Jump to content
RESET Forums (homeservershow.com)

The value of WHS2011 - a story


Dude
 Share

Recommended Posts

I've been running WHS2011 for almost a year and it has performed flawlessly, I only have one add-in and that's "lights out", I loved it on WHSV1 and it works fantastic on WHS2011. 

A couple of weeks ago I installed a trial version of stable bit scanner to evaluate.  I went away on holidays for a week and whilst I was away I got an email from stable bit saying my c drive on the server was about to die.  Very strange, I am running a SSD as C drive.  When I got home my wife complained that none of her TV shows recorded whilst we were away, we use a Fetch box, which shares my network and users the internet to record TV using iinet, it isn't connected to my WHS.

 

I also noticed that the server had stopped backing up my client PC's, I wasn't too concerned as I had been away. 

When I started to investigate I noticed that there was an incomplete back-which I think it aligned with the date of the error message stable bit sent me, I didn't think much of it until I discovered the Back-up database had a corruption. 

Hmm that doesn't sound good, haven't seen that in 12 months of back-ups, so I did some digging and ran the clean-up suggested on the MS site and it restored the database with some lost back-ups.  It was the user data drive that was incomplete which was a worry, so I did a new manual back-up (Keep option) to ensure I didn't lose any data.

 

After the back-up database clean-up the back-ups started working again, after a couple of days I noticed that security essentials wasn't working on my client machine, I have been using this product for the past 3 years without any problems. Very strange, so I tried to uninstall and it wouldn't let me, something was seriously wrong with the SE set-up.   I don't know when this problem started and if it was related to the WHS2011 issues, it could have been the result of a failed update or worst a virus, oh well that's why I have WHS2011 so I can do a bare metal restore.

 

So I start the bare metal restore, I only want to restore the c drive and that looks fine in the back-ups, yet it wouldn't restore, I was getting some weird errors, now I was getting anxious, I really didn't want to do a rebuild. Reading the WHS2011 logs was unhelpful, I have a solid technology background but the messages where for application developers not end users.

 

I regularly back-up the server to a hard drive in the server (I have off-site back-ups as well) so I'm thinking OK I will restore the back-up database from the serer back-up to a date before the problem occurred, I have never done this before but it was a straight forward process.

 

After the database was restored I was able to do the bare metal restore of my c drive took about 43 minutes and I was up and running.

 

So a couple of lessons in this for me.

1) I will never run the clean-up again if I have a Database corruption, I should have restored it from the back-up to a known good point as soon as I noticed.

2) You definitely need to back-up the Server  PC Client back-ups as well as your Server data  

3) Keep the C drive to operating system and critical programs, keep all user data on another drive.

 

The flexibility of doing a bare metal restore from WHS when you need it is worth the money.

 

I still don't know what caused this sequence of events - very strange.

Link to comment
Share on other sites

Thanks for the sharing the story.  The real question is are you going to continue to run the scanner after you restore?

Link to comment
Share on other sites

Great write-up Dude!  It's easy sometimes to forget just how useful WHS is -- just a couple weeks ago I had to turn to my backups and do a Bare-metal on my HTPC (I had been messing around and had really screwed things up on it) and what could have been a multi-day project of re-installing the OS and my many Apps and setting everything up again the way I liked it ended up only be about a 30-40 minute job.

 

Thanks so much for sharing! 

Link to comment
Share on other sites

Thanks for the comments guys, I do like the flexibility of WHS and PCDOC I have already removed the stable bit scanner, so just back to simple WHS & Lights out now.

 

I did have another unsettling moment on the weekend, that I will share to see if any-one else has encounters.

 

I cycle through two drives that I use for off-site back-up in the event of a disaster.

I keep them in my locker at work, so whilst one is at home being backed up a spare is always off-site. 

I do this about once a month.

 

When I want to back-up to the off-site drive, I dock it in a SATA attached caddy on my server and then configure the server to use this drive, so I uncheck the fix drives I normally use for back-up. 

Only the off-site drive is checked in "customize backup for server"

 

Normally when I tell WHS2011 to use the off-site drive WHS2011 recognises that its a back-up drive and asks if I want to save the existing files, yesterday when I put it in, it didn't recognise it was a server back-up and said all files will be removed.

 

Since its an off-site back-up I was OK doing that, however now I'm worried why that happened, I will also check the second off-site drive to see if it has the same problem.

 

I did check to see if I could restore from the drive after the server back-up finished and I could see the files, so assuming it will be OK.

 

Interested in whether any-one is using a different technique for off-site back-up.

Link to comment
Share on other sites

My setup has a number of similarities to yours. I, too, used SATA (actually eSATA) to connect my off site drives to my server, but I've switched to USB3. Here are some links to my strategy:

 

SERVER SETUP PHOTOS

http://homeservershow.com/forums/index.php?/topic/1899-whs-2011-storage-strategy/page__st__140#entry47628

BACKUP STRATEGY
http://homeservershow.com/forums/index.php?/topic/4788-what-i-hope-to-acheive-with-your-help/page__p__51373#entry51373

BACKUP SCRIPTS
http://homeservershow.com/forums/index.php?/topic/5197-robocopy-backup-scripts/

Link to comment
Share on other sites

  • 2 weeks later...

Ikon thanks for the information, good back-up strategy 5 copies of your critical data.
Was curious are you also making copies of the bare metal restore WHS back-ups, you say you don't use the client back-up for data, however I'm assuiming you use it for C drive restores.
If you use robocopy for those back-ups can you restore them back to the WHS if the back-up database gets corrupted as did mine?

I tried to read the off-site drives under WIndows 7 and get an error?

Link to comment
Share on other sites

I do use WHS backup for the OS/System/Boot drives on all my clients PCs, precisely so I can do BMRs if something goes wrong. It works well.

 

I do back up the Client PC Backups using the RoboCopy jobs. I haven't yet had a corruption of my WHS2011 backup dB, but I did once restore the Client PC Backups from a backup to a WHSv1 server. My understanding is that, if I replace ALL of the files in the Client PC Backup directory (I forget the name of the folder but I believe it's one of those long GUID names), and reboot the server, it should pick up the restored backups.

Link to comment
Share on other sites

  • 2 weeks later...

Scene 2 of this saga, so after thinking all was good ...not so!

On Thursday night my home PC was hit with a very malicious virus, it locked my machine and prevented me from doing anything, it requested $300 to unlock my computer.
 
No problem I will do a bare metal restore to go back to a good back-up.  I had problems getting WHS2011 to restore my C drive which is a SSD.  I went to the forums and Ikon advised on how I could fix it and that worked, however my PC was still locked by this virus.
 
I have a spindle drive that has all the user files on it, it also has a lot of the Windows Application files so as to minimise use f the SSD.  So clearly the virus had embedded itself onto the E drive and was re-infecting on start-up.
I could not get WHS2011 to do a bare metal restore of this drive, it is a 2 TB drive that has 2 partitions on it this is the secondary partition.  I tried multiple things but couldn't get WHS2011 to co-operate and restore either one volume at a time or both my c & e drives.
 
So I had to rebuild my PC from scratch to get rid of it, it's been about 2 years since I did a full system rebuild so it was probably time for it anyway.  I restored all my user files from WHS using the dashboard and Security Essentials detected and quarantined two files, hmm interesting why didn't it do that when the files originally infected my machine. The first file had a date stamp of 1st Feb 2013 and is a java applet that exploits a vulnerability in Java, "Lesson either don't use Java or ensure you have the latest updates" I'm thinking I won't enable Java anymore.
 
The next file infected on 12th March I suspect during a security update when my firewall was disabled and this allowed a Trojan Dropper to imbed itself during the firewall down time. Now this is scary as this could have been capturing key strokes, looking for password, account logons and sending them back to china.
 
I did notice in April that some-one hacked my GMAIL account as I got bounced emails from companies saying they thought my email was spam, an email I never sent.
 
So PC now re-built although it will take weeks for me to get everything just how I like it and I am going to be very suspicious.
 
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...