Solved

NTBACKUP Skips over any file Selected

Posted on 2006-07-10
24
542 Views
Last Modified: 2008-02-07
Hello,

This one has been bugging me for awhile but, I have on PC that I need to replace the HDD on, and I am trying to backup the C drive using ntbackup and here's what happens...

1. I select Files and folders I want backed up, and the system state.

2. I start the backup and it skips over the entire C: drive and move on to the system state (which backs up normally)

The backup report shows:

Backup Status
Operation: Backup
Active backup destination: File
Media name: "Tena.bkf created 7/10/2006 at 11:41 AM"

Backup (via shadow copy) of "C: HP"
Backup set #1 on media #1
Backup description: "Set created 7/10/2006 at 11:41 AM"
Media name: "Tena.bkf created 7/10/2006 at 11:41 AM"

Backup Type: Normal

Backup started on 7/10/2006 at 11:43 AM.
Backup completed on 7/10/2006 at 11:43 AM.
Directories: 0
Files: 0
Bytes: 0
Time:  1 second
Backup (via shadow copy) of "System State"
Backup set #2 on media #1
Backup description: "Set created 7/10/2006 at 11:41 AM"
Media name: "Tena.bkf created 7/10/2006 at 11:41 AM"

Backup Type: Copy

Backup started on 7/10/2006 at 11:43 AM.
Backup completed on 7/10/2006 at 11:48 AM.
Directories: 173
Files: 2547
Bytes: 501,417,866
Time:  5 minutes and  10 seconds



I have the C; drive permissions set to everyone > full control ( for testing purposes only)
C drive is NTFS with 14.3 GB capacity and 600 MB freespace.

I know it's something I'm missing (something probably really stupid) :)

Thanks,
shimswe

0
Comment
Question by:shimswe
  • 11
  • 11
24 Comments
 
LVL 16

Expert Comment

by:Joe
ID: 17075844
If you are having problems with the Windows backup as a temorary solution you could use another free backup program called Cobian backup it works great.

http://www.educ.umu.se/~cobian/cobianbackup.htm

Joe
0
 
LVL 3

Expert Comment

by:jm-johnmeyer-us
ID: 17076086
Did you carefully check all the options?  There is an exclude section that could be used exclude the entire C:\*.* if it was set up wrong.  Also, in addition to system state, are you clicking on the root of C:\?
0
 

Author Comment

by:shimswe
ID: 17076723
jm-johnmeyer-us,

I have checked the exclusions and there are the typical exclusions in the list but not the entire c drive.

Also, I have tried to backup individual files as well as checking the root of C: with the same result.

Thanks for the quick response's

Shimswe

0
 
LVL 3

Expert Comment

by:jm-johnmeyer-us
ID: 17077094
Can you go into services, and see if Volume Shadow Copy is disabled?  Should be enabled.  Does not have to be running, just enabled.  If it is enabled, then can you try starting it manually and see if there are any errors in event viewer?  

(Control Panel->Administrative Tools->Services)
0
 

Author Comment

by:shimswe
ID: 17082761
Sorry it took so long to back to you. VSS is enabled and there are no errors in the event viewer. Just looks like business as usual.
0
 
LVL 3

Expert Comment

by:jm-johnmeyer-us
ID: 17082857
Go into BACKUP and from the file menu, choose 'save selections as'.  This saves to a .BKS file.  Open in notepad and post here.  Here's an example of mine for your reference:

C:\Documents and Settings\John.MEGALON\
C:\
C:\Media\ /Exclude
C:\gobackio.bin /Exclude
SystemState
0
 

Author Comment

by:shimswe
ID: 17082951
OK here is what I get with the selections:

C:\
SystemState

That's it
0
 

Author Comment

by:shimswe
ID: 17082993
Here's a better with each folder selected individually:

C:\cdrom\
C:\Client32.31\
C:\client32.25\
C:\CMITSWIN\
C:\Config.Msi\
C:\CWONDERS\
C:\Documents and Settings\
C:\Dosboot\
C:\drivers\
C:\FBI\
C:\HP\
C:\HP Internet\
C:\I386\
C:\icu\
C:\IDAPI\
C:\imouse\
C:\MSDOS7\
C:\My Documents\
C:\My WebEx Documents\
C:\oldtrsg\
C:\pdf995\
C:\Program Files\
C:\Quickenw\
C:\Recycled\
C:\RECYCLER\
C:\System Volume Information\
C:\temp\
C:\TRAWIN\
C:\TVALUE3\
C:\unzipped\
C:\WINDOWS\
C:\WUTemp\
SystemState
0
 
LVL 3

Expert Comment

by:jm-johnmeyer-us
ID: 17083039
Well, I'm convinced you are not missing anything.  

Any chance someone could have monkeyed with the permissions?   When you set the C:\ drive permissions, did you set the NTFS permissions, and ensure they were propagated down to all subdirectories/files?
0
 

Author Comment

by:shimswe
ID: 17083083
Yes I did, when i set the permissions to everyone >full control I checked the replace permissions on all child objects on the advanced tab.
0
 
LVL 3

Expert Comment

by:jm-johnmeyer-us
ID: 17083293
Okay.  Please send me the content of this registry key.  If it's not feasible to send me the content, then check it yourself.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup

I've included an example for your reference.

Client Side Cache %SystemRoot%\csc\* /s  
ComPlus %SystemRoot%\Registration\*.crmlog /s
Internet Explorer %UserProfile%\index.dat /s
Memory Page File \Pagefile.sys
MS Distributed Transaction  %SYSTEMROOT%\System32\DTCLog\MSDTC.LOG
NtFrs %systemroot%\ntfrs\jet\* /s
%SystemRoot%\debug\NtFrs*
%systemroot%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory\* /s
%systemroot%\sysvol\domain\NtFrs_PreExisting___See_EventLog\* /s
%systemroot%\sysvol\staging\domain\NTFRS_*
 
Power Management \hiberfil.sys
Temporary Files %TEMP%\* /s

0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 3

Expert Comment

by:jm-johnmeyer-us
ID: 17083332
I'm sorry this is taking so much time.

Another thing you might try quickly, is after clicking Start Backup..., choose Advanced and then  choose 'Disable Volume Shadow Copy' on the options tab.
0
 

Author Comment

by:shimswe
ID: 17083416
Here you go,

ASR Error File %SystemRoot%\repair\asr.err
ASR Log File   %SystemRoot%\repair\asr.log
BITS_metadata  C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\*
Catalog Database %SystemRoot%\System32\CatRoot2\* /s
Client Side Cache %SystemRoot%\csc\* /s
DRM  C:\WINDOWS\All Users\DRM\* /s
Internet Explorer %UserProfile%\index.dat /s
Memory Page File \Pagefile.sys
Microsoft Writer (Bootable State) %SystemRoot%\Registration\*.clb
                                                \*.crmlog /s
MS Distributed Transaction Coordinator C:\WINDOWS\System32\MSDtc\MSDTC.LOG
                                                          C:\WINDOWS\System32\MSDtc\trace\dtctrace.log
Netlogon %SystemRoot%\netlogon.chg
Power Management \hiberfil.sys
Registry Writer %SystemRoot%\system32\NtmsData\*
SUS Client %SystemRoot%\SoftwareDistribution\* /s
System Restore \System Volume Information\_restore{A6C7E5B7-B936-4A30-98B4-B8B4F757AD13}\* /s
Task Scheduler %SYSTEMROOT%\schedlgu.txt
Temporary Files %TEMP%\* /s
VSS Default Provider \System Volume Information\*{3808876B-C176-4e48-B7AE-04046E6CC752} /s
VSS Service Alternate DB \System Volume Information\*.{7cc467ef-6865-4831-853f-2a4817fd1bca}ALT
VSS Service DB \System Volume Information\*.{7cc467ef-6865-4831-853f-2a4817fd1bca}DB
Winlogon debug %WINDIR%\debug\*
0
 

Author Comment

by:shimswe
ID: 17083456
After Disable Volume Shadow Copy I get the same result. Another helpful thing. The files won't even enumerate when you start the backup. Curious......
0
 
LVL 3

Expert Comment

by:jm-johnmeyer-us
ID: 17083507
That looks clean.

Please do a full backup of C:\, no system state, log details, disable volume shadow copy.  Let's see what the log says.

What are you using for spyware/adware/virus/worm protection on this machine?  Are you running the latest service pack / windows update?  Any chance you are using a version of NTBACKUP that has not been subject to windows update?   Was the machine previously infected with a virus and then cleaned?

If we  can't get this working, you can XCOPY the files (you'll need to use some switches, stop services with open files, and review the log) and then restore this and then restore the system state from the BKF.  May not be worth it if your OS is corrupted.  Or maybe we should try Joe's backup utility.  On your restore, are you restoring to a different hard drive?

Thanks,

John.
0
 
LVL 3

Expert Comment

by:jm-johnmeyer-us
ID: 17083604
Looking at that list again -- if your TEMP variable is not set, it might be excluding all of C:\.  Please go to command prompt and type SET.  What is your temp variable set to?
0
 
LVL 3

Expert Comment

by:jm-johnmeyer-us
ID: 17083618
Here is mine for you reference:

SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JOHN~1.MEG\LOCALS~1\Temp
TMP=C:\DOCUME~1\JOHN~1.MEG\LOCALS~1\Temp
USERDNSDOMAIN=JOHNMEYER.LOCAL
USERDOMAIN=JOHNMEYER
USERNAME=john
USERPROFILE=C:\Documents and Settings\John.MEGALON
0
 

Author Comment

by:shimswe
ID: 17083627
John, here is the Log:

Backup Status
Operation: Backup
Active backup destination: File
Media name: "Tena.bkf created 7/11/2006 at 10:29 AM"

Backup of "C: HP"
Backup set #1 on media #1
Backup description: "Set created 7/11/2006 at 10:29 AM"
Media name: "Tena.bkf created 7/11/2006 at 10:29 AM"

Backup Type: Normal

Backup started on 7/11/2006 at 10:29 AM.
Backup completed on 7/11/2006 at 10:29 AM.
Directories: 0
Files: 0
Bytes: 0
Time:  1 second

----------------------
As for your other questions, I am using NAV corp v9., all SP's and updates are installed. Not really sure about virus's then cleaned. It's an older machine and the guy I took over for isn't in contact anymore. I will be restoring to a differnt HDD


0
 

Author Comment

by:shimswe
ID: 17083706
TEMP=C:\windows\TEMP -->for the system and
TEMP=C:\DOCUME~1\JSHIMA~1\LOCALS~1\Temp -->for the user
0
 
LVL 3

Expert Comment

by:jm-johnmeyer-us
ID: 17083752
I'd try disabling NAV, just on the off chance it is interfering. If not, here's the procedure for the manual restore:

Stop services on the machine that keep files open, including MS SQL Server. It also looks like he had some development tools on that machine.  

Here are the commands to do the manual backup restore, assuming a network drive is on F:

XCOPY C:\*.* F:\BACKUPDIR /S/H/K/C > logfile.txt

Review the log file. If you see some files that are not part of system state that could not copy, then you'll need to find the service/program associated and stop it manually.

Then, restore to the other drive, after installing fully patched OS:

XCOPY F:\BACKUPDIR\*.* C:\ /S/H/K/C > logfile.txt

Review the log file again.  It should only be skipping system state files.

Then run NTBACKUP and restore the system state.  The system should ask for a reboot at this point.

This is, of course, a real pain, and there is risk we will miss some open files for some application you need.  I wish I could think of something else to try or check.
0
 
LVL 3

Accepted Solution

by:
jm-johnmeyer-us earned 125 total points
ID: 17083774
actually, that's

XCOPY C:\*.* F:\BACKUPDIR /E/H/K/C/G > logfile.txt

and

XCOPY F:\BACKUPDIR\*.* C:\ /E/H/K/C/G/R > logfile.txt

to get the empty directories and encrypted files in case necessary.
0
 

Author Comment

by:shimswe
ID: 17083778
John,

I will try some of your suggestions tonight. I gotta go to a client right now. Thank you again for all of your help and quick responses.

Joe
0
 

Author Comment

by:shimswe
ID: 17234727
Thanks for all of your help John I finally figured it out by booting into safe mode, deleting the exclusions and then rebooting noramally and then it started backing up.

Thanks again the points are yours,
Joe
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Most of the time we are in fix when all of sudden our systems behave weirdly.  Such problems cost time and effort... so it's best to take some preventive actions so that we can avoid such issues or overcome such problems more easily. Preventive M…
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now