Certificate Services
When the Active Directory
Certificate Services role and role servers are installed on a Windows
Server 2008 R2 system, a Certification Authority is created. The
Certification Authority or CA is used to manage and allocate
certificates to users, servers, and workstations when files, folders,
email, or network communication needs to be secured or encrypted.
When the CA allocates a
certificate to a machine or user, that information is recorded in the
certificate database on the local drive of the CA. If this database is
corrupted or deleted, all certificates allocated from this server become
invalid or unusable. To avoid this problem, the certificates and
Certificate Services database should be backed up frequently. Even if
certificates are rarely allocated to new users or machines, backups
should still be performed regularly. The certificate authority database
is backed up with a full system backup but can be backed up using the
Certification Authority console. To perform a manual backup of the
certificate authority, perform the following steps:
1. | Log on to the Windows Server 2008 R2 Certification Authority server system with an account with administrator privileges.
|
2. | Click Start, click All Programs, click Administrative Tools, and select Certification Authority.
|
3. | Double-click on the Certification Authority server to initiate the connection in the console.
|
4. | Right-click on the server, click All Tasks, and select Back Up CA.
|
5. | When the Certification Authority Backup Wizard opens, click Next on the welcome page.
|
6. | On the Items to Back Up page, check both check boxes, and in the Back Up to This Location text box, type c:\Windows\System32\CABackup\ and click Next, as shown in Figure 5.
|
7. | A window opens stating that the destination folder does not exist; click OK to create the folder and continue.
|
8. | On
the Select a Password page, enter a password, confirm the password, and
click Next to continue. This password is very important because it will
be required to restore the database should that be necessary—so store
this password in a safe place.
|
9. | On the Completing the Certification Authority Backup Wizard page, review the settings, and click Finish to create the backup.
|
10. | After the backup completes, the focus is returned to the Certification Authority console. Close the console.
|
11. | Log off of the server.
|
Domain Name System
Domain name system (DNS)
configuration data is stored in the Registry and is backed up with the
System State backup. For each DNS zone that is hosted on the Windows
Server 2008 R2 server that is not an Active Directory-integrated zone, a
backup zone file is created and stored in the %systemroot%\DNS\Backup
folder. These files can be backed up and used to restore a DNS zone to
the same server after a restore or they can be used to create new zones
on a different server using these files to import the latest saved
records. For Active Directory-integrated DNS zones, these zones are
backed up with the domain controller System State and can be troublesome
to restore. To back up the DNS zones manually and selectively, perform
the following steps:
1. | Log
on to the Windows Server 2008 R2 domain controller running DNS services
with an account with administrator privileges. These steps also work on
primary zones that are not Active Directory-integrated and also on
non-domain controller DNS servers.
|
2. | Click Start, click All Programs, click Accessories, and select Command Prompt.
|
3. | Type Dnscmd /ZoneExport companyabc.com companyabc.com.txt
and press Enter. The previous example exports the companyabc.com DNS
zone and the export file named companyabc.com.txt will be saved to c:\Windows\System32\DNS\companyabc.com.txt.
|
4. | Repeat this command for any other DNS zones that will be backed up.
|
5. | When completed, type exit and press Enter when completed.
|
Note
This method does not
capture several elements of the zone, including security and delegate
information. It also does not capture DNS server configuration
information, including primary/secondary relationships, forwarding, and
the like.
Windows Internet Naming Service
Windows Internet Naming
Service (WINS) is a database composed of NetBIOS names and their
corresponding IP addresses. The NetBIOS names include domain, server,
and workstation names, along with other records used to identify
services such as the master browser. The WINS database is backed up by
performing a System State backup of the WINS server or by initiating a
backup using the WINS console.
Because
the WINS database is populated by servers and workstations dynamically,
in some cases backing up might not be necessary. When WINS contains
static mappings, a WINS backup is essential because records will not be
re-created automatically if the WINS database is corrupted or rebuilt
from scratch. To create a backup using the WINS console, perform the
following steps:
1. | Log on to the Windows Server 2008 R2 WINS server system with an account with administrator privileges.
|
2. | Click Start, click All Programs, click Administrative Tools, and select WINS.
|
3. | Double-click on the WINS server to initiate the connection in the console.
|
4. | Right-click on the WINS server in the tree pane, and select Back Up Database.
|
5. | Browse to the folder location to store the backup, and click OK. The default location that should be specified is c:\windows\system32\WINS.
|
6. | The backup will run and create a subfolder called wins_bak.
|
7. | Click OK on the Confirmation page indicating that the backup was successful, and close the WINS console.
|
8. | Log off of the Windows Server 2008 R2 WINS server system.
|
Dynamic Host Configuration Protocol
The Dynamic Host
Configuration Protocol (DHCP) server is responsible for assigning IP
addresses and options to devices on the network in need of network
configuration. DHCP allocates IP configurations, including IP addresses,
subnet masks, default gateways, DNS servers, WINS servers, WDS servers,
TFTP servers, and boot filenames. Other IP options can be configured,
depending on the organization’s needs.
These IP address scope
properties and options are stored in the DHCP database. This database
also stores the information concerning IP address leases and
reservations. The DHCP database is backed up with a server System State
backup, but it can also be backed up using the DHCP console.
To back up the DHCP database from the console, perform the following steps:
1. | Log on to the Windows Server 2008 R2 DHCP server system with an account with administrator privileges.
|
2. | Click Start, click All Programs, click Administrative Tools, and select DHCP.
|
3. | Double-click on the DHCP server to initiate the connection in the console.
|
4. | Right-click on the DHCP server in the tree pane, and select Backup.
|
5. | When
the Browse for Folder window opens, it will default to the
systemroot\System32\DHCP\Backup folder; click OK to accept this location
and start the backup.
|
6. | There
will be no confirmation of a successful backup. To verify if a backup
was completed, open the folder and check the date and time stamps of the
subfolders and files. The default subfolder name will be New.
|
7. | Log off of the DHCP server system.
|
Distributed File System
The
Distributed File System (DFS) is a Windows Server 2008 R2 service that
improves file share availability by providing a single unified namespace
to access shared folders hosted across different servers. When DFS
domain namespaces are used, DFS folders can be configured to replicate
with one another using the DFS Replication service. Domain namespaces
servers store the DFS folders, targets, and replication group
configurations in Active Directory. When a stand-alone namespace is
used, the configuration is stored in the namespace server’s Registry.
Backing up the System State of a stand-alone DFS server backs up the DFS
configuration. For domain DFS namespaces, backing up the System State
of a domain controller accomplishes this task.
Internet Information Services
Internet Information
Services (IIS) 7.5 is Windows Server 2008 R2’s web application and FTP
server. It is included on every version of the Windows Server 2008 R2
platform, but it is not installed by default. IIS stores configuration
information for web and FTP site configurations and security in a set of
XML files stored in the system root folder. The IIS configuration is
automatically backed up with full system backups and with separate
System State backups.
Windows SharePoint Services
Windows SharePoint Services (WSS)
runs on top of IIS 6.x and 7.x. Version 3.0 with SP2 can be downloaded
and installed separately for use with Windows Server 2008 and Windows
Server 2008 R2. WSS stores configuration- and site-related data
(application data) within Microsoft SQL databases or within the internal
Windows Server 2008 R2 database, also known as the SQL 2005 Express
Edition. When WSS is installed, it can be configured to use the internal
database or it can be connected to a fully functional SQL database
server running on the local or a remote system.
Windows Server Backup
currently supports the backup and restore of WSS configuration and
application data natively, if the data is stored within the internal
database. For WSS deployments or Microsoft Office SharePoint Server
deployments that utilize SQL servers, the databases need to be backed up
using a compatible SQL backup agent, or the backup functionality
included within the SQL Management tools. To perform a manual backup of
Windows SharePoint Services, perform the following steps:
1. | Log on to the Windows Server 2008 R2 Windows SharePoint Services server system with an account with administrator privileges.
|
2. | Click Start, click All Programs, click Administrative Tools, and select SharePoint 3.0 Central Administration.
|
3. | When
the browser opens, if prompted, enter a username and password for an
account with administrative privileges on the WSS server.
|
4. | When the SharePoint 3.0 Central Administration website opens, select the Operations tab.
|
5. | Scroll down in the window, and on the right side, under the Backup and Restore section, click on the Perform a Backup link.
|
6. | Near
the top of the window, check the Farm check box to back up the entire
contents and configuration data for the Windows SharePoint Services on
this server, and click on the Continue to Backup Option link located
right above the Farm check box, as shown in Figure 6.
|
7. | On the next page, scroll down and enter the UNC path to store the backup, and click OK to start the backup.
|
8. | On
the next page, click on the Timer Job Status link to view the status of
the backup job. When the new page opens, review the status of the
backup job, as shown in Figure 7, as an initialized job.
|
9. | After
the job has completed, it will be removed from the Timer page upon
refresh. Click the browser’s Back button to return to the Backup and
Restore Status page, and click the Refresh button. Scroll down on the
page to review the result of the backup.
|
10. | Close the browser and log off of the system.
|
