Disaster Planning and Recovery Issues
The importance of Server Documentation
The critical items you absolutely should document are:
- location of roll-forward logs
- IP addresses of servers
You can create a database dump file using DSREPAIR (in the Advanced Options menu), This is a last resort backup only restorable by Novell Technical Support. The database is dumped into:
If you database is very large, it will split up into several sequential files in this directory. Restoring from this file returns your tree to its exact state at the time the file was created.
You should create this file on a regular basis. You can run is from the command prompt:
eDirectory Backup and Restore eMTool
eDirectory 8.7 includes a powerful tool called eMTool.
You can perform advanced tasks from another machine using the eMBox Client, a command line Java client, with access behind the firewall or through a VPN.
You can backup related files, such as NICI security files, stream files, and any file you specify such as AUTOEXEC.NCF.
How Restore eMTool Works
- DS Agent is closed
- Active Database Information Base (DIB) set is switched from the DIB set named NDS to a new DIB set named RST. The existing NDS database is left on the server, if the restore verification fails it will become the active DIB set again
- Restore is performed, restoring to the DIB set named RST
- DIB set is disabled. Login Disabled attribute is set on the pseudo server object (internal eDirectory object), preventing the DS Agent from being able to open using this DIB set
- Roll-forward log settings are reset to the default. Meaning that after the restore, roll-forward logging on the server is always set to off, and the location of the roll-forward logs is reset to the default. If you want roll-forward logging you must re-configure it after the restore, and ensure you run a new full backup after
- Restored RST database is verified. Server attempts to verify consistency of data restored, by contacting every server that it shares a replica with and comparing transitive vectors. The output from this verification is printed in the log file. If the transitive vector on the remote server is ahead of the local vector, then data is missing from the restore, and the verification fails
Roll forward logs
You must turn on roll-forward logging for servers that participate in a replica ring. If you don’t, when you try to restore from your backup files you will get errors and the database will not open.
For fault tolerance, make sure roll-forward logs are placed on a different storage device than eDirectory. Restrict user rights to the logs. The default location for role-forward logs is SYS:\_NETWARE\nds.rfl.
If you turn on logging of stream files, the roll-forward logs use up disk space more quickly.
Remember that removing eDirectory also removes the roll-forward log directory and all the logs in it- before removing eDirectory you must first copy roll-forward logs to another location.
You can configure Backups through iManager – Roles and Tasks/eDirectory Maintenance Utilities/Backup Configuration.
You can display current settings logged in from the eMBox client or command prompt:
Change settings with:
setconfig [-L|-l] [-T|-t]
To create a backup from iManager go to Roles and Tasks/eDirectory Maintenance Utilities/Backup.
Once the maximum file size has been reached during backup, a new file is automatically generated with the same name as the first but with a 5-digit hexadecimal extension appended, e.g. a 3.5mb file with a 1mb max file size would break down as:
It is recommended to always backup NICI security files. These backups need to be put onto a conventional tape backup.
To perform a backup from the eMBox client or command prompt:
Backup –b –fBackup_filename_and_path
-uInclude_filename_and_path –e –t –w
backup –b –f c:\backups\8_20_2001.bak –l c:\backups\backup.log
-u c:\backups\myincludefile.txt –e –t -w
Remember to leave a space between each switch, the order is not important.
You can run eMBox client in batch mode using a system batch file, an eMBox Client internal batch file, or a combination of both. When combined with third-party scheduling software or CRON.NLM you can schedule unattended backups.
To restore from iManager go to Roles and Tasks/eDirectory Maintenance Utilities/Restore. Your selections will usually be as follows:
- Activate the Restored Database after Verification
- Open the Database after Completion of Restore
- Restore Security Files (meaning NICI files)
To restore from the eMBox Client prompt, enter:
restore –r –a –o –f full_backup_path_and_filename
-l restore_log_path_and_filename –e
If you are installing incremental backup files, you will be prompted for the path and filename for each in turn.
A -666 error indicates incompatible DS versions.
Backup and Restore Tips
Before restoring file system information, always restore eDirectory information. File system trustee assignments are affected by restoring eDirectory objects. When file system data is restored, the file system restore looks for the trustee objects in eDirectory.
Remember to re-update your software when reinstalling servers. Re-apply OS patches and recopy updated drivers, NLMs, utilities, and so on, before proceeding with a restore.