click Search.
A message warns you that this operation will overwrite your current disk configuration information with the information from a different installation of Windows NT. Also, any changes made during this session will be lost.
Click OK.
Disk Administrator scans your disk for other Windows NT installations, and displays a list of the installations.
Select an installation.
Click OK.
Disk Administrator initiates a restart of your computer.
See Chapter 8, "General Troubleshooting," for details about troubleshooting problems by using the SYSTEM key.
Restoring the DISK Subkey
Both the Repair Disk program and Disk Administrator save the DISK subkey with the other information that they save. You would use this procedure only if you do not have current information on either of these media or you cannot read them. You might also want to use this procedure in special situations to restore just the DISK subkey, such as having to move a stripe set from one computer to another when the first computer has failed.
If you have previously saved the DISK subkey by using the Regedt32.exe (see the section titled "Backing Up the Registy," earlier in this chapter), then you can restore it.
To restore the DISK subkey by using Regedt32.exe
Run Regedt32.exe.
Select the Registry key HKEY_LOCAL_MACHINE \SYSTEM \DISK.
On the Registry menu, click Restore.
Enter the filename or click the path to the file.
If you are restoring the key to a remote computer's Registry, the C drive designation that appears in the scroll list refers to the C drive on the remote computer.
Click OK.
Replacing the Master Boot Record and the Partition Boot Sector
For information about determining if you have a problem with either of these disk sectors, and procedures for displaying them, see Chapter 6, "Troubleshooting Startup and Disk Problems." For information about the utilities that you can use to save, replace, and edit these disk sectors, see Chapter 7, "Disk, File System, and Backup Utilities."
Caution: Be careful when you use the low-level disk editors described in this section. If you replace the wrong sector, or change individual bytes to the wrong data, you can make your problems far worse. You could destroy information that is needed by Windows NT, and your only option would be to reformat the partition or the entire disk.
Replacing the Master Boot Record
There are two problems that can occur in the sector containing the Master Boot Record:
The Master Boot Record might be corrupt.
The Partition Tables can be damaged.
On many x86-based computers, the fastest and simplest way to replace the Master Boot Record on an x86-based computer is to use an MS-DOS bootable floppy disk with the MS-DOS-based program Fdisk on it.
Caution: Do not use Fdisk to replace the Master Boot Record if you are using a:
Third-party translation program.
Dual-boot program that writes information in the area between the code and the Partition Table.
Third-party partitioning program that writes information in the area between the code and the Partition Table.
If you do not know whether you are using a program like this, you should not use this method.
To replace the Master Boot Record
Start the computer by using the MS-DOS bootable floppy disk. (You did run virus check and lock the floppy disk after you made it, didn't you?)
At the A:\ prompt, type fdisk /mbr.
This command replaces the Master Boot Record without altering the Partition Table at the end of the sector. There is no message or response.
If there is a Windows NT disk signature in the Master Boot Record, it is overwritten by the new Master Boot Record. Overwriting the disk signature is a problem only if the disk contains partitions or logical drives that are members of mirror sets, stripe sets with parity, volume sets, or stripe sets. You can safely overwrite the disk signature when the disk has none of these volumes, because Disk Administrator writes a new disk signature the next time you run it.
Note: The fdisk /mbr command requires MS-DOS 5.0 or later, and only works on the first hard disk on the computer.
If you have saved the Master Boot Record by using either DiskSave (x86-based computers only) or DiskProbe, you can use one of these utilities to replace the Master Boot Record. These utilities rewrite the entire sector, including the Partition Table. If you cannot start Windows NT from the hard disk, you can usually start the computer by using the Windows NT startup floppy disk if you want to use DiskProbe to replace the Master Boot Record.
If none of these methods are available to you, you can use a low-level disk editor to copy a good Master Boot Record from another disk to the startup disk (usually disk 0 on x86-based computers). Since the smallest disk write is a sector, when you copy the Master Boot Record from another disk, you are also copying the other disk's Partition Table, which is not valid for the current disk. Therefore, you must first write down the partition information in the Master Boot Record that you are going to replace, starting from 0x1BE. You have to manually reenter the Partition Table information in hex format into the newly copied sector.
If you can start Windows NT by using the Windows NT startup floppy disk, you can use DiskMap to print a map of the disk. When you have copied a Master Boot Record from another computer of the same type (for example, another computer made by the same manufacturer with the same models of disk controllers), use DiskProbe to enter the information for the Partition Table. For information about DiskMap and DiskProbe, see Chapter 7, "Disk, File System, and Backup Utilities."
After you have replaced the Master Boot Record, you should check that it is now correct. If the Master Boot Record is not correct after replacing it, there is either a hardware problem, such as incorrect SCSI termination, or (on x86-based computers) there is a virus in memory that is trapping interrupt (INT) 13 calls. You have to isolate and correct the problem that is corrupting the Master Boot Record.
Repairing the Partition Table
If you have not changed the Partition Table since you saved the Master Boot Record, replacing the Master Boot Record also replaces the Partition Table.
If you have made only minor changes to the Partition Table since you saved the Master Boot Record, you might be able to use the information on the backup to help you repair the Partition Table. For instance, if the only change you have made is to convert a partition from FAT to NTFS, just change the System ID byte from 06 to 07.
If your disk has more than one partition, and you did not save the Master Boot Record or write down the information, you might be able to reconstruct it. You can use DiskProbe to edit the Partition Table.
Note: If you will have to completely rebuild your Partition Table, either because of corruption or you had to copy the Master Boot Record from another computer, it might be safer to completely rebuild your disk. In this case, you should back up all of your files to tape (or another computer), recreate and reformat the partitions on the hard disk, and restore the data. If the disk with the invalid Partition Table contains your system or your boot partition, you will probably have to use the Windows NT startup floppy disk to start your computer.
Replacing the Partition Boot Sector
There are several methods that you can use to replace the Partition Boot Sector.
If you have saved the Partition Boot Sector by using either the DiskProbe or the DiskSave program, you can replace the sector from the backup. This is the fastest way to replace the Partition Boot Sector.
For NTFS volumes, there is one other alternative. When you create or reformat an existing volume as an NTFS volume, the NTFS file system writes a duplicate of the Partition Boot Sector at the end of the volume (Windows NT version 4.0) or at the logical center of the volume (Windows NT 3.51 and earlier). You can use the Windows NT-based program DiskProbe to locate and copy this sector to the beginning of the volume. There are also third-party MS-DOS-based disk utilities that you can use to locate and copy this sector.
You might want to display the Partition Boot Sector to make sure it is now correct. Once you have copied the Partition Boot Sector to the first sector of the partition, you should be able to start Windows NT.
Restoring Windows NT Files on the System Partition
If any of the files that Windows NT installs on the system partition are missing or corrupt, you cannot start your computer. These are the files:
x86-based file |
Folder |
RISC-based file |
Folder |
|---|---|---|---|
NTLDR |
root |
Osloader.exe |
\Os\Winnt40 |
Boot.ini |
root |
no equivalent |
|
Bootsect.DOS |
root |
no equivalent |
|
Ntdetect.com |
root |
no equivalent |
|
Ntbootdd.sys (SCSI only) |
root |
no equivalent |
|
Hal.dll is in the boot partition |
|
Hal.dll |
\Os\Winnt40 |
no equivalent |
|
*.pal files (Alpha-based computers) |
\Os\Winnt40 |
You can restore any of these files by using the Repair process and the Emergency Repair Disk. However, because you copied these files to your Windows NT startup floppy disk when you created it, you can use that disk to restore them.
To use the Windows NT startup floppy disk to restore system files
Start your computer by using the Windows NT startup floppy disk.
Replace individual files, or replace all of the files, by copying them from the Windows NT startup floppy disk to the corresponding location on your system partition.
Configuring and Using Mirror Sets and Stripe Sets With Parity
This section discusses using features that are available in Windows NT Server software to implement mirror sets and stripe sets with parity. It does not discuss configuring or using hardware RAID arrays.
There are four topics in this section:
A general overview of mirror sets ands stripe sets, and the information that you see in Disk Administrator.
Configuring the system partition on a mirror set, which describes the best way to implement a mirror of the system partition. It also describes starting up by using the shadow system partition, and rebuilding the mirror set after you have repaired or replaced the failed component.
Procedures for creating mirror sets and stripe sets with parity.
Guidelines and procedures for reconstructing mirror sets and stripe sets with parity after you have repaired or replaced the failed component.
Overview
A mirror set creates an identical twin for the selected partition. Creating a mirror set is similar to making a copy of a document by using a copy machine. The original partition is like the original of the document, and the shadow partition is the copy. Unlike a copy machine, however, Windows NT continually updates the shadow partition when any changes are made to the original.
Note: In this chapter and other chapters in the "Reliability and Recoverability" part of this book, the terms original disk and original partition refers to the original partition, and shadow disk and shadow partition refers to the disk or partition that contains the copy.
A stripe set with parity is composed of strips of equal size on each disk in the volume. One of the strips in each stripe is used for parity information.
For a more complete description of mirror sets and stripe sets with parity, including the parity information, see the section titled "Planning a Fault-Tolerant Disk Configuration," in Chapter 4, "Planning a Reliable Configuration."
Because a mirror set or stripe set with parity requires more than one disk, you might have to buy and install additional disks. To increase the redundancy, you might want to buy more disk controllers. It is a good idea to have a spare disk and controller of the same type available. If you are using RAID hardware, follow the manufacturer's installation instructions. When using software fault tolerance, using SCSI controllers is more efficient and provides an additional recovery mechanism of sector sparing. For more information, see "Processing of Disk Errors" in Chapter 3, "Disk Management Basics."
You use Disk Administrator to create and recover mirror sets and stripe sets with parity. When you select one of the partitions of a mirror set or stripe set with parity, Disk Administrator displays information about the volume in the lower left corner of the window. The information looks like:
<Volume> #N [status]
where
<Volume> is stripe set, mirror set, or stripe set with parity.
N is the number of the volume.
The following table shows the possible status values.
Table 5.1 Disk Administrator status information for stripe sets, mirror sets, and stripe sets with parity
Mirror set |
Stripe set with parity |
Stripe set |
Meaning |
|---|---|---|---|
HEALTHY |
HEALTHY |
HEALTHY |
The volume has been initialized, and there are no errors. |
NEW |
NEW |
NEW |
Appears immediately after the volume has been created, but before shutting down the system to begin generation of the volume. |
REGENERATING |
INITIALIZING |
INITIALIZING |
Generation of the volume has been started, but is not yet completed. |
RECOVERABLE |
RECOVERABLE |
Not applicable |
Appears when one of the partitions in the volume has been lost, but the other partition(s) is (are) undamaged. This message also appears when one partition loses synchronization with the other(s). |
Configuring the System Partition on a Mirror Set
If you want to upgrade an existing Windows NT installation on a mirror set, you have to break the mirror set before starting Windows NT Setup. This means that you have to recreate the mirror set of the boot partition to have the Windows NT installation copied to the shadow partition.
The term duplexed mirror set means that each disk in the mirror set has its own disk controller. The controllers in a duplexed mirror set should be the same manufacturer and model
On x86-based computers, if your system partition is on a SCSI disk, you must have the BIOS enabled on its SCSI controller. Otherwise, the system BIOS will not be able to find Master Boot Record.
If you have created a mirror set of your system partition by using two SCSI controllers, you must make sure that you are using the same translation on the two controllers. If you are using different translations on your original disk and shadow disk, you will have to use the Windows NT startup floppy disk to start from the system partition on the shadow disk if the original disk fails. In addition, if you reconstruct the system partition on the original disk from the one on the shadow disk, you will not be able to start from either hard disk, and will always have to use the Windows NT startup floppy disk to start Windows NT.
You use the translation feature on SCSI controllers to set the translation mode. Because you have to disable the BIOS on the second controller, Windows NT always translates the geometry of the shadow partition to 32 sector per track and 64 heads per cylinder. Therefore, it is important to make sure the SCSI controller for the original disk is using the same translation. When their BIOS is enabled, most SCSI controllers default to a large disk translation scheme if the disk is larger than 1 GB. The geometry for this translation is 255 heads and 63 sectors. Most SCSI controllers have some method to manually configure the controller to use the 32 sectors, 64 heads translation. Using 32 sectors and 64 heads on the controller for the original disk insures that both disks are as close to a true sector by sector mirror image as possible. Recovery from failures of the original disk or its controller is much easier if the geometry of both disks is the same. The only disadvantage is that the system partition must be within the first 1 GB, or 1024 cylinders, of the disk.
Disabling the controller BIOS is different than turning off translation. Problems occur on x86-based computers because you need to have the BIOS enabled on the first controller in order to start the computer from the hard disk. If you do not turn off translation on both controllers, and the first controller fails, you need to enable the BIOS on the second controller. The translation on the second disk is now different than when you low-level formatted it, and you cannot use the disk. If your controller does not have the option to turn off translation, you can always leave the BIOS disabled, and use the Windows NT startup floppy disk to startup from the second controller.
Note: If you disable the BIOS on both controllers, it does not matter if translation is enabled or disabled. However, you will not be able to start up from the hard disk if the BIOS is disabled.
If you get a message "drive is too small" when you try to reconstruct the mirror set after the failure of the original disk, the translation is not consistent.
Having two different SCSI controllers makes a trouble-free system restart in the event of a hardware failure far more difficult. If you use two different SCSI controllers in your mirror set, you need to have a different SCSI device driver for each controller. When you create your Windows NT startup floppy disk, you need to copy both device drivers to the disk. Then, when you use the Windows NT startup floppy disk, you need to rename the one for the controller that you will be using to Ntbootdd.sys. Alternatively, you can create two separate Windows NT startup floppy disks, copy the appropriate driver to each one, and rename it to Ntbootdd.sys.
You can use EIDE controllers for a mirror set of the system partition, and using them is less complex than using SCSI controllers on x86-based computers. EIDE disks usually require motherboard BIOS support for logical block addressing (LBA), and each motherboard usually does the LBA in the same way for all EIDE disks.
If you are going to mirror an IDE or EIDI disk with a SCSI disk, you should not mirror your system partition. You will probably have problems with incompatible geometry, and will always have to use the Windows NT startup floppy disk to restart after a failure of your original system partition. However, you can safely mirror your boot partition.
Recovering from the failure of the original system partition can be difficult if you do not plan your configuration and recovery procedure carefully. Following the procedures in this section give you the easiest and most reliable recovery process.
To create a mirror set of the system partition
Enable the BIOS on the controller for the disk with the system partition, but make sure that translation is turned off if the disk is larger than 1 GB. Use the SCSI setup program to turn off translation and set the geometry to use.
Disable the BIOS on all other SCSI controllers.
Make sure that the two disks you are mirroring are identical models.
Low-level format both disks by using the controller that has the BIOS enabled.
Make sure the partition layout on the two disks is the same, and that the cluster size is the same on both partitions.
Install Windows NT on the original disk.
Create the mirror set.
When the mirror set has finished initializing, set the Boot Indicator flag for the shadow disk. Disk Administrator does not set this flag. You can use the DiskProbe program, described in Chapter 7, "Disk, File System, and Backup Utilities," to set this flag.
When the shadow disk or controller fails, recovery is basically the same as recovering from the failure of any mirror set. You should follow the same guidelines for having identical disks and controllers as described earlier in this chapter. You can use the procedures in "Recovering a Mirror Set," presented later in this chapter, to rebuild the mirror set when you have the replacement hardware.
When the original disk or controller fails, Windows NT automatically starts using the shadow disk for all accesses. However, sometimes a problem is not detected until you try to start the computer. In this case, you can use the Windows NT startup floppy disk to start from your shadow partition. This method minimizes the amount of time that you are down, and allows you to schedule the reconstruction of the mirror set for a less busy time. You might need to power down the failed disk or remove it from the SCSI bus before attempting to start from the shadow partition.
When you can schedule down time on the computer, use one of the following two methods to reconstruct the mirror set.
Simplest method to reconstruct the mirror set
While running Windows NT Server:
Break the mirror set, if you did not break it earlier. You can break the mirror set at any time after the failure, but you need to break it before you can start from your shadow disk without using the Windows NT startup floppy disk. The procedure to break the mirror set is described in the section titled "Recovering a Mirror Set," presented later in this chapter.
If you did not set the Boot Indicator flag in the System ID field of the system partition on the shadow disk, you can set it now by using Disk Administrator, because you have broken the mirror set. See Chapter 3, "Disk Management Basics," for information about this flag.
Shutdown the computer.
Note: If you do not break the mirror set, you might get a Stop error 0xC000021A. This error occurs when there is an inconsistency in the Registry key HKEY_LOCAL_MACHINE \SYSTEM. When you get this error after a failure of the mirrored system partition, it is usually because the FT bit is set in the Master Boot Record, but the HKEY_LOCAL_MACHINE \SYSTEM \DISK Registry subkey does not have information about the mirror set. Your only recovery in this situation is to use a third-party low-level disk editor to clear the high order two bits of the Boot Indicator field for this partition. You will still have to break the mirror set after you startup Windows NT.
Remove the old original disk.
Replace the original disk with the shadow disk, changing SCSI IDs, if necessary.
Restart the computer. You might get a STOP 0x7b, a missing operating system error message, or similar errors that indicate there is something wrong with the Master Boot Record or the system partition on the shadow disk. You can do the following things to try to start from the shadow disk:
On x86-based computers, start the computer from your MS-DOS bootable floppy disk and replace the Master Boot Record by entering fdisk /mbr at the MS-DOS prompt. See the caution about using this switch in the section titled "Replacing the Master Boot Record," presented earlier in this chapter.
To replace the Windows NT files on the system partition, use Windows NT Setup, and select repair. Select the options to Inspect boot sector and Inspect startup environment, but do not select Inspect Registry files or Verify Windows NT system files.
If you cannot start from the shadow disk, move the shadow disk back to its old position. Use the next procedure described in this section to reconstruct the mirror set.
If you can start from the shadow disk:
Shut down the computer.
Install a new disk in the shadow disk's previous location.
Low-level format the new shadow disk, if necessary. If you have a duplexed mirror set, and the disk is larger than 1 GB, be sure to use the same translation (32 sectors, 64 heads) on the two disks.
Start up the computer.
Use Disk Administrator to recreate the mirror set. Make sure to set the Boot Indicator flag on your newly created shadow disk by using DiskProbe.
There are times when the preceding procedure will not work, such as when you are using a Compaq computer with the EISA configuration partition as the first partition on the system disk.
The next procedure always works to recover from a failure of the original system partition if you set up your configuration as described earlier in this section, and if the shadow disk was not also damaged by the failure. You will need to schedule some down time for the computer when you are ready to replace the original disk.
The next procedure takes longer than simply swapping the original disk for the shadow disk and making the shadow disk the new original, but it guarantees that you have a stable system. After you have had one disk failure on the computer, you might not want to rely on the remaining disk as the original disk, because it might have been affected in some way. This procedure is much safer from a hardware as well as a software standpoint.
Most reliable method to reconstruct the mirror set
While running Windows NT Server:
Break the mirror set, if you did not break it earlier. You can break the mirror set at any time after the failure, but you need to break it before you can start from your shadow disk without using the Windows NT startup floppy disk. The procedure to break the mirror set is described in the section titled "Recovering a Mirror Set," presented later in this chapter.
If you did not set the Boot Indicator flag in the System ID field of the system partition on the shadow disk, you can set it now by using Disk Administrator, because you have broken the mirror set. See Chapter 3, "Disk Management Basics," for information about this flag.
Back up the entire shadow disk, including the Registry.
Shutdown the computer.
Replace the original disk with a new disk of the same make and model. (If you had to move the shadow disk or change its SCSI ID because of the failure, change it back to the original configuration.)
Low-level format the replacement disk, if necessary. If you have a duplexed mirror set, and the disk is larger than 1 GB, be sure to use the same translation for the two disks (32 sectors, 64 heads).
Install Windows NT on the new disk, creating and logically formatting partitions, as necessary. Make sure you install Windows NT into the same folder as your previous installation was in.
Start the new installation of Windows NT. Restore the backup, including the Registry.
Restart the computer from the original disk, and verify that the restore recovered all of the information on the disk.
Use Disk Administrator to delete the partitions on the shadow disk, and re-create the mirror. You might need to create other partitions on the shadow disk so you have the same layout on the two disks. Make sure to set the Boot Indicator flag on your newly created shadow system partition by using the DiskProbe program, as described in Chapter 7, "Disk, File System, and Backup Utilities."
Creating a Mirror Set or Stripe Set With Parity
If you are using all SCSI disks, it is a good idea to use the same translation on all SCSI controllers whose disks are members of a mirror set or stripe set with parity. On x86-based computers, you should disable translation any time that you do not need to do the following:
Dual-boot with MS-DOS.
Have a system partition or boot partition larger than 1 GB.
The following Disk Administrator screen shot shows three things:
The unpartitioned space that you can use to create a mirror set of primary partitions F and G is the 350 MB are on the right side of disk 0.
You cannot use the free space to the right of logical drive E for a mirror set, because it is free space at the end of an extended partition.
You cannot create a stripe set with parity, because you have only two disks. If you had a third disk, with unpartitioned space, you still could not create a stripe set with parity. You need at least three disks with unpartitioned space, and disk 1 is completely partitioned.
.gif "Cc751046.xsr_f07(en-us,TechNet.10).gif")
.gif "Cc751046.xsr_f07(en-us,TechNet.10).gif")
Note: The key below the status bar in Disk Administrator identifies what kinds of volumes are configured on the computer. For example, if you created a mirror set, you would see Mirror set in addition to Primary partition and Logical drive.
When you create a mirror set or stripe set with parity, Disk Administrator creates a primary partition for the areas of unpartitioned space that you select on each disk. You cannot use free space on a disk for either of these volumes if:
There are already three primary partitions, or two primary partitions and one extended partition defined on the disk.
The free space is part of an extended partition.
Disk Administrator Help contains details about procedures for creating mirror sets and stripe sets with parity.
Creating a Mirror Set
If you need to dual-boot with MS-DOS, you cannot mirror your system partition. If you need a boot partition larger than 1 GB, you need to enable translation. However, you should not mirror your system partition if it goes beyond 1 GB.
When you want to create a mirror set, the original partition that you want to mirror must already exist. You must have an area of unpartitioned disk space at least as large as the original partition on another disk connected to the computer.
If the unpartitioned space you select for the partition on the shadow disk is larger than the existing primary partition, the space left over remains unpartitioned space, and can be used to create other partitions (if there are fewer than four partitions on the disk). For example, if you create a mirror set using the configuration shown in the preceding Disk Administrator screen shot, there will be unpartitioned space following the shadow partition. However, you cannot use that unpartitioned space, because you will have three primary partitions and one extended partition on disk 0.
To use Disk Administrator to establish a mirror set
Select the partition that you want to duplicate. Press CTRL, and click an area of unpartitioned space on another disk that is the same size or larger than the partition you selected.
On the Fault Tolerance menu, click Establish Mirror.
Disk Administrator creates an equal-sized partition in the unpartitioned space for the mirror set, and assigns the drive letter to the mirror set.
Note: In some cases, where a mirror set is being established, a slightly larger amount of space is required for the shadow partition than for the partition on the original disk. This happens when geometry differences exist between the disks.
If you are mirroring the system partition, Disk Administrator displays a message box reminding you to create a Windows NT startup floppy disk.
On the Partition menu, click Commit Changes Now. Select Yes in the Commit Changes dialog box.
A Confirm change/restart dialog box is displayed; again select Yes. A message box prompts you to update your Emergency Repair Disk, which you should do by using the Repair Disk program (Rdisk.exe). Finally, you are prompted to shutdown, and restart the system. The only option is OK. The system shuts down and restarts.
After the system restarts, open Disk Administrator. The status bar displays a message Mirror Set #N [INITIALIZING].
The drive letter, volume label, and size of the mirror set appear in red text. This visual cue indicates that the system is generating the partition in the background. While the text is highlighted in red, fault tolerance is not functional.
Note: In the Disk Administrator display, information about the partition is not updated automatically. If you click on the partition, the information for that volume updates. You can also check the event log to know when the generation of the shadow partition is finished.
Creating a Stripe Set With Parity
When you want to create a stripe set with parity, you must have at least three unpartitioned areas on different disks connected to the computer. Even though a partition is not completely full, you cannot use the space that is part of an existing partition. If you do not have enough unpartitioned space available, but have enough unused areas in existing partition(s), you can create unpartitioned disk areas by:
Backing up the data in the existing partition(s).
Deleting the partition(s).
Creating a new, smaller partition, leaving part of the disk unpartitioned.
Restoring the data to your new partition.
As with a mirror set, if the areas of unpartitioned space that you select for a stripe set with parity are not all the same size, the space left over can also be used for other partitions.
When using a stripe set with parity, performance should be better if you put the operating system and page file on a controller other than the one used for the strip set with parity. You can use different types of controllers for the operating system and the stripe set with parity when you have them on different controllers. For more suggestions, see "Stripe Set With Parity" in Chapter 4, "Planning a Reliable Configuration."
To use Disk Administrator to create a stripe set with parity
Select areas of unpartitioned space on three to 32 hard disks by selecting an area of unpartitioned space on the first disk, pressing CTRL, and then choosing additional areas of unpartitioned space on other hard disks.
If the areas selected vary in size, then the smallest area is used as the base partition size. For example, if the unpartitioned space consists of a 700 MB on disk 1, and 900 MB each on disks 2 and 3, only 700 MB on each disk is used as part of the stripe set with parity.
On the Fault Tolerance menu, click Create Stripe Set With Parity.
Disk Administrator displays the minimum and maximum sizes for the stripe set with parity. The default size is the maximum allowed for the disk areas selected.
The size you choose is the total disk space that is used, not the size available for data on the stripe set with parity. For example, if four 200 MB partitions are selected:
Disk Administrator displays 800 MB for the maximum size.
You have 600 MB available for data, if you select the maximum size. The other 200 MB are used to store the parity information.
If you want to use less than the maximum size, the formula is
data size = (total size) - ((total size) / (number of disks))
On the Create Stripe Set With Parity dialog box, type the size of the set that you want to create, and then click OK.
Disk Administrator divides the total size that you enter by the number of disks in the set to create equal-sized, unformatted primary partitions on each of the selected disks. It then assigns a single drive letter to the collection of partitions that make up the stripe set with parity. Disk Administrator displays the stripe set with parity as New Unformatted space.
On the Partition menu, select Commit Changes Now.
You are prompted to save your disk configuration changes. Select Yes.
You are notified that you need to restart the computer for the changes to the configuration to take effect. Click Yes in the dialog box.
You are notified that the disks were updated successfully.
This means that the new configuration information has been saved in the Registry. This dialog box also prompts you to update the Emergency Repair Disk.
You are prompted to restart your computer so that the changes can take effect. The only option is OK. The system automatically closes all open applications and restarts the system.
When restart is completed, open Disk Administrator again. On the Tools menu, click Format. You can format a stripe set with parity with either the FAT file system or the NTFS file system. When you have entered all of the information in the Format dialog box, click Start. The stripe set with parity begins initializing immediately. Disk Administrator displays a message Stripe Set with Parity #N [INITIALIZING] on the status bar. The drive letter, volume label, and size of the stripe set with parity appear in red text during initialization.
Recovering a Mirror Set or Stripe Set With Parity
The process of error detection and recovery for software fault-tolerant volumes is very similar for both mirror sets and stripe sets with parity. The Windows NT response to the problem depends on when the problem occurred. For recovery of a hardware fault-tolerant volume, see the documentation for the controller that you are using.
When a disk that is part of a mirror set or a stripe set with parity fails during normal operation, it becomes an orphan. When FtDisk (the fault-tolerant driver) determines that a disk has been orphaned, it directs all reads and writes to the other disk(s) in the set.
It is important to note that the process of orphaning a partition does not occur during a read, only during a write. The read cannot possibly affect the data on the disks, so performing orphan processing is not necessary.
The following error message is displayed:
.gif "Cc751046.xsr_f02(en-us,TechNet.10).gif")
The operating system should continue to work normally. Users accessing resources over the network should not be affected.
You should back up important data immediately, since the volume is no longer fault tolerant. Use a new tape for backup, not an existing tape. You should replace the failed disk and begin the recovery of the mirror set or stripe set with parity as soon as possible.
During system initialization, if the system cannot locate a partition in a mirror set or a stripe set with parity, it logs a severe error in the event log, marks the partition as an orphan, and uses the remaining partition(s) of the mirror set or stripe set with parity. The system continues to function by using the fault-tolerant capabilities inherent in such volumes.
In Disk Administrator, if you select a mirror set or stripe set with parity that has had a failure, you see a message in the status bar that says <Volume> #N [RECOVERABLE] where <Volume> is either mirror set or stripe set with parity.
Recovering a Mirror Set
There are different methods to use for recovering mirror sets, depending on which partition failed, and whether it contains the system or boot partition. When the disk or controller for the original system or boot partition fails, you will probably have to use the Windows NT startup floppy disk to start from the shadow partition, or reconfigure the shadow disk as the original disk. For information about when you need to use the Windows NT startup floppy disk, see "Creating a Windows NT startup floppy disk," presented earlier in this chapter.
If the failure does not cause any disruption in service, you can continue running in a non-fault-tolerant configuration and schedule a time to regconstruct the mirror set. This activity could occur during a normally scheduled maintenance period or during a less busy time.
You must first break the mirror-set relationship to expose the remaining secondary partition as a separate volume. This step prevents problems when restarting the system.
To break the mirror set
Open Disk Administrator and select the mirror set you want to break.
On the Fault Tolerance menu, click Break Mirror.
In the Confirm message, select Yes.
The remaining, working member of the mirror set receives the drive letter that was previously assigned to the complete mirror set. The orphaned partition receives the next available drive letter, or whatever letter you want to assign.
You can now shut down the system and replace the failed disk. The failed disk can be replaced with any disk that is the same size or larger. It is a good idea to use a disk as similar to the remaining disk as possible. If the failed disk contained the system partition, see the section titled "Configuring the System Partition on a Mirror Set," presented earlier in this chapter.
Note: When you move or replace a disk that was at the end of a SCSI bus, be sure that you terminate only the disk that is now at the end of the bus.
To recontruct the mirror set
Perform a low-level format of the new disk on the same controller that will be used with the new disk.
This step eliminates any possibility of translation problems.
If the failed disk was the shadow disk, use the same SCSI ID as the failed disk.
If the failed disk was the original disk, you might want to swap SCSI IDs, so that the remaining disk becomes SCSI ID 0.
Restart the system.
Once you have restarted the computer, follow the procedure in the earlier section titled "Creating a Mirror Set or Stripe Set With Parity" to reconstruct the mirror.
This step requires a second restart of the system to reconstruct the mirror.
After the mirror initialization is complete, update your system information, if necessary, as described in the section "Maintaining Configuration and Essential System Information," earlier in this chapter.
Recovering a Stripe Set With Parity
When a member of a stripe set with parity is orphaned, you can reconstruct the data for the orphaned member from the remaining members. Use the following procedure to initiate the recovery of the stripe set with parity. When you restart the computer, the FtDisk program reads the information from the strips on the other member disks, reconstructs the data of the missing member, and writes it to the new member.
If your computer running Windows NT Server has failed and you need to have the data available sooner than the expected repair time, you can move the disks containing the stripe set with parity to another computer and build the Registry key HKEY_LOCAL_MACHINE \SYSTEM \DISK by using the FtEdit program. The procedure is described in Chapter 7, "Disk, File System, and Backup Utilities."
To reconstruct a stripe set with parity
Open Disk Administrator, and select the recoverable stripe set with parity.
Select an area of unpartitioned space of the same size or larger on the replacement disk.
If the failure is due to a power failure or cabling failure on a single device, you can regenerate within the orphaned member of the original stripe set with parity once the hardware state is restored.
On the Fault Tolerance menu, choose the Regenerate command.
Quit Disk Administrator, and restart your computer.
The reconstruction process occurs in the background. If you open Disk Administrator, the message in the status bar is Stripe set with parity #n [INITIALIZING].
You might receive the following error message when attempting to reconstruct a stripe set with parity:
The drive cannot be locked for exclusive use...
This error occurs if Disk Administrator does not have exclusive access to the stripe set with parity, which happens if the page file, or some other system service, like Microsoft SQL Server or Microsoft Systems Management Server, is accessing the disk. You must temporarily shutdown these services and relocate the page file to regenerate the stripe set with parity.
Note: You should not put your page file on a stripe set with parity, because it degrades performance. If you want to have your page file on a fault-tolerant volume, use a mirror set instead.
Using an Uninterruptable Power Supply
An Uninterruptable Power Supply (UPS) supplies power to a computer system in the event of a power fluctuation or complete power loss. The UPS has electronics built in that constantly monitor line voltages. If the line voltage fluctuates above or below predefined limits, or fails entirely, the UPS supplies power to the computer system from built-in batteries. The UPS converts the Direct Current (DC) battery voltage into the Alternating Current (AC) voltage required by the computer system. The changeover to batteries must take place very rapidly or the computer can lose data.
Most UPS devices are one of the following types:
Online UPS. You connect an online UPS between the main power and the computer to constantly supply your computer system with power. Connecting it to the main power keeps its battery charged. This method provides power conditioning, which means that it removes spikes, surges, sags, and noise.
Standby UPS. This device is configured to provide either the main power or its own power source and to switch from one to the other as necessary. When the main power is available, the UPS device connects the main power directly to the computer and monitors the main power voltage level. When the main power fails or the voltage falls below an acceptable level, the UPS device switches the power fed to the computer from the main power to its own power.
UPS systems provide a hardware interface that can be connected to the computer. Using appropriate software, this interface enables an orderly handling of the power failure, including performing a system shutdown before the UPS batteries are depleted. Without such software, an orderly shutdown of the system is not possible without human intervention.
The most important consideration in selecting a UPS product is to use only hardware that is listed on the Windows NT 4.0 Hardware Compatibility List (HCL). Other items to consider are:
Whether to use a UPS per computer or have larger capacity, centralized UPSs that protect multiple computers.
What type of UPS you want (standby and online are the most common).
The sizing for the UPS (how big the UPS needs to be to protect the load).
How long it needs to keep running before automatic shutdown.
Which features you want to have in your UPS, such as:
Continuous conditioning of the incoming power to provide clean, steady power.
A Simple Network Management Protocol (SNMP) card that you can plug into the UPS and use network management software to remotely monitor the UPS.
Software that logs UPS information to the event log, or produces statistics.
Software for testing the integrity and reliability of the UPS battery.
Windows NT has built-in UPS functionality that takes advantage of the special features that many UPS systems provide. These features ensure the integrity of data on the system and provide for an orderly shutdown of both the computer system and the UPS should a power failure last long enough that the UPS batteries become depleted. In addition, users connected to a computer running Windows NT Server can be notified that a shutdown will occur and new users are prevented from connecting to the computer. Finally, damage to the hardware from a sudden, uncontrolled shutdown can be prevented.
Some vendors also provide a user interface for configuring the UPS, which you can use instead of the one provided in Windows NT.
This section contains a general overview of the Windows NT UPS service and discusses configuring and using the UPS on a computer running Windows NT. To fully protect your network, you should also install UPSs on network devices such as routers, hubs, and bridges. For the best protection, install UPSs on the cables that connect your computer and modem, telephone, printer, and network equipment.
For more information about UPS, see Chapter 7, "Protecting Data," in the Windows NT Server Concepts and Planning book.
Configuring the UPS Service
Use the UPS option on Control Panel to configure the Windows NT UPS service. The following dialog box is displayed:
.gif "Cc751046.xsr_f03(en-us,TechNet.10).gif")
You need to specify the serial port that the UPS is installed on. The information that you enter in the other fields depends upon your specific UPS and how you want to use it.
When selecting the signals to use in the UPS Configuration group box, the interface voltages you specify are those that indicate an active state for the signal. In other words, if you select a negative interface voltage for the power failure signal, this means that the signal is normally positive and changes to negative when a power failure occurs.
If you want the UPS service to run a command file when a power failure occurs, select the Execute Command File check box and enter the name of the file. Windows NT terminates the command file if it does not complete its execution within 30 seconds. The command file should not contain a dialog box, since waiting for user input could exceed the 30 second requirement.
The command file must reside in your %systemroot%\System32 folder and have one of the following extensions:
.exe
.com
.bat
.cmd
If your UPS does not have a low battery signal, you need to set the fields in the UPS Characteristics group box. The documentation from your UPS vendor should specify the battery recharge rate.
At startup, the UPS service assumes that the battery has no charge. If the battery recharge rate is 100 minutes per minute of run time, the computer has to run for 100 minutes before Windows NT expects the battery to have one minute of life.
Signals Used by the UPS Service
Windows NT uses a serial (COM) port to connect to the UPS. Table 5.2 shows the signals that the UPS service uses to communicate with the UPS, the associated pin numbers, and the function each signal provides to the UPS service. You need to know which of these signals your UPS supports so that you can configure the UPS service.
If you use a UPS service provided by your UPS vendor, the signals and their usage will probably be different than the signals that the Windows NT UPS service uses.
Table 5.2 UPS serial port connections
RS-232 Signal |
9 Pin Connector Pin # |
25 Pin Connector Pin # |
UPS Usage |
|---|---|---|---|
CTS |
8 |
5 |
Power failure |
DCD |
1 |
8 |
Low battery |
DTR |
4 |
20 |
UPS shutdown |
In the UPS Configuration group box, check the boxes that correspond to the signals that your UPS supports. For each of these signals, the UPS Interface Voltages (negative or positive) indicates the voltage present when that event occurs.
Low Battery Signal
When the UPS battery begins to run low, the UPS uses this signal to notify the UPS service.
When fully charged, UPSs typically deliver from five to 20 minutes of DC power after AC power has failed. If your UPS can detect when the battery is running down, you should check the low battery signal box in the UPS Configuration group box.
If you do not check the low battery signal box, the UPS service uses the information in the UPS Characteristics group box to estimate how much time remains on the battery after a power failure.
Remote UPS Shutdown
You want to conserve the life of the UPS battery for as long as possible. The Windows NT UPS service uses the UPS Shutdown signal to notify the UPS that Windows NT has completed its orderly shutdown and that the UPS can shut off power to the computer.
Power Failure Signal
The power failure signal is generated by the UPS to signal the Windows NT UPS service that a power failure has occurred. The Windows NT processing that occurs when it receives this signal depends upon whether the UPS can send a low battery signal.
If the UPS can send a low battery signal:
The Windows NT UPS service waits the amount of time specified in the Time between power failure and initial warning message field of the UPS Service group box. It then sends a message to all users connected to the computer running Windows NT telling them that a power failure has occurred. No more users can connect to the computer after the message is sent.
If a signal is received from the UPS indicating that power has been restored before the low battery signal occurs, normal operations are resumed. Users are again allowed to connect to the computer.
When the UPS signals a low battery condition, the file specified in the Execute Command File group box is executed. After execution of this file, Windows NT initiates shutdown.
Once the shutdown is complete, the UPS service signals the UPS that battery power can be turned off if you have checked Remote UPS Shutdown.
If the UPS cannot send a low battery signal:
The UPS service computes the expected battery life left by dividing the Battery recharge time per minute of run time (in the UPS Characteristics group box) into the amount of time that Windows NT has been running. If the result is less than two minutes, then the file specified in the Execute Command File group box is executed and allowed 30 seconds to complete. Windows NT then initiates a shutdown.
If the expected battery life is greater than two minutes, the UPS service waits the amount of time specified in the Time between power failure and initial warning message field of the UPS Service group box. It then sends a message to all users connected to the computer running Windows NT telling them that a power failure has occurred. No more users can connect to the computer after the message is sent.
If a signal is received from the UPS indicating that power has been restored while the expected battery life is still greater than two minutes, normal operation resumes. Users are again allowed to connect to the computer.
When the calculated battery life reaches two minutes, the file specified in the Execute Command File group box is executed. After execution of this file, Windows NT initiates shutdown. If the program takes longer than 30 seconds to complete, Windows NT terminates it, and final shutdown take places.
Once the shutdown is complete, the UPS service signals the UPS that battery power can be turned off if you have checked Remote UPS Shutdown.
Using the UPS Service
You should use the following Windows NT services in combination with the Windows NT UPS service:
Alerter
Messenger
EventLog
The Alerter service sends alerts to selected users. The Messenger service sends messages to your local computer and to other users on the network who are running Windows NT. All detected power fluctuations and power failures are recorded in the event log, along with UPS service start failures and shutdown initiations.
If you want the UPS service to start each time you start your computer, you need to modify the startup information.
To start the UPS service automatically
On Control Panel, double-click Services.
On the Services dialog box, click UPS, then click Startup.
On the UPS Service dialog box, select Automatic, and then click OK.
You might need to use the preceding procedure to set the other services to start automatically.
Testing the UPS
When the UPS service is started, it verifies the settings in the UPS dialog box by ensuring that the signal polarity on the CTS and DCD pins is opposite to that specified as the failure condition in the UPS dialog box. For example, if the UPS dialog box specifies that the UPS device supports a Power Failure Signal (CTS pin) with a positive signal, the UPS service checks to make sure that this pin is not already asserted positive (which would not happen unless you had started the system during a power failure).
This has some important implications. With an online UPS, the UPS device might shut itself off immediately if the configuration is incorrect. With a standby UPS, an incorrect configuration typically shuts the UPS device off as soon as a power failure is detected, effectively circumventing the purpose of the UPS. This is why it is important to configure and test your UPS device to ensure that it operates correctly.
On x86-based computers, there is one other reason that it is important to test your UPS. During startup, Windows NT sends a detection signal to each port in order to recognize hardware attached to that port. Some UPS units using serial monitoring implementations respond to the detection signal by turning off. If this happens, use the /NoSerialMice switch in the Boot.ini file to prevent the system from sending this signal to the COM port to which your UPS unit is connected.
You can use multiple /NoSerialMice switches. The format is /NoSerialMice=[COMx | COMx,COMy,COMz,...]
If /NoSerialMice is specified without parameters, serial mouse detection is disabled on all the serial ports.
If /NoSerialMice=COMx is specified, serial mouse detection is only disabled on COMx.
If /NoSerialMice=COMx,COMy,COMz ... is specified, serial mouse detection is disabled on each of the specified ports.
To ensure that the computer is protected from power failures, you can test it by simulating a power failure (that is, by disconnecting the main power supply to the UPS device). Your computer and peripherals connected to the UPS device should remain operational, and messages should be displayed and events logged. Wait until the UPS battery reaches a low level to verify that a graceful shutdown occurs. Restore the main power to the UPS device, and check the event log to ensure that all actions were logged and that there were no errors.
Note: Before you begin any UPS tests, make sure that your UPS has sufficient charge built up to run all of the devices connected to it for at least the duration of the test.
Simulating UPS Operation
The next figure shows a simple simulator that you can build to emulate the power failure and low battery signals from a UPS.
.gif "Figure 5.1: . UPS simulator")
Figure 5.1: . UPS simulator
Note: The pins numbers in the diagram are for a 9-pin serial port. For a 25-pin connector, use the pin numbers in parenthesis.
You can use two Single Pole Double Throw (SPDT) switches to construct the UPS simulator. To simulate normal operation, set both switches 1 and 2 to make contact with pin 7 (pin 4 on a 25-pin connector). Set both the Power failure signal and Low battery signal at least 2 minutes before shutdown to Negative in the UPS dialog box.
To simulate a power failure, move switch 1 to make contact with pin 3 (pin 2 on a 25-pin connector). Moving switch 2 to make contact with pin 3 simulates a low battery condition.
Simulating Power Failure and Low Battery Signals
To simulate the operation of a UPS with both a Power Failure and Low Battery signal, have both switches making contact with pin 7. Configure your UPS as shown in this dialog box:
.gif "Cc751046.xsr_f05(en-us,TechNet.10).gif")
Flip switch 1 to simulate a Power Failure signal. After five seconds, the initial warning message should be displayed. Every 120 seconds, the warning message should be displayed again.
When you know that the Power Failure signal processing is working correctly, flip switch 2. If you have checked the Execute Command File check box and specified a filename, the file should begin execution immediately. If the file does not finish executing within 30 seconds, Windows NT should terminate it. Windows NT should perform an orderly shutdown after the file terminates or immediately after the Power Failure signal if no file is specified.
Simulating UPS With Power Failure Signal Only
To simulate the operation of a UPS with only a Power Failure signal, have both switches making contact with pin 7. For purposes of this test, you can set the values in the UPS Characteristics group box to make it seem that your computer does not have to run very long before the battery is fully charged. When you set the values this way, you have to make sure that your battery does have enough charge to be able to complete the tests. For instance, if you set the values as shown in this dialog box, and let your computer run for 20 minutes, the UPS service assumes that the battery is fully charged.
.gif "Cc751046.xsr_f06(en-us,TechNet.10).gif")
You can test two scenarios with this configuration:
If you connect switch 1 to pin 3 within four minutes of starting the UPS service, the expected battery life is less than two minutes, and Windows NT should begin shutdown immediately.
If you allow the computer to run for 20 minutes before you flip switch 1, the battery is assumed to be fully charged. When you flip switch 1, the warning message should be displayed after five seconds. Every 120 seconds, another warning message should be displayed. Shutdown should not begin until the expected battery life decreases to two minutes.