Link to home
Create AccountLog in
Avatar of Enigo
EnigoFlag for United States of America

asked on

Lost boot partition RAID 5 Server 2008 R2

I have an interesting dilema.  I was remotely connected to a client's server and made a big mistake.  They had built their own server using an Asus P8B WS motherboard and utilized the on board RAID controller for a RAID 5 array.  When they installed Server 2008 R2, they had an extra drive attached.  What I didn't notice was that Windows had made a partition on the extra drive and made it active (boot).  I was tired and noticed the drive so I made it a spare drive for the RAID.  In doing so I accidentally deleted the active partition.  I had the client boot off of the Server 2008 R2 DVD and got to the point where I had to have them load the drivers.  I had them download the Asus and Intel drivers but none of them would load.  I was doing this so I could have him create a new boot partition using the Bootrec.exe tool.  Anyway, does anyone have any suggestions for getting the partition recognized and a boot partition created?  Wiping this server isn't an option and can't be done without the drivers anyway.  We have tried all the ICH7, 8, 9 and 10 drivers but none of them worked.  A couple of them started to install but had errors installing.  Re-downloaded them etc but to no avail ...

Thank you!
Avatar of David
David
Flag of United States of America image

In making it the spare, you deleted MORE than just the partitioning, you deleted some of the NTFS directory entries.   (The exact amount of damage is going to require a binary editor and some specialized software to repair).  

That is why loading drivers won't cover it, and you just made it worse by trying to load those drivers.  This isn't something anybody can walk you through if you want to recover as much as you can.  You need to take a bit-level image of that formerly hot spare disk into the hands of a pro so he/she can recover what he can.  Getting this system to boot again is going to be painful but I really cant tell you how much data has been lost due to the actions you have taken.

Suffice to say, unless you're willing to spend $3000+ plus, then realistically best you can hope for is turning this into a D:\ drive that is going to have some lost files; files with incorrect names (because that will be lost forever where the NTFS directory entries got hosed; and some number of duplicate files with different timestamps and different names, because the forensic recovery phase has no idea if the file is live, or was a deleted file that hadn't been scrubbed yet.

You might find somebody who will spend a few hours on this in the $500 range with no guarantees.     So bottom line if you don't have $500+ as budget for somebody to even take a crack at it, then restore from a backup.  If you want this to be bootable, prepare to spend several thousand minimum and hope for some good luck.
Got backups?
The difficulty lies with whether the raid5 volume has and can have a partition set as active for use with bcdedit, bootrec to recreate the boot directory.
Backups are likely what is needed to recover data.
As Dlethe pointed out, the existence of the external at the timeof install, may have been used in more than just having the active boot efi/MBR entry.

The raid5 might not have a primary partition that is needed.
ASKER CERTIFIED SOLUTION
Avatar of noxcho
noxcho
Flag of Germany image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Sorry, but doing above will INCREASE the damage.   Consider that when you made the HDD a hot spare, X blocks at the beginning of the drive and Y blocks at the end of the drive were overwritten by metadata. [It is possible Y=0, and we know that X != 0]

We know for a fact that X > 0. I know of some controllers where X is 4MB, 16MB, and 64KB.  In all cases, you'll delete a heck of a lot more than bootmgr.  You won't be deleting the boot folder, you will be deleting the NTFS data that says where the files in the boot loader, and chunks of some of the files are.   You also tried to write more data and mount that disk so you trampled some portion of that busted NTFS area.

If you want data back and want to try a DIY solution, you need to be aware of the nature of the problem.  There is no possible way the damage is tied to a folder. It may behave like it is a folder because the NTFS pointers to where the folder/file names are deleted, but the data is most likely there, your filesystem needs to be taught where they are.  That can';t be done w/o a forensic recovery.
Hmm, dlethe I have done this personally on production server that was configured exactly as the author describe it. Had no damage on it.
That is a typical problem when user has two hdds in system and want install OS on second HDD. In this case Windows will create active partition on first HDD. Because startup process will look for boot files on first HDD alsways.
The user overwrote the beginning of the disk with metadata from a RAID controller.  Just because you did it successfully in the past just meant that the metadata was rather small. You have no way of knowing how many blocks of metadata there are, other than it is enough to destroy at least block #0.     [A binary editor would reveal the extent of the damage, but you have to know what to look for]

Now am I misunderstanding something?  Is problem not that the RAID controller overwrote the boot disk with metadata?
No. His problem ist that he deleted system boot partition aka msr partition. And the system is not booting because system boot files are missing. He tried to use Windows DVD but it needs drivers which are not recognized.
Then I stand corrected, as I incorrectly interpreted what he did was have  the RAID controller overwrote metadata on the boot drive when he told it to create a hot spare.
The major and only possible issue for the user deals with how the RAID 5 volume was setup.  IF there is no primary partition on the RAID 5 volume, there is no way to set an active partition and there is no way to restore booting without rebuilding the boot loader on the externally attached drive.
Not sure how an external (USB/eSATA?) can be included as a hot spare within a SATA RAID MB http://www.asus.com/Motherboard/P8B_WS/#specifications. Was one of the board SATA ports rerouted to an eSATA port to which the external drive is connected?

As dlethe pointed out, the asker is guiding someone else remotely to do certain tasks.
Experience suggests that no matter how explicit/detailed the instructions are, the lay person performing the task may at one point or another give the impression that a task was performed/completed while it either was not or did not return the expected response.

Dlethe pointed to it in the first response, the priority and the first task completed following such a mishap is to get the data off the system as soon as possible even if a backup exits. You do not one to compound one error with a larger one by loosing all user data while trying to fix an issue.
Enigo, if you follow my instructions it will boot with now reason to frightened. The steps I suggest do not consider that you modify file system or RAID. If your system partition with Windows folder on it is still on this RAID then it will work for you.
Avatar of Enigo

ASKER

I chose this answer because it was the closest to the issue I was having.  I later discovered that the OS DVD was actually recognizing the RAID controller but NOT finding the windows directory through the GUI / wizard.  Once we figured this out, (by just trying to open the command prompt) we could access the C: drive and the Windows Directory.  I tried bootrec.exe with the /rebuildbcd, and the /fixboot switches but still no joy.  I am not certain if also running bootrec.exe /fixmbr would have changed the outcome.  I also was able (later through windows; explaination later in this reply) to successfully change the boot drive by running the command "bcdboot c:\windows /s c:" to the C: drive.  This command created the boot folder on the C: drive and C: is now the boot partition.  I am not sure if this would have worked through the recovery command prompt.

I am on a deadline (Monday morning) to get this fixed or the office won't be able to use their software so I took the most painful path of "installing" Windows over the top of the existing installation.  This left all of their data on the drives and I am now in the process of rebuilding AD, DNS etc as well as re-installing their programs.  I inherited this configuration which, in addition to may other flaws, didn't have a systemstate / full backup of this server operating system.  

I want to thank all who answered and, under different circumstances (i.e. no deadline), may have come to the same conclusions I did AFTER I had already done an over-install of Windows (ugh) or even come up with a better one.  After reading some of the replies I also wanted to apologize if I wasn't clear on what was happening.  Thank you noxcho for reading between the lines!
You are welcome Enigo.
Take care
Nox