Using the NTBACKUP Utility to Restore the ISA Server Configuration:
Part 1 – The Operating System is Still Functional
by Thomas W Shinder, M.D.
Its doesn’t take much to for your ISA Server to become a dysfunctional blob of software taking up disk space on a computer at the edge of your network. A day doesn’t go buy without someone saying that something "just happened" to the ISA Server and that services that worked yesterday no longer work today. Hey, it could happen! J Other things that could lead to a broken ISA Server installation include:
Microsoft does not support renaming of the ISA Server computer after ISA Server is installed. The method discussed in this article will not allow you to restore your configuration to a machine that has been renamed. You will have to fix the problem returning the computer to its original name, and then run the procedures described in this article.
All of these misadventures happen every day and its never a pretty sight! Suppose you have configured hundreds of Destinations and Destination Sets, Site and Content Rules, Protocol Rules, Publishing Rules, Protocol Definitions, SMTP Filter and Message Screener Rules, and packet filters. Do you really want to redo the whole thing? No!
But what should you do? There are a number of scripts and tools out there that will allow you to back up some of your ISA Server settings. But none of them will back them all up. There’s always going to be something you’ll have to fix manually. Wouldn’t it be nice to have a method that allows you to restore your ISA Server configuration and be done with it?
You can restore your configuration without having to manually reenter anything if you using the ntbackup utility that comes built-in with Windows 2000. This method is so easy you’ll wonder why you never used it before.
Backing Up the ISA Server Configuration
The first step is to back up the ISA Server configuration. The backup actually involves two steps:
Its important to understand the differences in the two backup approaches. You use the ntbackup tool to back up the ISA Server program folder hierarchy. This allows you to recover from problems related to corrupted application files or bollixed updates. Backing up the System State allows you to back up all the Registry settings created by the ISA Server installation. In standalone mode, all the ISA Server configuration settings are stored in the Registry. In enterprise array mode, some of the settings are stored in the Registry and some of them are stored in the Active Directory.
The procedure described in this article applies only to ISA Servers in standalone mode. If anyone is interested in the step-by-step for backing up and restoring servers in enterprise array mode, write to me at [email protected] and I’ll see what I can do about getting that done.
The ISA Server integrated backup tool only saves a subset of information in the ISA Server configuration. Now, you might want to ask "what exactly does the ISA Server integrated backup tool save?" That’s a good question. Unfortunately, since there is no tool that allows you to view the contents of the backup, there’s no way to know! There’s no documentation on this either. However, it does appear to save just about all the ISA Server configuration information.
In your backup scheme, you can actually use the two backup methods to streamline your backup routine. For example, on July 1, 2002 you can backup the ISA Server folders and System State and use the integrated ISA Server backup tool. On July 10, 2002 you make some changes to the ISA Server configuration. If you haven’t made any other changes to the ISA Server computer, you can just use the ISA Server integrated backup tool to back up the configuration.
When it becomes time to restore, you can restore the System State and ISA Server folder hierarchy from July 1, 2002, and after you get that restored, you can then update the configuration by using the integrated backup tool backup file to update the restored configuration so that’s its current as of July 10, 2002.
When you restore ISA Server folder hierarchy using the ntbackup tool, you will overwrite all existing folders. That includes your reports and log file folders. If you have report and log files in those folders you want to keep, make sure to copy them to another location so that they don’t get removed during the restore.
- Log onto the ISA Server computer as a member of the Domain Administrator’s group.
- In the ISA Management console, right click on your server name and click the Back Up command.
- In the Backup Array dialog box, type in a name and location for the backup file in the Store backup configuration in this location text box. Type a description in the Comment text box. Click OK.
- The Backup Array dialog box appears and informs you that the backup succeeded. Click OK.
- Open a command prompt and type net stop mspfltex. You will be asked if its OK to stop a number of services. Say yes and press [ENTER] to stop the services
- After the services are stopped, type net stop gksvc and press [ENTER]. This will stop the H.323 Gatekeeper service.
- Click Start and click the Run command. In the Run dialog box, type ntbackup and click OK.
- In the Backup application, click the Restore tab.
- Click the Tools menu and then click the Options command.
- In the Options dialog box, click the Restore tab. Select the Always replace the file on my computer option. Click OK.
- Click the Backup tab. In the left pane, select the Microsoft ISA Server folder and the System State. You can back up other things if you like, but this is what you’ll need to restore to get your ISA Server configuration back.
- Type in a location for the backup file in the Backup media or file name text box. Click the Start Backup button.
- In the Backup Job Information dialog box, make the appropriate changes to the Backup description. Select the Replace the data on the media with this backup option.
- Click the Advanced button. In the Advanced Backup Options dialog box, select the Verify data after backup option. Set the Backup Type to Copy. Click OK.
- Click the Start Backup button in the Backup Job Information dialog box. The backup process begins and might take quite a while, so be patient.
- When the backup is finished, click Close in the Backup Progress dialog box and then close the Backup application.
Now the backup is complete. You can restart the computer to restart your ISA Server services, or you can use the following commands:
net start mspfltex
net start isactrl
to start the Microsoft packet filter extensions and the ISA Server Control service. Then you can start the Web Proxy, Firewall and Content download services in the ISA Management console.
Performing the Restoration
The sad day has arrived. Something is wrong with your ISA Server and you need to fix it. Fortunately, you’ve done the backup procedure, and you create ISA Server integrated backups each time you make a change to the ISA Server Configuration.
- When you’re ready to fix the ISA Server configuration, reboot the computer in Safe Mode.
- Click Start and click on the Run command. In the Open text box, type ntbackup and click OK. Click OK in the Removable Storage Not Running dialog box.
- Click on the Restore tab. Click the Tools menu and click the Catalog a Backup File command.
- Type in the file name or use the Browse button to find the backup file that contains the ISA Server folder hierarchy and the System State. Click OK.
- Expand the media file in the left pane that includes your backed up files. You may find that the Backup File Name dialog box keeps popping up. Don’t worry about it. Just click OK each time it pops up.
- Expand the C: drive and the System State in the left pane of the Backup application. Place checkmarks in the Microsoft ISA Server folder checkbox and the System State checkbox. There will be blue checkmarks in the boxes that you check, as seen in the figure below. Make sure you set the Restore files to drop down list box to read Original location. Click the Start Restore button. Click the OK button in the Warning text box that tells you that the System State will be restored. Click OK in the Confirm Restore dialog box. Click OK in the Enter Backup File Name text box; make sure it lists the right backup file name!
- After the backup is complete, click the Close button in the Restore Progress dialog box. Click Yes in the Backup dialog box to restart the computer. When you restart the computer you can do it in normal mode. You do not need to restart in Safe Mode.
- Log in as a Domain Admin. Click Start and point to Administrative Tools. Click on the Services command.
- In the Services console, set the Startup Type for the following services to Disabled:
Microsoft H.323 Gatekeeper
Microsoft ISA Server Control
Microsoft Scheduled Cache Content Download
Microsoft Web Proxy
- Reboot the computer.
- Reinstall ISA Server using the Add/Remove Programs applet in the Control Panel. Click the Change button. This will allow you to reinstall the ISA Server applications files without losing your settings. This repairs the basic ISA Server installation. Just click on the Reinstall button as seen below. Restart the computer after you reinstall.
- This backup restores the configuration as of the time you ran the ntbackup tool to back up the ISA Server directory hierarchy and the System State. At this point, you should restore your most recent ISA Server integrated backup file. Just right click your server name in the ISA Management console and click the Restore command. Enter your backup file name or use the Browse button, then click OK.
- The Restore Array dialog box appears. Confirm the information and click OK. After the restoration is complete, click the OK button to confirm that it worked.
The ntbackup tool can be used together with the ISA Server integrated backup tool to make a strong and reliable backup scheme for your ISA Server configuration. This method has the advantage of being able to back up each element of the ISA Server configuration, something the popular ISA Server backup scripts can’t do. The disadvantage is that you cannot restore a configuration to another machine, and if restoring the configuration to the same machine after the boot partition disk dies can be a bit of a challenge.