Request for help restoring Server 2008

April 4, 2011 at 09:16:01
Specs: Windows XP

I have been trying to restore a damaged Server 2008 system and have encountered problems
all along the way. I've reached a point now where I've basically run out of ideas (and
Google research) and I'm hoping someone here can help!

The system is a domain controller, 32-bit, running Server 2008 (no Hyper-V). This system
has been running for a few years and has quite a few disks installed, along with quite a
few partitions.

Windows was installed and running on partition O:. In February, I decided to do a system
backup to an external hard drive (letter W: at the time). I did a "system" backup rather
than all drives.

About a week ago, a virus got onto the system that did a what appears to be a great deal of
damage. The system crashed and attempted to reboot. Just after the boot selection screen,
an error screen appeared stating that winload.exe could not be found.

I suspected partition damage so I powered off the machine and booted it from a utilities
disk that includes partition utilities. Every utility informed me that there was no longer
any filesystem on what used to be the O: partition. Other partitions on other drives were
apparently also damaged.

I next tried a partition recovery utility and scanned the old O: partition for files, then
perused the results. The resultant files/folders did look like what used to be the O:
drive, but I immediately noticed many unusual .EXE files with short, strange names all over
the place (root directory, windows directory, system32 directory, etc.) Every one of these
files had a date/time stamp exactly corresponding to the date and time of day the virus
caused the system to crash. Looking at all of these files led me to the conclusion that
the original filesystem was too polluted to try to repair, and I decided to restore the
system from the backup made two months ago.

I rebooted from the 2008 install disk and chose "Repair" then command prompt. Querying the
backup I saw that two partitions were apparently included: O: and C:. Having O: in the
backup made perfect sense since that's where the OS resided. I assumed that C: must also
have contained some relevant files.

I attempted to restore the O: partition from the backup using wbadmin. I repeatedly got
errors from wbadmin having to do with the target partition not being available. After
trying several approaches without success, I decided to start with a freshly-formatted
partition on which to restore the backup. So I reformatted that partition.

After reboot I ran the repair console again. I ran DISKPART to discover that the newly
formatted partition was no longer drive O: (it was F:). Using DISKPART I changed it to O:
and attempted to reboot the restored OS.

Everything looked good, until around the time the desktop background should have first
appeared. Seemingly just before that, the system suddenly did a hard reboot.
I wondered if, since C: was also included in the backup, that had to be restored also, so I
followed the same procedure to reformat then restore it.

Once that was done, I ran DISKPART again only to discover that the OS partition was no
longer O:. Moreover, when I tried to use DISKPART to switch it back to O:, I received the
infamous "Directory not empty" error. I did a lot of research on that error but nothing
seemed to help me. A "list volume" in DISKPART did not show me any other partition using
O:, yet it steadfastly refused to let me assign to that letter.

Out of desperation I tried assigning "P:" to the OS partition, and that worked.

On next reboot, I was back to the "missing winload.exe" error I started with %^(.
I went back to repair console and checked BCDEDIT to find that the "device" and "osdevice"
parameters for 2008 were set to "unknown". I tried setting them to "partition=p:". This
got rid of the missing winload.exe error, but now I am back to the system doing a hard
reboot just before the desktop should appear.


I appreciate any and all suggestions (other than reinstalling from scratch), but
specifically there are a few things I wonder about:

1) Could the OS be crashing because the partition layout isn't exactly the way it was
previously? I can't think of a reason why this would be, unless it expects to find some
paging file(s) on certain partitions and they're not there anymore.

2) Why can't I get the OS partition back to being O:?

3) Is there some type of boot log file I can look at to help me troubleshoot the crash
during startup?

Thanks for any and all help!!!

I wonder if EVERY partition has to be exactly as it was before the first crash.

See More: Request for help restoring Server 2008

Report •

April 4, 2011 at 11:38:44
"I wonder if EVERY partition has to be exactly as it was before the first crash."

Of course they do.

You did not follow any standard server recover methodology.

You say you did a "system" backup but not a backup of all drives. Eh?
Why are you not doing full backups of everything including system state?
What did get backed up?

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's

Report •

April 4, 2011 at 13:02:11
> You did not follow any standard server recover methodology.

I did carefully read the documentation for the backup and restore procedures. It does state that different backup types are supported ( Referring to this documentation, I chose what Microsoft refers to as the "Critical Volumes" backup, which is supposed to back up everything necessary to "restore the operating system".

In my specific case, partitions C: and O: were identified as being necessary for this type of backup. These were not chosen by me, but rather by the backup software.

I did not do a backup of all drives because there is a lot of data on those other partitions. My intention was to perform a backup that would allow me to restore the operating system, in the event it became irreparably damaged (which is exactly what happened.)

If I had some utility partition (let's say K: for discussion sake), which had no programs installed and just had data files, I'm not sure I understand why the OS would repeatedly crash if it went away between boots.

I guess my main questions are still:

1) Is there a log file or something I can look at to determine why the OS keeps crashing?

2) Why won't DISKPART allow me to assign drive letter O: to the restored partition?

Thanks for your reply.

Report •

April 4, 2011 at 13:56:05
I would suggest a fresh install of 2008 with the same number of partitions as before.
Then, from within 2008 do a restore of the backups you made.
Hopefully the restore will put the original registry back along with the drive letters and you will be operational.

Key here is the system state was included in the backup. It contains the registry which is vital to your restore.

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's

Report •

Related Solutions

Ask Question