Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2006-07-04) Restoring A DC Through The ASR Method

Posted by Jorge on 2006-07-04


Today I was testing a restore method within a test environment for a DC using the ASR method with a third party backup and restore tool.

The restore went OK. The DC booted and everything was OK. Well, until other DCs were crying like:

* RPC unavailable

* Cannot reach DC in site X

* etc.

 

So the troubleshooting started:

* TCP/IP settings (IP, DNS and WINS) on the restored DC –> OK

* Checking DNS SRV RRs registration –> OK

* Checking DNS name resolution –> OK

 

Hmm..

The restored DC was able to inbound replicate from whatever DC, but other DCs were not able to inbound replicate with the restored DC.

As all DNS stuff was OK and there were no firewalls between the DCs WTF could this be…

It made me crazy and I was pissed about it. So I started the troubleshooting steps again from the beginning and suddenly I saw something strange! In status column for the LAN connection it showed: "connected, firewalled"….

What???? Firewalled….. I was absolutely sure the LAN connection was configured to be firewalled prior to the backup and there was NO GPO that configured the firewall on that DC or other DCs. I made sure the backup did not have the LAN connection firewalled!

 

Conclusion: for some freaky reason the ASR restore enables the firewall on the LAN connection during the restore. This was when using a third party backup and restore tool. Not sure if the native ASR restore from MS does the same.

 

For those who don’t know what an ASR restore is:

In short, it is a bare metal restore method where a mini OS is installed including the backup and restore client and after that the backup on the tape is restored to the DC.

You can find more info about ASR here:

 

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

One Response to “(2006-07-04) Restoring A DC Through The ASR Method”

  1. c0d3r said

    I wrote a couple of procedures on how to use ASR to perform Disaster Recovery on 2003 AD DC’s and how to use VMWare for this purpose as well. In addition to the firewall problem that you’ve described, I’ve encountered (and luckily fixed) a couple of other problems.

    See https://petersblog.dyndns.org:8899/Lists/Posts/Post.aspx?ID=18 and https://petersblog.dyndns.org:8899/Lists/Posts/Post.aspx?ID=17

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: