Enterprise solutions such as System Center 2012 Configuration Manager must prepare for both backup and recovery operations to avoid loss of critical data. For Configuration Manager sites, this preparation ensures that sites and hierarchies are recovered with the least data loss and in the quickest possible time. Use the sections in this topic to help you back up your Configuration Manager sites and recover a site in the event of site failure or data loss.

SMS Writer Service

The SMS Writer is a service that interacts with the Volume Shadow Copy Service (VSS) during the backup process. The SMS Writer service must be running for the Configuration Manager site back up to successfully complete.

Purpose

SMS Writer registers with the VSS service and binds to its interfaces and events. When VSS broadcasts events, or if it sends specific notifications to the SMS Writer, the SMS Writer responds to the notification and takes the appropriate action. The SMS Writer reads the backup control file (smsbkup.ctl), located in the <ConfigMgr Installation Path>\inboxes\smsbkup.box, and determines the files and data that is to be backed up. The SMS Writer builds metadata, which consists of various components, based on this information as well as specific data from the SMS registry key and subkeys. It sends the metadata to VSS when it is requested. VSS then sends the metadata to the requesting application; Configuration Manager Backup Manager. Backup Manager selects the data that gets backed up and sends this data to the SMS Writer via VSS. The SMS Writer takes the appropriate steps to prepare for the backup. Later, when VSS is ready to take the snapshot, it sends an event, the SMS Writer stops all Configuration Manager services and ensures that the Configuration Manager activities are frozen while the snapshot is created. After the snapshot is complete, the SMS Writer restarts services and activities.

The SMS Writer service is installed automatically. It must be running when the VSS application requests a backup or restore.

Writer ID

The writer ID for the SMS Writer is: 03ba67dd-dc6d-4729-a038-251f7018463b.

Permissions

The SMS Writer service must run under the Local System account.

Volume Shadow Copy Service

The VSS is a set of COM APIs that implements a framework to allow volume backups to be performed while applications on a system continue to write to the volumes. The VSS provides a consistent interface that allows coordination between user applications that update data on disk (the SMS Writer service) and those that back up applications (the Backup Manager service). For more information about VSS, see the Volume Shadow Copy Service topic in the Windows Server TechCenter.

Back up a Configuration Manager Site

System Center 2012 Configuration Manager provides a backup maintenance task that runs on a schedule and backs up the site database, specific registry keys, and specific folders and files. You can create the AfterBackup.bat file to perform post-backup actions automatically after the backup maintenance task runs successfully. The AfterBackup.bat file is most frequently used to archive the backup snapshot to a secure location. However, you can also use the AfterBackup.bat file to copy files to your backup folder and start other supplemental backup tasks. Use the following sections to help you create your Configuration Manager backup strategy.

Note
Configuration Manager can recover the site database from the Configuration Manager backup maintenance task or from a site database backup that you perform by using another process. For example, you can restore the site database from a backup that is performed as part of a Microsoft SQL Server maintenance plan. Starting in Configuration Manager SP1, you can restore the site database from a backup that is performed by using System Center 2012 Data Protection Manager (DPM). For more information, see Using Data Protection Manager to Back up Your Site Database.

Backup Maintenance Task

You can automate backup for Configuration Manager sites by scheduling the predefined Backup Site Server maintenance task. You can back up a central administration site and primary site, but there is no backup support for secondary sites or site system servers. When the Configuration Manager backup service runs, it follows the instructions defined in the backup control file (<ConfigMgrInstallationFolder>\Inboxes\Smsbkup.box\Smsbkup.ctl). You can modify the backup control file to change the behavior of the backup service. Site backup status information is written to the Smsbkup.log file. This file is created in the destination folder that you specify in the Backup Site Server maintenance task properties.

Use the following procedure to enable the site backup maintenance task for a site.

To enable the site backup maintenance task

 

Verify that the Backup Site Server maintenance task is running successfully after you schedule it, to ensure that you are prepared to recover the site if it fails, and also to help plan for data recovery. Use the following procedure to verify that the site backup maintenance task is completed successfully.

To verify that the Backup Site Server maintenance task is completed successfully

Using Data Protection Manager to Back up Your Site Database

For Configuration Manager SP1 only:

Starting in Configuration Manager SP1, you can use System Center 2012 Data Protection Manager (DPM) to back up your site database. You must create a new protection group in DPM for the site database computer. On the Select Group Members page of the Create New Protection Group Wizard, you select the SMS Writer service from the data source list, and then select the site database as an appropriate member. For more information about using DPM to back up your site database, see the Data Protection Manager Documentation Library on TechNet.

Important
Configuration Manager does not support DPM backup for a SQL Server cluster that uses a named instance, but does support DPM backup on a SQL Server cluster that uses the default instance of SQL Server.

After you restore the site database, follow the steps in Setup to recover the site. Select the Use a site database that has been manually recovered recovery option to use the site database that you recovered by using Data Protection Manager.

Archiving the Backup Snapshot

The first time the Backup Site Server maintenance task runs, it creates a backup snapshot, which you can use to recover your site server in case of a failure. When the backup task runs again during subsequent cycles, it creates a new backup snapshot that overwrites the previous snapshot. As a result, the site has only a single backup snapshot, and you have no way of retrieving an earlier backup snapshot.

As a best practice, keep multiple archives of the backup snapshot for the following reasons:

  • It is common for backup media to fail, get misplaced, or have only a partial backup stored on it. Recovering a failed stand-alone primary site from an older backup is better than recovering without any backup. For a site server in a hierarchy, the backup must be in the SQL Server change tracking retention period, or the backup is not required.

  • A corruption in the site can go undetected for several backup cycles. You might have to go back several cycles and use the backup snapshot from before the site became corrupted. This applies to a stand-alone primary site and sites in a hierarchy where the backup is in the SQL Server change tracking retention period.

  • The site might have no backup snapshot at all if, for example, the Backup Site Server maintenance task fails. Because the backup task removes the previous backup snapshot before it starts to back up the current data, there will not be a valid backup snapshot.

Using the AfterBackup.bat File

After successfully backing up the site, the Backup Site Server task automatically attempts to run a file that is named AfterBackup.bat. You must manually create the AfterBackup.bat file in <ConfigMgrInstallationFolder>\Inboxes\Smsbkup. If an AfterBackup.bat file exists, and is stored in the correct folder, the file automatically runs after the backup task is completed. The AfterBackup.bat file lets you archive the backup snapshot at the end of every backup operation, and automatically perform other post-backup tasks that are not part of the Backup Site Server maintenance task. The AfterBackup.bat file integrates the archive and the backup operations, thereby ensuring that every new backup snapshot is archived. When the AfterBackup.bat file is not present, the backup task skips it without effect on the backup operation. To verify that the site backup task successfully ran the AfterBackup.bat file, see the Component Status node in the Monitoring workspace and review the status messages for SMS_SITE_BACKUP. When the task successfully started the AfterBackup.bat command file, you see message ID 5040.

Tip
To create the AfterBackup.bat file to archive your site server backup files, you must use a copy command tool in the batch file such as Robocopy. For example, you could create the AfterBackup.bat file, and on the first line, you could add something similar to: Robocopy E:\ConfigMgr_Backup \\ServerName\ShareName\ConfigMgr_Backup /MIR. For more information about Robocopy, see the Robocopy command-line reference webpage.

Although the intended use of the AfterBackup.bat is to archive backup snapshots, you can create an AfterBackup.bat file to perform additional tasks at the end of every backup operation.

Supplemental Backup Tasks

The Backup Site Server maintenance task provides a backup snapshot for the site server files and site database, but there are other items not backed up that you must consider when you create your backup strategy. Use the following sections to help you complete your Configuration Manager backup strategy.

Back Up Custom Reporting Services Reports

When you have modified predefined or created custom Reporting Services reports, creating a backup for the report server database files is an important part of your backup strategy. The report server backup must include a backup of the source files for reports and models, encryption keys, custom assemblies or extensions, configuration files, custom SQL Server views used in custom reports, custom stored procedures, and so on.

Important
When System Center 2012 Configuration Manager is upgraded to a newer version, the predefined reports are overwritten by new reports. If you modify a predefined report, you must back up the report before you install the new version, and then restore the report in Reporting Services.

For more information about backing up your custom reports in Reporting Services, see Backup and Restore Operations for a Reporting Services Installation in the SQL Server 2008 Books Online.

Backup Content Files

The content library in Configuration Manager is the location where all content files are stored for software updates, applications, operating system deployment, and so on. The content library is located on the site server and each distribution point. The Backup Site Server maintenance task does not include a backup for the content library or the package source files. When a site server fails, the information about the content library files is restored to the site database, but you must restore the content library and package source files on the site server.

  • Content library: The content library must be restored before you can redistribute content to distribution points. When you start content redistribution, Configuration Manager copies the files from the content library on the site server to the distribution points. The content library for the site server is in the SCCMContentLib folder, which is typically located on the drive with the most free disk space at the time that the site installed. For more information about the content library, see Introduction to Content Management in Configuration Manager.

  • Package source files: The package source files must be restored before you can update content on distribution points. When you start a content update, Configuration Manager copies new or modified files from the package source to the content library, which in turn copies the files to associated distribution points. You can run the following query in SQL Server to find the package source location for all packages and applications: SELECT * FROM v_Package. You can identify the package source site by looking at the first three characters of the package ID. For example, if the package ID is CEN00001, the site code for the source site is CEN. When you restore the package source files, they must be restored to the same location in which they were before the failure. For more information about updating content, see the Update Content on Distribution Points section in the Operations and Maintenance for Content Management in Configuration Manager topic.

Verify that you include both the content library and package source locations in your file system backup for the site server.

Back Up Custom Software Updates

System Center Updates Publisher 2011 is a stand-alone tool that lets you publish custom software updates to Windows Server Update Services (WSUS), synchronize the software updates to Configuration Manager, assess software updates compliance, and deploy the custom software updates to clients. Updates Publisher 2011 uses a local database for its software update repository. When you use Updates Publisher 2011 to manage custom software updates, determine whether you have to include the Updates Publisher 2011 database in your backup plan. For more information about Updates Publisher, see System Center Updates Publisher 2011 in the System Center TechCenter Library.

Use the following procedure to back up the Updates Publisher 2011 database.

To back up the Updates Publisher 2011 database

User State Migration Data

You can use Configuration Manager task sequences to capture and restore the user state data in operating system deployment scenarios where you want to retain the user state of the current operating system. The folders that store the user state data are listed in the properties for the state migration point. This user state migration data is not backed up as part of the Site Server Backup maintenance task. As part of your backup plan, you must manually back up the folders that you specify to store the user state migration data. Use the following procedure to determine the folders used to store user state migration data.

To determine the folders used to store user state migration data

Recover a Configuration Manager Site

A Configuration Manager site recovery is required whenever a Configuration Manager site fails or data loss occurs in the site database. Repairing and resynchronizing data are the core tasks of a site recovery and are required to prevent interruption of operations. Site recovery is started by running the Configuration Manager Setup Wizard from installation media or by configuring the unattended installation script and then using the Setup command /script option. Your recovery options vary depending on whether you have a backup of the Configuration Manager site database.

Important
If you run Configuration Manager Setup from the Start menu on the site server, the Recover a site option is not available. You must run Setup from installation media.
Note
After you restore a site database that was configured for database replicas, before you can use the database replicas you must reconfigure each database replica, recreating both the publications and subscriptions.

Determine Your Recovery Options

There are two main areas that you have to consider for Configuration Manager primary site server and central administration site recovery; the site server and the site database. Use the following sections to help you determine the options that you have to select for your recovery scenario.

Important
For information about secondary site recovery in Configuration Manager SP1, see the Recover a Secondary Site section.
Note
When a previous site recovery failed or when you are trying to recover a site that it is not completely uninstalled, you must select Uninstall a Configuration Manager site from Setup before you have the option to recover the site. If the failed site has child sites, and you have to uninstall the site, you must manually delete the site database from the failed site before you select the Uninstall a Configuration Manager site option or the uninstall process fails.

Site Server Recovery Options

You must start Setup from the System Center 2012 Configuration Manager installation media, or a network shared folder that contains the source files, for the Recover a site option to be available. When you run Setup, you have the following recovery options for the failed site server:

  • Recover the site server using an existing backup: Use this option when you have a backup of the Configuration Manager site server that was created on the site server as part of the Backup Site Server maintenance task before the site failure. The site is reinstalled, and the site settings are configured, based on the site that was backed up.

  • Reinstall the site server: Use this option when you do not have a backup of the site server. The site server is reinstalled, and you must specify the site settings, just as you would during an initial installation. You must use the same site code and site database name that you used when the failed site was first installed to successfully recover the site.

Note
When Setup detects an existing Configuration Manager site on the server, you can start a site recovery, but the recovery options for the site server are limited. For example, if you run Setup on an existing site server, when you choose recovery, you can recover the site database server, but the option to recover the site server is disabled.

Site Database Recovery Options

When you run Setup, you have the following recovery options for the site database:

  • Recover the site database using a backup set: Use this option when you have a backup of the Configuration Manager site database that was created as part of the Backup Site Server maintenance task run on the site before the site database failure. When you have a hierarchy, the changes that were made to the site database after the last site database backup are retrieved from the central administration site for a primary site, or from a reference primary site for a central administration site. When you recover the site database for a stand-alone primary site, you lose site changes after the last backup.

    When you recover the site database for a site in a hierarchy, the recovery behavior is different for a central administration site and primary site, and when the last backup is inside or outside of the SQL Server change tracking retention period. For more information, see the Site Database Recovery Scenarios section in this topic.

    Note
    The recovery fails if you select to restore the site database by using a backup set, but the site database already exists.
  • Create a new database for this site: Use this option when you do not have a backup of the Configuration Manager site database. When you have a hierarchy, a new site database is created, and the data is recovered by using replicated data from the central administration site for a primary site, or a reference primary site for a central administration site. This option is not available when you are recovering a stand-alone primary site or a central administration site that does not have primary sites.

  • Use a site database that has been manually recovered: Use this option when you have already recovered the Configuration Manager site database but have to complete the recovery process. Configuration Manager can recover the site database from the Configuration Manager backup maintenance task or from a site database backup that you perform by using DPM or another process. After you restore the site database by using a method outside Configuration Manager, you must run Setup and select this option to complete the site database recovery. When you have a hierarchy, the changes that were made to the site database after the last site database backup are retrieved from the central administration site for a primary site, or from a reference primary site for a central administration site. When you recover the site database for a stand-alone primary site, you lose site changes after the last backup.

    Note
    When you use DPM to back up your site database, use the DPM procedures to restore the site database to a specified location before you continue the restore process in Configuration Manager. For more information about DPM, see the Data Protection Manager Documentation Library on TechNet.
  • Skip database recovery: Use this option when no data loss has occurred on the Configuration Manager site database server. This option is only valid when the site database is on a different computer than the site server that you are recovering.

SQL Server Change Tracking Retention Period

Change tracking is enabled for the site database in SQL Server. Change tracking lets Configuration Manager query for information about the changes that have been made to database tables after a previous point in time. The retention period specifies how long change tracking information is retained. By default, the site database is configured to have a retention period of 5 days. When you recover a site database, the recovery process proceeds differently if your backup is inside or outsidethe retention period. For example, if your site database server fails, and your last backup is 7 days old, it is outside the retention period.

Process to Reinitialize Site or Global Data

The process to reinitialize site or global data replaces existing data in the site database with data from another site database. For example, when site ABC reinitializes data from site XYZ, the following steps occur:

  • The data is copied from site XYZ to site ABC.

  • The existing data for site XYZ is removed from the site database on site ABC.

  • The copied data from site XYZ is inserted into the site database for site ABC.

Example Scenario 1

The primary site reinitializes the global data from the central administration site: The recovery process removes the existing global data for the primary site in the primary site database and replaces the data with the global data copied from the central administration site.

Example Scenario 2

The central administration site reinitializes the site data from a primary site: The recovery process removes the existing site data for that primary site in the central administration site database and replaces the data with the site data copied from the primary site. The site data for other primary sites is not affected.

Site Database Recovery Scenarios

After a site database is restored from a backup, the Configuration Manager attempts to restore the changes in site and global data after the last database backup. The following table provides the actions that Configuration Manager starts after a site database is restored from backup.

Database backup within change tracking retention period Database backup older than change tracking retention period

Recovered site

Global data

Site data

Global data

Site data

Primary site

The changes in global data after the backup are replicated from the central administration site.

The central administration site reinitializes the site data from the primary site. Changes after the backup are lost, but most data is regenerated by clients that send information to the primary site.

The primary site reinitializes the global data from the central administration site.

The central administration site reinitializes the site data from the primary site. Changes after the backup are lost, but most data is regenerated by clients that send information to the primary site.

Central administration site

The changes in global data after the backup are replicated from all primary sites.

The changes in site data after the backup are replicated from all primary sites.

The central administration site reinitializes the global data from the reference primary site, if you specify it. Then all other primary sites reinitialize the global data from the central administration site. If no reference site is specified, all primary sites reinitialize the global data from the central administration site (the data that was restored from backup).

The central administration site reinitializes the site data from each primary site.

Site Recovery Procedures

Use one of the following procedures to help you recover your site server and site database.

To start a site recovery in the Setup Wizard

To start an unattended site recovery

Unattended Site Recovery Script File Keys

To perform an unattended recovery of a Configuration Manager central administration site or primary site, you can create an unattended installation script and use Setup with the /script command option. The script provides the same type of information that the Setup Wizard prompts for, except that there are no default settings. All values must be specified for the setup keys that apply to the type of recovery you are using.

You can run Configuration Manager Setup unattended by using an initialization file with the /script Setup command-line option. Unattended setup is supported for recovery of a Configuration Manager central administration site and primary site. To use the /script setup command-line option, you must create an initialization file and specify the initialization file name after the /script setup command-line option. The name of the file is unimportant as long as it has the .ini file name extension. When you reference the setup initialization file from the command line, you must provide the full path to the file. For example, if your setup initialization file is named setup.ini, and it is stored in the C:\setup folder, your command line would be:

setup /script c:\setup\setup.ini.

Security Note
You must have Administrator rights to run Setup. When you run Setup with the unattended script, start the Command Prompt in an Administrator context by using Run as administrator.

The script contains section names, key names, and values. Required section key names vary depending on the recovery type that you are scripting. The order of the keys within sections, and the order of sections within the file, is not important. The keys are not case sensitive. When you provide values for keys, the name of the key must be followed by an equals sign (=) and the value for the key.

Use the following sections to help you to create your script for unattended site recovery. The tables list the available setup script keys, their corresponding values, whether they are required, which type of installation they are used for, and a short description for the key.

Recover a Central Administration Site Unattended

Recover a Primary Site Unattended

Post-Recovery Tasks

After you recover your site, there are several post-recovery tasks that you must consider before your site recovery is completed. Use the following sections to help you complete your site recovery process.

Re-Enter User Account Passwords

After a site server recovery, passwords for the user accounts specified for the site must be re-entered because they are reset during the site recovery. The accounts are listed on the Finished page of the Setup Wizard after site recovery is completed and saved to C:\ConfigMgrPostRecoveryActions.html on the recovered site server.

To re-enter user account passwords after site recovery

Configure SSL for Site System Roles that Use IIS

When you recover site systems that run IIS and that were configured for HTTPS before the failure, you must reconfigure IIS to use the web server certificate. For more information, see “Configuring IIS to Use the Web Server Certificate” in the Deploying the Web Server Certificate for Site Systems that Run IIS section in the Step-by-Step Example Deployment of the PKI Certificates for Configuration Manager: Windows Server 2008 Certification Authority topic.

Reinstall Hotfixes in the Recovered Site Server

After a site recovery, you must reinstall any hotfixes that were applied to the site server. A list of the previously installed hotfixes are listed on the Finished page of the Setup Wizard after site recovery and saved to C:\ConfigMgrPostRecoveryActions.html on the recovered site server.

Recover Custom Reports on the Computer Running Reporting Services

When you have created custom Reporting Services reports, and Reporting Services fails, you can recover the reports when you have backed up the report server. For more information about restoring your custom reports in Reporting Services, see Backup and Restore Operations for a Reporting Services Installation in the SQL Server 2008 Books Online.

Recover Content Files

The site database contains information about where the content files are stored on the site server, but the content files are not backed up or restored as part of the backup and recovery process. To fully recover content files, you must restore the content library and package source files to the original location. There are several methods for recovering your content files, but the easiest method is to restore the files from a file system backup of the site server.

If you do not have a file system backup for the package source files, you have to manually copy or download them as you did originally when you first created the package. You can run the following query in SQL Server to find the package source location for all packages and applications: SELECT * FROM v_Package. You can identify the package source site by looking at the first three characters of the package ID. For example, if the package ID is CEN00001, the site code for the source site is CEN. When you restore the package source files, they must be restored to the same location in which they were before the failure.

If you do not have a file system backup that contains the content library, you have the following restore options:

Recover Custom Software Updates on the Computer Running Updates Publisher

When you have included Updates Publisher 2011 database files in your backup plan, you can recover the databases in case of a failure on the computer on which Updates Publisher 2011 runs. For more information about Updates Publisher, see System Center Updates Publisher 2011 in the System Center TechCenter Library.

Use the following procedure to restore the Updates Publisher 2011 database.

To restore the Updates Publisher 2011 database

User State Migration Data

As part of the state migration point site system properties, you specify the folders that store user state migration data. After you recover a server with a folder that stores user state migration data, you must manually restore the user state migration data on the server to the same folders that stored the data prior to the failure.

Update Certificates Used for Cloud-Based Distribution Points

For Configuration Manager SP1 only:

Configuration Manager requires a management certificate that it uses for site server to cloud-based distribution point communication. After a site recovery, you must update the certificates for cloud-based distribution points. For more information, see the About Subscriptions and Certificates for Distribution Points for Windows Azure section in the Planning for Content Management in Configuration Manager topic.

Reprovision Previously Provisioned Intel AMT-Based Computers

After you have recovered the site, perform the following configuration steps:

  1. Request the AMT provisioning certificate again and select it in the out of band service point properties.

  2. Reconfigure the passwords for the following accounts in the out of band management component properties:

    • The MEBx Account

    • The AMT Provisioning Removal Account

    • The AMT Provisioning and Discovery Accounts

For more information about how to perform these steps, see How to Provision and Configure AMT-Based Computers in Configuration Manager.

Then use the following procedure to reprovision Intel AMT-based computers that were previously provisioned.

To reprovision Intel AMT-based computers

Recover a Secondary Site

For Configuration Manager SP1 only:

Secondary site recovery is required when a Configuration Manager secondary site fails. You can recover a secondary site by using the Recover Secondary Site action from the Sites node in the Configuration Manager console. Unlike recovery for a central administration site or primary site, recovery for a secondary site does not use a backup file. Instead, Configuration Manager installs the secondary site files on the failed secondary site computer and then the secondary site data is reinitialized with data from the parent primary site. During the recovery process, Configuration Manager verifies that the content library exists on the secondary site computer and that the appropriate content is available. The secondary site will use the content library, if it exists on the computer and contains the appropriate content. Otherwise, to recover the content library you must redistribute or prestage the content to the secondary site. For more information, see Operations and Maintenance for Content Management in Configuration Manager. When you have a distribution point that is not on the secondary site, you are not required to reinstall the distribution point during a recovery of the secondary site. After the secondary site recovery, the site automatically synchronizes with the distribution point.

You can verify the status of the secondary site recovery, by using the Show Install Status action from the Sites node in the Configuration Manager console.

Important
You must use a computer with the same configuration as the failed computer, such as its FQDN, to successfully recover the secondary site. The computer must also meet all secondary site prerequisites and have appropriate security rights configured. Also, use the same installation path that was used for the failed site.
Important
During a secondary site recovery, Configuration Manager does not install SQL Server Express if it is not installed on the computer. Therefore, before you recover a secondary site, you must manually install SQL Server Express or SQL Server. You must use the same version of SQL Server and the same instance of SQL Server that you used for the secondary site database before the failure.

See Also