Preparing For Recovery

  • Article

Published : September 1, 2004

Even if you planned carefully and followed your plan to minimize the risk of failure in your site, your site still might fail. The recovery operation can be complex and can take a long time to complete. By planning ahead, you can simplify the process and reduce the time it takes to complete.

You should prepare for a potential recovery operation while your site is healthy, preferably as soon as your hierarchy is set up and configured. After sites are installed and configured, data starts to flow in the site and between sites. At that stage, you should ensure that monitoring and maintenance tasks are running as you planned in order to reduce the risk of a site failure. At this stage, you should also prepare each site in your hierarchy for recovery.

To simplify a recovery operation, do the following:

  • Designate reference sites.

  • Set your own password for the SMS Server Connection account.

  • Create your own SMS Client Connection account.

  • Leverage Active Directory® when site-to-site content signing is enabled.

  • Update design information, configuration data, and account passwords.

  • Allocate a server, set up a Recovery Expert Web site, and run the Recovery Expert.

  • Prepare recovery steps.

  • Back up the central site's site control file.

  • Start recovery tests in a test lab.

  • Configure and enable the Backup SMS Site Server maintenance task.

On This Page

Designate Reference Sites
Set Your Own Password for the SMS Server Connection Account
Create Your Own SMS Client Connection Account
Use Active Directory When Site-to-Site Content Signing Is Enabled
Update Design Information, Configuration Data, and Accounts Passwords
Set Up a Recovery Expert Web Site and Run the Recovery Expert
Prepare for Recovery
Back Up the Central Site’s Site Control File
Start Recovery Tests in the Test Lab
Configure and Enable the Backup SMS Site Server Maintenance Task

Designate Reference Sites

The SMS Site Repair Wizard uses reference sites to reclaim lost objects and determine appropriate serial numbers during the repair phase of a recovery operation. Any primary site that is lower in the hierarchy than a failed site can be a reference site.

If you have designated reference sites during the planning phase, then there are no additional steps that you need to do. However, if you have not designated reference sites, you can designate them after the sites are deployed, or during a recovery operation. For more information about designating and using reference sites, see reference sites in the SMS Site Repair Wizard section.

Set Your Own Password for the SMS Server Connection Account

When you initially set up a site, the setup program creates a default SMS Server Connection account (SMSServer_<SiteCode>) with a random password. When you recreate a site during a recovery operation, the setup program recreates the SMS Server Connection account with another random password, different from the original password.

To enable proper communication between the recovering site server and all site systems in the site, you must propagate the new password of the SMS Server Connection Account to all site systems in the site. To accomplish this, you must perform a site reset, which can take some time to complete.

By specifying your own password for the SMS Server Connection Account, you can avoid the need to perform a site reset during a recovery operation. When you originally set up the site, instead of allowing the Setup program to generate a random password, you can use the SMSAccountSetup.ini file or set up command-line parameters to specify your own password. Save your password in a secure place, and then reuse it when you recreate the site during a site recovery operation. This practice simplifies the recovery process.

For more information about how to specify a password for the SMS Server Connection Account, see Chapter 5, “Understanding SMS Security,” in the Microsoft Systems Management Server 2003 Concepts, Planning, and Deployment Guide.

Create Your Own SMS Client Connection Account

While the site is healthy, create an additional client connection account using a name that is different from the default connection account, SMSClient_<SiteCode>.

If account lockout is enabled, and if any client tries to access an account with a password that is not valid, then that account is locked out after the specified number of incorrect logon attempts.

To avoid locking out clients, the password of a client connection account must never be changed. However, this is what happens when you run the fresh site install when recovering a site that was using the default account name and password.

To prevent client lockouts resulting from a site recovery operation, you must create new SMS client connection accounts with new passwords before you experience a site failure. After the new account information is propagated to all domain controllers, CAPs, and clients, you can change or delete the original accounts.

You can use the SMSAccountSetup.ini file or set up command-line parameters to specify your own accounts and passwords. Store the accounts and passwords information in a secure place, and then reuse it when you recreate the site during a site recovery operation. This practice simplifies the recovery process.

For more information about creating SMS accounts and account lockouts, see Chapter 5, “Understanding SMS Security,” in the Microsoft Systems Management Server 2003 Concepts, Planning, and Deployment Guide.

Use Active Directory When Site-to-Site Content Signing Is Enabled

When site-to-site content signing is enabled, an Active Directory environment in which the Active Directory schema is extended, simplifies site recovery. The site’s public key is stored in Active Directory. When the public key changes during a recovery operation, the new key automatically propagates to child and parent sites.

In a non-Active Directory environment, you must use the Hierarchy Maintenance tool (Preinst.exe) to manually propagate the recovered site’s public key file to parent and child sites. For more information about the Hierarchy Maintenance tool, see SMS Help.

Update Design Information, Configuration Data, and Accounts Passwords

To correctly recover a site system, you must have all server configuration data available. You must configure the site system server exactly the way it was configured when it failed. If you do not, site recovery can fail. In this situation, it might be difficult for you to know why the recovery did not work.

Document design information, configuration data and accounts passwords. If you have already documented that information, then update that document as needed to ensure that it is complete and up-to-date.

Ensuring that this data is always available and current helps you in case a backup snapshot is not available, or in the event that there is no staff familiar with the hierarchy deployment.

Set Up a Recovery Expert Web Site and Run the Recovery Expert

To run the Recovery Expert tool, you must first allocate a server to set up the Recovery Expert Web site on and then set up a Recovery Expert Web site on that computer. The allocated server must be running Internet Information Services (IIS) 5.0 or later. If you allocate a server running a  Microsoft® Windows Server™ 2003 operating system, then you must set the Active Server Pages Web Service Extension to Allow.

To change the status of Active Server Pages to Allow

  1. From the Start menu, point to Programs, point to Administrative Tools, and then click Internet Information Services.

  2. In the left pane of the Internet Information Services console, click Web Service Extensions.

  3. In the right pane, click Web Service Extension – Active Server Pages, and then click Allow. This changes the status of Active Server Pages to Allow.

To set up the Recovery Expert Web site from the SMS CD

  1. Insert the SMS 2003 product CD into the designated IIS server that will host the Recovery Expert Web site tool.

  2. From the CD, run Autorun.exe.

  3. In the Systems Management Server 2003 Setup dialog box, select Recovery Expert.

  4. Finish the Microsoft SMS Recovery Expert Web Site Installation Wizard.

  5. Note the URL displayed on the last page of the wizard so that you can refer to it later. Inform other SMS administrators about this URL so they can use it to access the Recovery Expert Web site, and to run the Recovery Expert tool.

important.gif  Important
If you use the Microsoft IIS Lockdown tool (Iislockd.exe) to increase security protection on a computer running IIS, apply it to the computer, using the SMS 2003-specific template, before setting up a Recovery Expert Web site on that computer.

For information about the role of the Recovery Expert in a site recovery operation, see the “Recovering a Site” section later in this document.

Security settings

The Recovery Expert requires that Internet Explorer be configured with medium security. In the Internet Options dialog box, on the Security tab, set security in either of the following methods:

  • Set Local intranet security to medium.

  • Set Local intranet security to high, add the Recovery Expert Web Site to the Trusted sites zone, and set the security of Trusted sites zone to medium.

When upgrading a server from Microsoft Windows( 2000 Server to a server in the Windows Server 2003 family, the upgraded server’s default security permissions are more restrictive. These security settings will prevent the Recovery Expert from running on that server. After the upgrade, you must manually reconfigure the permissions. This applies whether the Recovery Expert was installed before or after the upgrade.

To reconfigure security settings on a server upgraded to a server in the Windows Server 2003 family:

  1. In Windows Explorer, select the following file: C:\Inetpub\wwwroot\SMSComponent\FormatMessageCtl.dll.

  2. Right-click the file and select Properties.

  3. In the <file> Properties dialog box, click the Security tab.

  4. In the Group or user names list, select Internet Guest Account.

  5. In the Permissions for list, ensure that Allow is selected for the Read & Execute permission.

To run the Recovery Expert

  1. In Internet Explorer version 5.5 or later, use the Recovery Expert Web site URL to access the Recovery Expert Entry Page.

  2. Read the introductory content.

  3. Select Use The Recovery Expert to start the Recovery Expert.

Prepare for Recovery

When you run the Recovery Expert during a recovery operation, it generates a recovery task list, based on the site’s specific configuration and failure scenario. You then follow the recovery task list in order to recover the site.

It can be beneficial to run the Recovery Expert ahead of time, only for the purpose of generating the recovery tasks list for the site, without actually performing those tasks. You can generate the site’s recovery tasks list in advance by running the Recovery Expert while the site is healthy. Do not actually perform the recovery steps. Print the site’s recovery tasks list and store it in an accessible location.

Later, if the site fails and a recovery operation is required, there is no need to run the Recovery Expert. You can simply retrieve the stored recovery task list, and perform the recovery tasks.

It is not always effective to generate the recovery tasks list in advance. It is recommended that you run the Recovery Expert and generate the site’s recovery tasks list in advance in the following circumstances:

  • When a site is configured according to generic organization standards, and these configurations are not likely to change.

  • When the current administrator of the site is not the administrator that designed the site. It makes sense for the designing administrator to prepare recovery answers in advance.

  • When the administrator that administers a recovery process is likely to be an unskilled SMS administrator. In this case, the prepared recovery steps must be continually updated with any changes to the site.

Back Up the Central Site’s Site Control File

There can be many configuration changes on the central site, which will be hard or impossible to repeat if there is a need to recover the central site. Even if you are backing up the central site on a regular basis, it is important to frequently back up the central site’s site control file in between the regular site backups.

For more information about backing up the central site’s site control file, see Backing Up the Central Site later in this document.

Start Recovery Tests in the Test Lab

The best way to be fully prepared for a site recovery operation is to ensure that the site’s recovery plan is adequate, and that administrators are familiar with the recovery process. After the site is installed and configured, it is recommended that you perform periodic recovery tests, using the recovery plan for your site.

If the test lab is prepared for recovery tests, then at this stage you should start performing regular recovery tests. If the test lab is not yet configured for recovery tests, then you should first incorporate backup and recovery into the test lab.

For more information about setting up a test lab, see the Scenarios and Procedures for Microsoft Systems Management Server 2003: Planning and Deployment document.

Configure and Enable the Backup SMS Site Server Maintenance Task

As part of your backup and recovery strategy, it is critical to start backing up your site soon after that site is deployed, properly configured, and is in an overall healthy state. Schedule regular backup cycles to back up your site on a regular basis to ensure having a recent backup of the site.