32 replies to this topic

[grrrd]

So a little while ago I asked a few questions regarding cloning of a disk whilst it was active;

 

http://reboot.pro/to...ure-local-disk/

 

Some of these solutions were fine, but none were ideal (mostly either cost or image size).

 

A little more googling into VSS and I found this page;

 

http://blogs.msdn.co...5.aspx#comments

 

In essence what you do is instigate a NTBACKUP on your Windows XP box which in turns creates the shadow copy of your logical disk. Then you can use the Dosdev.exe to assign this a drive letter in the command prompt. When this is done you can use imagex to capture the shadow drive.

 

So far I have been able to create a image and in the process of applying this back to a new disk drive to replicate a bare metal restore.

 

Has anyone done this process before? Apart from the issues that can happen when writing to the disk whilst doing all this are there any other concerns i should be aware of?

 

I will let you know if i am able to use the wim i create as a full backup or not.

[Wonko the Sane]

Sure, but it is the same procedure DriveImageXML (talked about in the mentioned thread) can do (making use of the shadow copy services).

Just like DriveImageXML you need anyway *something else* to take care of the MBR (and particularly of the Disk Signature) in case of a bootable system, see:

http://www.911cd.net...showtopic=22984

 

Not so much OT, this may be of interest to you:

http://vscsc.sourceforge.net/

 

Wonko

[Vortex]

Hi grrrd,

 

Here is a link for you.

 

Backup a live Windows system with strarc and volume shadow copy :

 

http://reboot.pro/to...ume-shadow-copy

 

Both of imagex.exe and strarc.exe are doing the job with the help of the volume shadow copy service.

[grrrd]

VScopy.exe is AWESOME! Thank you Vortex for bringing this to my attention!

@Wonko - as always thank you for your input!

I will try and keep you informed with what I acheive

[grrrd]

On Windows XP the vscopy application worked straight away, on Windows 7 I try the application and get an error ;

Volume shadow could not be created - InitializeForBackup error = 0x80042302

Do i have to initiate a windows backup initially or similar before i can utilise VSS on Win7?

 

FYI - applying the WinXP WIM now as a Bare-Metal-Restore, very excited

[Wonko the Sane]

AGAIN, "bare metal" means DISK (the whole thing or "PhysicalDrive"), VSS deals with Drive (or partition or volume or "LogicalDrive").

WHAT are you using to "fill the gap" between "Physical" and "logical"?

 

Wonko

[grrrd]

I was thinking about when a physical drive dies - so a HDD is replaced and the wim that is created is used to get the machine back to the last state.

 

Applied my wim to a new drive and the image took and the machine booted without any issues what so ever! AWESOME!

 

Slight issue now is if i try and run the vscopy once again i get an error;

Volume shadow could not be created - StartSnapshotSet error = 0x80042316 

[grrrd]

Ahh the 99% fix worked, reboot and everything worked fine. I am assuming that the first boot of the restore struggles with the VSS, but after the reboot everything seemed happy as Larry

[Vortex]

Hi grrrd,

 

vscopy is supporting only 32-bit OS. You can also try Microsoft's vshadow tool or the volume shadow copy tool recommended by Wonko.

[Wonko the Sane]

I still miss an answer to this question:

WHAT are you using to "fill the gap" between "Physical" and "logical"? 

 

And to the consequent:

Does ImageX get the MBR from the "original disk"?

HOW exactly are you capturing the VSS "exposed" drive (not Disk)?

HOW exactly are you deploying the .wim?

HOW exactly are you testing the disk on which the .wim is deployed?

Was it a "00ed"/wiped disk before applying to it the .wim?

 

Wonko

[Vortex]

Hi grrrd,

 

By the way, don't forget to try synchronicity's excellent tool wimlib :

 

http://sourceforge.n...rojects/wimlib/

 

wimlib is a C library for creating, modifying, extracting, and mounting files in the Windows Imaging Format (WIM files). These files are normally created by using the "imagex.exe" or "Dism.exe" utilities on Windows, but wimlib is distributed with a free command-line frontend called "wimlib-imagex" for both UNIX-like systems and Windows.

 

Mrbfix is one of the best tools to repair MBRs :

 

http://www.sysint.no...ting/mbrfix.htm

MbrFix /drive <num> savembr <file>    Save MBR and partitions to file
MbrFix /drive <num> restorembr <file>    Restore MBR and partitions from file
MbrFix /drive <num> fixmbr {/vista|/win7}   Update MBR code to W2K/XP/2003, Vista or Win7

[grrrd]

The current tests were to capture the wim, using imagex, of the temporary drive letter that vscopy created.

 

The application of this wim was then to put a HDD into the machine, format as NTFS, apply wim and then use bootsect /nt52 on that drive again.

 

Using MBRFix to copy the MBR is fine todo, but i am a little unsure about what bootsect does and what mbr does? ( ia m pretty sure Wonko has tried to tell me before too!)

[Wonko the Sane]

Look, you can stamp your feet all the time as (and as hard as) you want, but until you won't explain to me HOW/WHAT replicates the Disk Signature on the "target" disk (or HOW/WHAT removes drive letters assignment from the Registry), I won't believe that a Windows NT system will boot from it.

It is entirely possible that either the Shadow Copy service/whatever or the ImageX capturing do either of them, but I would like to know WHICH does EXACTLY WHAT.

ADDITIONALLY having two disks with the same Disk Signature connected to the same system will create a conflict and one of the two Disk Signatures will be changed.

 

You have been pointed on a thread where I painstakingly attempted to explain the issue about MBR and Disk Signature, just §@ç#ing READ it:

http://www.911cd.net...showtopic=22984

 

Wonko

[grrrd]

I feel like I may have annoyed the Sane?!

[Wonko the Sane]

I feel like I may have annoyed the Sane?!

Not particularly, you are doing foolish things and Wonko (the Sane) highlighted why exactly they are foolish.

Check the "But ... then, why?" in my signature.

 

You declared that you wanted to go from A to D, walking from A to B, from B to C and from C to D.

You were told that between C and D there is a river with no bridges and that you'd better take a canoe or drift boat with you, in order to cross it.

You decided to just walk from A to C (which is good ) ignoring the warnings about the possible issues in crossing the river.

 

Wonko is already on the D side of the river , and he is patiently waiting to see how exactly you will manage to cross it.

 

Wonko

[grrrd]

Maybe i shall rename myself grrrd-The-Foolish;

So I have had a chance to read the above post, and I believe i know what you are getting at (I am foolish mind so there is a strong possibility that I have got it all wrong!);

I have been doing all my tests with 'Lab' HDD. This means that they have been built/destroyed/built many times, this also means that they might already have a MBR and Hidden Sectors already set - skewing the results of my imaging.
This isn't the process a real life situation would follow, more often than not a brand new HDD will be inserted, with no MBR or hidden sectors available.
The current process is to use Disk Part to create the partition and drive letter, then imagex to apply the wim to the drive letter - finishing off with bootsect to tell the system that the newly created drive letter is bootable.

So in the future if i were to use MBRFIX i would be able to replace the Diskpart process with the MBRFIX restore process.

To your questions the VSS&Imagex capture process only allows me to copy the data that is currently on the disk. I currently recreate the partition from scratch (but may now use FIXMBR).

 

In regards to disk signature i am still not 100% but when my NT System DOES BOOT windows does detect that the drive is new and updates it self accordingly.


{Can I remove my Dunce hat now please?!?!?}
 

[Wonko the Sane]

Maybe we are using different definitions for a bare metal recovery .
Example of what I call "bare metal" recovery

• You have a PC with only one hard disk that contains (usually) a single primary partition that is BOTH the "boot" and "system" partiion, booting XP
• You connect to it (as an example through a USB to Sata adapter) an  "external" hard disk
• You - while booted in the XP - use the Shadow copy subsystem to make a Shadow copy of the running system and you capture it with ImageX, storing the resulting .wim in the external hard disk
• The internal hard disk of the PC fails/breaks/bricks itself
• You procure a new similar hard disk (or get a spare one that has been wiped with a single 00 pass) and replace the failed disk
• You boot from an external media (a PE of some kind from a CD/DVD or from USB stick), once booted you connect the external hard disk on which you stored the .wim
• Insert here what you do (seemingly partition the "new" internal hard disk and possibly make on it a single primary NTFS partition)
• You apply the .wim from the external hard disk to the newly created partition
• You disconnect all external devices and/ore remove media from the CD/DVD drive and
• You boot from the internal hard disk, exactly as if the original hard disk was not replaced. (You actually won't have a chance to recover deleted or partially overwritten files as you had on the "original" disk, but apart from this, the "recovered" disk is IDENTICAL to the "original")

What I am telling you is that #10 won't happen unless *something* in the procedure you follow (around steps #3 and #7) manages to replicate the Disk Signature of the failed disk drive and/or *something else* changes the relevant Registry entries.
 
As said it is perfectly possible that something in the imaging/applying process removes those keys from the Registry or on first attempt to boot the XP finds not the "old" disk signature and since it can only find a single partition "decides" that it is the "boot" and "system" partition and that it is "drive C:" and changes those Registry entries.
But still, if this latter "self-healing" is what happens, the "new disk" won't be "the same" as the old one and what can happen on a multi-disk/multi-partitions setup is to be seen .
 
If you prefer, open the Registry of the booted XP at the time you are imaging it, check the hive:
http://www.911cd.net...opic=19663&st=1
HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices
Find in it the key \DosDevices\C
and write down it's contents.
Check that there is also another key, similar to \\?\Volume{83092730-6bfc-11df-b90c-806d6172696f}\ with the same contents as the \DosDervices\C
You can find the exact key name by opening a command prompt and running:
 

mountvol.exe | more

which will list volume ID's coupled with drive letters.
 
Proceed with the "Bare Metal Recovery" and once you will have booted from the imaged/applied XP on the "brand new" disk , check if those keys are in the Registry and have the same content (or if they have been automagically updated to reflect the new Disk Signature and start of the partition).
 

Wonko

[grrrd]

Please bare with me caller, your call is of importance to us and will be dealt with accordingly

[Vortex]

Hi Wonko,

 

After restoring the backup, no need to modify the disk signature on the new drive. The operating system creates new registry entries with the new signature. If you wish to make an identical disk, you can copy the signature to the MBR of the new drive. Notice that the registry will be updated again in this case to register the brand of the new disk. ( if the brand is different. )

[Wonko the Sane]

Hi Wonko,
 
After restoring the backup, no need to modify the disk signature on the new drive. The operating system creates new registry entries with the new signature. If you wish to make an identical disk, you can copy the signature to the MBR of the new drive. Notice that the registry will be updated again in this case to register the brand of the new disk. ( if the brand is different. )

The BRAND of the disk?
WHERE (in which key of the Registry)?


Wonko

[Vortex]

Hi Wonko,

 

Here are some examples on two different computers :

Windows XP :

C:\>reg QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\CdRomASUS_CD-S520/A________
__________________1.7K____
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\CdRomASUS_DVD-E616P2_______
__________________1.07____
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\DiskST380817AS_____________
_________________3.42____

Windows 7 :

C:\>reg QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\CdRomHL-DT-ST_DVD-ROM_GDR-T
10N_______________1.02____
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\CdRomHL-DT-ST_DVD-ROM_GDR-T
10N_______________1.05____
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\CdRomHL-DT-ST_DVDRAM_GH24NS
95________________RN00____
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\DiskST3160815AS____________
_________________4.AAB___
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\DiskST500DM002-1BD142______
_________________KC45____

ST380817AS, ST3160815AS and ST500DM002-1BD142 are Seagate specific codes. You can also see the Asus optical devices in the list above.

[Wonko the Sane]

I see , those are not particularly needed/meaningful in the booting process, they are part of the Enum sub-hive.


Wonko

[erwan.l]

Hi Guys,

 

Just updating an old thread as the method (detailed step by step by wonko in post #17) is useful (to me) in some cases.

Lets also aggree that this method is clearly not a "bare metal" backup solution.

 

What I would add, after step 8 from post #17 and therefore before booting on the restored disk:

-delete the following registry key on the restored disk : HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices

-fix the bootsector

-ensure the partition is active

 

Also, note that you dont forcibly need a specific vshadow tool but you can simply mount a folder (or drive letter) pointing to volume shadow copy device (in the form of \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopyX) and from that folder/drive, capture to a WIM.

-Native 'vssadmin list shadows' can be used to list volume shadows devices.

-Native Win7 mklink can be used or else dosdev.exe to mount a folder or drive.

 

And I would also use the excellent WIMLIB to perform the WIM capture in order not to depend on imagex/waik/adk MS tools.

 

Regards,

Erwan

[Vortex]

Also, note that you dont forcibly need a specific vshadow tool but you can simply mount a folder (or drive letter) pointing to volume shadow copy device (in the form of \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopyX) and from that folder/drive, capture to a WIM.

-Native 'vssadmin list shadows' can be used to list volume shadows devices.

 

 

 

Hi Erwan,

 

I am afraid only the server versions of Windows are supporting the create option of the vssadmin command so you need yet a volume shadow copy tool :

 

http://technet.micro...y/cc788055.aspx

[erwan.l]

Correct !

This is where you vscopy tool comes in handy

 

/Erwan