How to Configure Backup and Recovery for Microsoft SCCM

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

I have to take issue with your choice of stock image for the thumbnail. It's been my experience that no smiling takes place when you need to recover a site.

👍︎︎ 3 👤︎︎ u/dork_warrior 📅︎︎ Dec 13 2018 🗫︎ replies

Accompanying blog post at https://setupconfigmgr.com/microsoft-sccm-backup-and-recovery-guide.

You can also follow me on Twitter for more #SCCM tips and tricks at https://twitter.com/SetupConfigMgr

Overview

In this video guide, we will be covering how to perform a backup and restore of a Configuration Manager site. This guide will include using the default “Backup Site Server” site maintenance task as well as how you can use a native SQL Backup as another option. We will also cover how to backup additional items not included in the “Backup Site Server” such as the SCCMContentLib, WSUS Database, Source Files, and the WSUS Content folder.

Topics in Video

Review two backup options using built-in “Backup Site Server” maintenance task or a SQL Backup – https://youtu.be/puQyt3aJsmY?t=42
Review what the default backup maintenance task backs up – https://youtu.be/puQyt3aJsmY?t=144
Overview of AfterBackup.bat and how it can be used to copy local content not included in the backup task – https://youtu.be/puQyt3aJsmY?t=251
Review items that aren’t included in the default backup site maintenance task – https://youtu.be/puQyt3aJsmY?t=342
Enable the default “Backup Site Server” maintenance task and back up to a remote UNC share – https://youtu.be/puQyt3aJsmY?t=468
Create an AfterBackup.bat in “Inboxes\Smsbkup.box” folder to also copy the SCCMContentLib, WSUS Content, and Source Package folder – https://youtu.be/puQyt3aJsmY?t=650
Review if local SCUP database needs to be backup up – https://youtu.be/puQyt3aJsmY?t=826
Manually perform initial backup by starting the “SMS_SITE_BACKUP” service – https://youtu.be/puQyt3aJsmY?t=1041
Review how AfterBackup.bat get run after each site backup – https://youtu.be/puQyt3aJsmY?t=1096
Review what the “Backup Site Server” task actually backed up – https://youtu.be/puQyt3aJsmY?t=1175
Review content downloaded (ADK, SQL, .Etc) to allow faster re-install of a site server and how to document the current site server details – https://youtu.be/puQyt3aJsmY?t=1259
Review how to set up a SQL maintenance plan to back up the WSUS DB as well as how to back up the SCCM Database if you prefer using a SQL Backup plan instead of the “Backup Site Server” maintenance task – https://youtu.be/puQyt3aJsmY?t=1523
Use custom task scheduler for copying SCCM content like SCCMContentLib, WSUS Content, Sources, CD.Latest if you decide to use a backup task not using the site backup maintenance task – https://youtu.be/puQyt3aJsmY?t=1895
Reimage site server using Server 2019 (Previous OS was 2016) on the site server to perform recovery – https://youtu.be/puQyt3aJsmY?t=2133
Install .NET 3.5 on the Site Server- https://youtu.be/puQyt3aJsmY?t=2336
Install IIS – https://youtu.be/puQyt3aJsmY?t=2399
Install Windows 10 ADK – https://youtu.be/puQyt3aJsmY?t=2418
Install SQL 2017 and CU12, SQL Management Studio, and Reporting Services – https://youtu.be/puQyt3aJsmY?t=2540
Restore WSUS Database – https://youtu.be/puQyt3aJsmY?t=2720
Restore CM_PR3 Site Database backup from SQL – https://youtu.be/puQyt3aJsmY?t=2807
Restore backup up content (SCCMContentLib, WSUS, Sources, and CD.Latest) using RoboCopy – https://youtu.be/puQyt3aJsmY?t=2915
Install the WSUS Role Service – https://youtu.be/puQyt3aJsmY?t=3075
Since the MP, DP, and SUP was using HTTPS on the Site Server, we need to request a new Web Server Cert and bind it to the Default Web Site and WSUS Website – https://youtu.be/puQyt3aJsmY?t=3391
Launch the restore process using the CD.Latest setup files – https://youtu.be/puQyt3aJsmY?t=3505
After core setup completes, review sitecomp.log to validate the site system roles install successfully – https://youtu.be/puQyt3aJsmY?t=3820
Review accounts that need to have the password manually re-entered after the restore from C:\ConfigMgrPostRecoveryActions.html – https://youtu.be/puQyt3aJsmY?t=3895
Validate clients are talking the to MP and review site status after restore – https://youtu.be/puQyt3aJsmY?t=4144

Helpful Resources:

Back up a Configuration Manager site – https://docs.microsoft.com/en-us/sccm/core/servers/manage/backup-and-recovery
Recover a Configuration Manager site – https://docs.microsoft.com/en-us/sccm/core/servers/manage/recover-sites
Scripts Used for RoboCopy Backup

👍︎︎ 2 👤︎︎ u/PatchMyPCTeam 📅︎︎ Dec 13 2018 🗫︎ replies

Captions

hi my name is Justin shellphone I'm the founder and engineering leader patch my pc we develop a third-party patch management solution that integrates in a Microsoft configuration manager prior to my current role I was also a premier field engineer at Microsoft supporting config manager in this video based on our recent Twitter poll we're going to be talking about the backup and recovery process of a config manager site more specifically the site server so we'll go ahead and get started we are going to run through the full process of performing a backup as well as a complete recovery of our site system so the first thing that we'll cover is kind of the different scenarios or options that you have to actually perform your initial backup of your site so looking at our backup documentation we go ahead and zoom in here there's really two different options that you can do for performing a site backup the first one is going to be you can use the built-in config manager maintenance task that's going to perform a backup of your site database as well as a few additional files and folders relevant to your site the second option is that you can have a backup performed outside of config manager for your site database and perform a recovery based on that backup so for example you could use a sequel server maintenance plan or something like data protection manager to backup your site database we'll be talking about both of these options in today's video now another interesting thing that came out in the 1806 build of current branch is this new feature called high availability essentially it allows you to have two site servers running at once one active and one passive and in the event that your active site server went down you could just have your passive one and promote that to become active so that one is a feature that can help you with high availability and possibly reduce the impact if you ever did have a site server that went down this is going to be a separate topic that I'm going to talk about in the future for today's video we're just gonna be talking about the core backup and recovery which is still going to be a good thing to understand and you want to make sure that you still have a good backup and recovery plan even if you were using the hype ability feature of course in 1806 alright so first thing we want to talk about is what actually gets backed up or what needs to get backed up in order to perform a recovery so if you went to the option and use the default maintenance plan option config manager is gonna automatically backup based on the schedule that you define your site database so that's the biggest piece we absolutely need that in order to restore it's going to back up a few registry keys related to the installation and a few files and folders that's going to include the things like your logs directory and your inboxes but neither of these two are required to do the recovery and then lastly it does back up your CD dot latest folder so the CD dot latest folder in current branch is going to be where the current installation so if we look at our installation of SCCM we can see that this CD dot latest is just the installation for the current build that we have installed so in our case it's 1810 so this would be something that gets automatically backed up so that when we did our restore we would be able to actually perform the reinstallation of the site and point to the recovery using that CD dot latest from the build that we were previously running so that's an important piece to backup even if you're using a alternative backup like a sequel maintenance plan you still want to make sure that we have that CD dot latest folder and back that up a quick note it is recommended to run a backup for sequel at least every five days just because that's the way the scheduling is for retention tracking to make sure that you have your backup within that period of days you want to make sure that you're running it at least every five days another thing that we will be covering in this video is this after backup dot bat so this is a file that we can have within our directory for our backup inbox and it's going to automatically run any commands that you have within this batch file automatically in the site maintenance task so for example let's say that CCAM is gonna back up your site database is going to back up the CD doubt latest but there's some other things that we want to include in our backup that isn't natively done within the maintenance tasks so things like your content library maybe you have your package sources on your site server any of those additional folders that we want to include we could include in this after backup dot bat file and that could automatically run and backup any additional content that we want to use alright so that looks good I don't think there's a whole lot else I need to cover here let's take a look go so here's just an example command of how you could run a robocopy within the after backup dot bat to do something like mirror a local directory on your server to a remote backup so this is something that will actually be performing here in our video ok and so here we go so here's some stuff that I want to talk about so your default maintenance task is not going to backup everything that you really need so for example the content library on your site server is not going to be backed up using the default maintenance task you would want to make sure that you have another plan to back up that content library for SCCM to a remote share another thing if you're using your packet source file so things like packages application software update groups if any of your packet source files are also shared out from your site server you're going to want to make sure that you also include those in case you have to rebuild the site server your config manager site still has access to any of those source locations that you use for your packages so for example they do have a command where you can kind of analyze what packages are out there that are using a certain path so I'll include this sequel script within my description and the video below but just to show you how you can kind of validate if you are using any Content source packages and if you're pointing your site server so I'm gonna go ahead and run the script so what we're basically doing we're saying let's select all of our packages the ID the name in the path from our packages but let's look at where the source path is like Wack Wack sec m3 so in my scenario SCC m3 is our site server that is running our host so let me go ahead and execute this on my SCCM database and for example we can see that all these built-in ones we can basically ignore because they're going to get restored with the site backup but we do see we do have a software update package that is pointing out to a local UNC path on my site server so if you don't host your packages remotely you will want to make sure that you also include any of that source content within your backup as well so the first option that we're going to look at is we're gonna go ahead and just use the built-in site maintenance task to perform the backup now the advantage of this is it's pretty simple you can do it directly from the console but you don't get any type of compression for your sequel database so depending on how much free space there is your database backup could be pretty large without the compression feature as compared to if you were to do it via sequel management studio and just set up like a backup job directly in sequel where it could compress that database as well that's one of the advantages that a sequel backup has that the maintenance task would not perform so the first thing that will kind of go over is how we would actually set that up now I have on a remote server so we have this remote server here I've already created a backup folder and I've already shared that out now within the share I've already get granted permissions to the computer object of my site server so our SC cm3 server that's going to be performing the backup since it runs under the computer context or the system account we want to make sure that computer account has full control to this backup folder so we can create the backup now I have also added my sequel server account that's running my sequel service because we're also going to perform a sequel backup using the built in plan and sequel so we've also assigned that service account permissions as well so that looks good so if we come back to our site server and if we look at our site maintenance and we can go ahead and look at the backup site server task and the first thing I'm going to do is go ahead and browse out to that remote UNC path that we shared out for our backups that we're gonna use to actually perform the backup and host that content so within here here's our UNC path so we're gonna point this the Asus backups site pr3 now the default backup is going to create a new folder called site code so our site code is PR 3 and then backup so we're just go ahead and define the root folder here so we're just copy this and we'll enable that task and we're going to set the option to use a UNC path so we don't have to worry about doing any type of copying from the local machine to a UNC path afterwards we're just going to go ahead and browse out and paste that path directly in here so it's going to save it directly to that UNC path so we're going to run it between 2 a.m. and 5 a.m. and we're gonna run it on Monday Wednesday and Fridays I'm also going to enable the option to enable alerts if it fails so we'll go ahead and apply that and then do ok all right so that looks good now in order for us to backup some of the additional content that's not going to be included that's where we can make use of that after backup dot bat file so we can do things like copy additional content folders from this machine so first thing I'm going to show you is our content library so we already mentioned that the content library is not going to get backed up so for my machine the content library exists on the J drive so we've got our content library here that's going to be where any any files that you import using like a package and application software update package all of that data gets put in the content library on your site server and that's going to be the path that it uses whenever it distributes that content to remote dps so this is going to contain any content or binary file that you've ever created within any package source location so we're going to want to make sure that we are you know backing this content up because if we recall the content library is not going to be included in the default maintenance task we want to make sure that we back that up separately the next thing that we want to look at is that sources directory so if you remember we had some packages shared out and it was shared out from the site server so if we look at our I Drive this sources folder this is where that UNC path so if we go whack-whack se cm3 and look at our sources this is where our application sources as well as our software update package that we saw this is going to be where it's actually being shared from so we also want to make sure that we backup that source folder as well so that in the event that we had to recover our server we could share that folder out when we recover it now of course if you have your content sources on some remote UNC path or file share that is not on your site server you wouldn't have to worry about backing that up because it's already remote and then finally for my site just for this scenario I am actually running a lot of my site system roles on my site server so for example we can see that we have a lot of common roles on here but more specifically the one that we have is the software update point so we are going to want to make sure that we also backup our wsus database as well as our content for W sauce so within my W sauce if you if you're not sure where your W sauce content is you could quickly go out the H key local machine software Microsoft Update Services server and then setup within the setup it will tell you your content directory for the W sauce content so it looks like this one is on JW sauce so if we go here and look at this this is going to contain any of our WCS content so for example things like EULA's would be stored here if you're publishing third-party updates that content will also get stored in WS content folder so we want to also make sure that we include that in our backup and then back to our backup guide the other thing if you are using scup I think at this point most people have probably moved away from scup if they're doing third-party updates and they're probably using either the native 1806 feature or if they're using our solution patch my PC they're probably using our publishing service for publishing updates but in the scenario that you are using scup you would want to make sure that you grab your local Scott database file from your user profile that we can see here alright so what we determine in our environment we're going to want to make sure that we copy our content library our WCS content folder as well as our package source since that's hosted on our site server now in order to automatically back this up along with our config manager site backup task what we're going to do is use that after backup dot bat so if we go ahead and look at our inboxes so back in our documentation if we recall that using the app there back up here in order to actually make use of this we have to create the batch file right so we have after backup dot bat and that if that file exists within our backup so sms backup dot box within our inboxes it's gonna automatically initiate that after each backup backup task runs all right so let me go ahead and go to that inbox for the backup and let me go ahead and delete what I had there before just so we can start clean now within my backup location let me see if I still have that here I've already created some scripts so we have our after backup dot bat that I want to use within my default backup task so I'm gonna go ahead and paste that directly in our inbox and what we're essentially doing here is very simple it's just the batch file and that's what SCCM uses we're just basically doing a robo copy from our local directory so there's our content library that we want to backup here's our wsus content folder and here's that sources folder for our packages so we're basically just Robo copying that to the UNC path so back over there on that backup right and we are using the MIR switch so we're basically mirroring the local directory into that UNC path so that's going to basically copy everything exactly how it exists locally and if anything changes any future backup that runs will just do whatever incremental changes have occurred since that previous backup so this is extremely simple but I mean for what you want to do here it's it really works perfectly fine we also log out the results to a log file so we're writing everything out and piping that to a log so we can see all the Robo copy file as everything that's going on within a log file so by having that within our sms backup box whenever a maintenance task performs a site backup it's going to automatically copy that content as well all right so that looks good so let's just go ahead and browse out to that directory and if we take a look so when we run our backup we're pointing it out to the backup content so if we take a quick look back at that robocopy it's going to copy everything here to that pr3 backup content folder so in order to go ahead and run a test when config manager actually performs a site backup during that period of time that we define and on the day that we define it's essentially just launching the sms site backup service so we can see it's set to manual so whenever this gets triggered it's going to automatically start a backup so I'm gonna go ahead and manually run that and if we go ahead and take a look at our log files we can see the SMS BK up dot log that's going to log out all the status of the config manager back up so for example here in a few minutes we should see it copying the database files to that UNC path and then we'll also see it doing a copy of like this CD dot latest folder and then at the end we'll see it launch our batch file so I'll go ahead and pause that while we wait for that to copy all right so we took about probably three or four minutes for everything to get copied here but here at the end we can see that it successfully started after backup dot bat so if we go ahead and zoom out of here and if we take a quick look at our command prompt we should see our batch file running so here we are we can see that it did in fact automatically run our batch so that's currently running those robocopy commands if we look back at our inboxes since we piped out our logs so we piped out the robocopy output to our log file we can see pretty much everything happening for the file copy so we can see all these new files it's creating now this first one is obviously going to take a little bit longer because there's there hasn't been a copy performed yet so if we come back and look at our folder structure for the backup go we can see that it's currently backing up the content library so after that it's gonna go ahead and do wsus and then it's going to perform the source folder copy so we'll just kind of monitor that while we wait for that to complete we can go ahead and check out what happened for our site maintenance backup so using the default maintenance task that created this pr3 backup folder so we can see that it you know it got that CV dot latest it got our database and then it got a few different things from our site server so we look at the CD dot latest that's going to be that folder structure that we could use to perform our reinstallation the site database that's going to be our MDF and our log file for our config manager site database so in my case I did have a few additional secondary files that I created so you might have some or for you it might just be the MDF and then the LD F for the actual database backup so that's going to be the full database that we could restore and then the site server these are the a few additional directories that we have so for example you know your inboxes so it's going to grab some of the active inbox that might be processing data at the backup also the log files of the site server so these aren't really required for you to restore these are just a few additional things that the default task will get you it does also include the log file of the backup that was performed all right now one of the thing that I do want to talk about is this recovery prerequisites so what I've done within my environment I've already downloaded some of their prerequisites that I would need in order to reinstall SCCM in the event that I had to rebuild my site server so for example I've already got sequel server downloaded and ready to install I've already got the windows 10 ATK I have also created some documentation about my current server which is basically just some screenshots so for example I took a screenshot of the disk management layout so just kind of what's going on on that previous server to understand you know how I might want to rebuild my dis structure I also took a screenshot of sequel server configuration manager more specifically you want to make sure that you understand if your sequel server service is running under a service account or just the system account and then our sequel server agent so you want to you know just kind of understand you want to reinstall sequel with this specific service account if you had to rebuild or maybe you're just using the default system account on the local machine so a good idea to probably have a screenshot of that if you're performing some backup documents I also took a screenshot of the current sequel server version so this can be helpful to know what was currently running before the backup and recovery so in our case there is a helpful website that let me try to bring that up really quick here we go so sequel server builds blog spot.com if you just want to try to analyze like what your current install version is with what what does that actually translate to so in our case it looks like it ends in 305 or 3-0 to 5.3 4 so for example if we came over to our website so 3:02 5.34 so we could quickly search out and we can see that we currently have sequel server 2017 Kumal update six now in the event that you wanted to recover to a new upgraded operating system and/or sequel server instance number so maybe you want to go from sequel 2014 to 2017 as well as maybe Windows Server 2016 to 2019 for example it is supported to do a in-place upgrade when you're doing your backup and recovery so for example we can use the backup and recovery to perform a sequel upgrade so you could go to a new major version and that is a supported upgrade scenario next thing is just the disk layout so just understand kind of you know what's going on with my current disk on my site server in a UNC share so all the default ones we can kind of ignore so these will all be recreated within the SCCM reinstall this sources one this is the one that's custom that we made sure that we backed up and then these three are related to wsus so they're going to automatically be restored when we reinstall w sauce and restore our content folder so that looks pretty good here and then finally I just took a screenshot of my site server that we're gonna be backing up and just the current roles that we had installed for that so just understand what was previously there to make sure that we know how it's going to recover alright so looking at the log output from that batch file it looks like we are now complete so let's go ahead and take a quick look at the backup directory that we had here so there we go we can see that we have our content library we have our sources and our wsus folder that we included in that robocopy so this would of course rerun every time that site maintenance task kicks off which would be Monday Wednesday and Friday and it would copy any new content that might have been added to the content library the sources or wsus folder so that looks good now so that that would cover if you wanted to do the default site maintenance task that would kind of be what that will look like so we've got our task that does our database the seedy latest as well as our custom robocopy using the after backup that bat that does any additional content that you might need to back up now for wsus if you wanted to back that up and recover that if you were running a software update point roll on your site server you would also want to make sure that you set up a sequel maintenance plan to back up the database for wsus because that would not be included in the default site backup tasks that includes the SCCM database so just taking a quick look here so the cmp are three that's our site database got backed up using the default site backup but we still need to get our wsus database and depending on if your report server is installed on your site server you might want to also back that up primarily if you had any type of custom reports if you're using just the default out-of-the-box SCCM reports there wouldn't really be a big need to back this up because when the SSRS role reinstall us it would just recopy all those reports anyways but if you did have custom reports probably not a bad idea to go ahead and backup that database so in order to back that up we'll go we're gonna go ahead and go down here to management and then maintenance plans now in order for our maintenance plan to run we do want to make sure under our sequel server configuration manager that the sequel agent is set to start up automatically so by default if you just left the default sequel options this might be set to manual so you want to make sure that that's automatic so that you can perform a backup since that runs under the sequel server agent account so we're going to go ahead and do a new maintenance plan now this could also be so if you if you wanted to use the second option for SCCM to just backup the database directly using a sequel maintenance plan instead of the default site maintenance tasks this would be the same option and within this wizard I'll actually include the wsus database as well as the secm database so this could be the option two that you could use to just do a native sequel backup if you wanted to use that method instead so I have already created a folder within my backup for this UNC path called sequel backups so we're gonna go ahead and copy that path and we'll just call this backup so we're gonna perform a full backup and we are going to run a cleanup task so these are the two options that we need here we'll do next here the databases that we want to backup in our case we are going to do our SCCM database now if you were using the site maintenance task you of course would not have to do this using the sequel maintenance plan we're doing here this would be just if you wanted to use this method instead of that and of course we do want the sus DB because that would not be included regardless so we want to make sure that we have a maintenance plan that's going to back that up in my case I don't have any type of custom reports so I could just rebuild that I don't see a need to backup the report server database there you go now under the destination we want to change that from the default backup path which is most likely local to that UNC path now you will need to make sure that if your sequel server account that's running the agent the sequel server agent if that's running under a custom account you need to make sure that account has right permissions to that UNC share so in my case I am using a domain account and I've already assigned that permissions so that looks good it's going to be a dot back for the file extension of the database for the options I think I'm okay with just leaving all of the default options here and we'll do next here now for the cleanup we're going to say that we're going to clean up and delete backup files within our backup folder so we're going to paste that same path we're gonna automatically delete any of the backups so we want to include that dot back extension because that's how they get backed up and we're gonna say if they're older than two weeks old so essentially we should be running three backups a week so this should retain about six database backups before they start getting purged out go and let me just see if I actually set a schedule here I missed that option okay so I did miss the schedule option so we're gonna go ahead and run this on Monday Wednesday and Friday just like the maintenance plan we had that looks good and let's just say we're gonna start this at 4:00 a.m. now you you know if you did want to go this route instead of SCCM site maintenance tasks you would only have to do this one and disable that maintenance task so it looks good so we've already got our there we go we've got our database backup let's just verify that retained Oh looks like it over read it so let's go ahead and select that again paste in our UNC path we're gonna say we want to automatically delete any of those backup files that are older than two weeks and that looks good now if you want to write out the log file for this task - like a standard path you could change that from the default path if you wanted to so we do next here and then finish all right so just to validate this works we're going to go ahead and kick off the first one so we're going to go ahead and click execute and let's just see if we have our database files backing up here all right there we go it looks like the backup is now complete we have our SCCM database as well as our WCS database and it saved out to that UNC path so that looks good now let's say you did want to go with that second method for performing your backup if we go ahead and look at my scripts we do so in addition to that after backup that I do also have this custom backup the only difference between the custom backup and the after backup that we're using with SCCM is we are doing one additional folder copy so we're copying that CD dot latest folder and we're backing that up to our UNC path all right so let's say that we wanted to disable that default maintenance task so let me go over here let's say you just you you know you want to use the default sequel backup because it's better compression you have a little bit more flexibility over that so let's come back to our site maintenance and let's say that we decide we want to go with option two so I'll just disable that and essentially what we're gonna do is we're still just use a simple batch file that's as good as anything else we're just doing a simple robocopy so we're gonna go ahead and copy this custom backup and I'll include all of these script files within the video description as well so I'm just going to go ahead and copy this to my D Drive and we're gonna run custom backup here we go so let's say that you wanted to run this on a schedule as well we could just create a simple task scheduler so we're going to go ahead and create a new basic task and just call it SCCM content backup we're gonna run this weekly we're gonna run it Monday Wednesday and Friday just like our sequel backup we'll run this one at 5:00 a.m. instead of four so we're gonna just start a program we're simply going to run that batch file so just paste directly into that and we are going to open the properties after this as well so instead of running this under my account and when I'm logged in we're going to say we want to run it whether or not a user is logged in and with highest privileges and instead of running it under my just an account we're gonna go ahead and run this under the computer account or the system account that's gonna run it since we've already defined the computer account has permissions to that share we'll just use that system account to run this so this one would get automatically kicked off and this could be essentially a replacement of that after backup dot bat that would be run in the site maintenance and this would run automatically based on this scheduled tasks so just like the other one you know it's going to log out all the robocopy so if we go ahead and look back at our backup folder there you go so this one is saving to the custom backup folder so we basically have our first option which use the site maintenance tasks so that was the default site backup here and then the after backup saved it to pr3 backup content and then we have our new custom backup which is going to be this folder here so that's basically option one and option two here and then in addition we have our sequel backup that included wsus but we also just did a backup of the SCCM database so this would be option two if you didn't want to use SCCM so this could include both of those so we'll wait for this to copy and then we're going to go through the restore process alright so our backup just completed so like we can see really the only difference between this backup is that we just included that CD dot latest folder within the back up to this UNC path so that's really both options so we have our backups there so what we're going to do now is let's go ahead and wipe this server alright here we go so here's our site server instead of booting to our hard drive we're gonna go ahead and pixie boot one of our other SCCM sites should go ahead and give this a pixie boot for our boot image and then what we'll do we're just kind of reimage and format the drive alright here we go so just within winpe instead of actually running a task sequence just because I don't have one for Server 2019 now I'm just going to use this winpe to go ahead and format the drive so we're going to go ahead and run a disk part and we'll go ahead and list disk so we can see all these different discs so we're going to go ahead and select disk 0 and we're going to clean it so that's basically gonna we go ahead and do a notepad here we can see that we no longer have a C Drive so we're no longer going to be able to boot this machine so let's go ahead and log out here and I'm going to go ahead and mount the server 2019 I so go ok on that start up here alright so I'm gonna go ahead and just walk through the imaging of this device for this server now if you did want to bring up a brand new machine side-by-side you could simply shut down the other machine in my case I'm just gonna reuse this VM alright one thing I do want to mention when the new server is up and reinstalled we do need to make sure that the hostname is the exact same as the previous site server so we're going to name that SCCM three we're gonna reboot and then go ahead and join the domain alright now before I join I am just gonna go ahead and clean up the old site server computer account so this will join as a new fresh object instead of reassociate entwine so let's go ahead and join this machine there we go so SCCM 3 we'll go ahead and reboot so then jumping back over to my domain controller we should see that we have this new machine here there we go I'm just going to go ahead and put it back in the oh you that I was in now we do also have a computer group for my SCCM site servers this contains all the computer accounts for any site servers so I'm going to go ahead and add that new computer object within here and then go ahead and add that now if we remember if you've followed any of my videos and you looked at the initial installation video we assign this site server computer security group permissions to the system management container so that's going to be where SCCM publishes the details about sites so since we rejoined that object into that group we should automatically have permissions back in to publish any site data into the system management container so this looks good all right so we are back logged in we are now on SC cm3 so this is essentially the new site server that we're going to restore it's now running server 2019 so we're gonna upgrade from our old site server running 2016 to 2019 the first thing that I want to do is go ahead and get microsoft.net 3.5 installed now I'm going to go ahead and do my alternative path here so I do still have my ISO mounted for server 2000 so if we go ahead and open this I still have it mounted for Server 2019 so I'm just going to point out to the sxs folder that contains the installation for dotnet 3 so we'll go ahead and install that that's gonna be one of the first prove requisites and then we'll go through and get sequel install it get is installed and then get wsus reinstall it before we perform our recovery alright so the installation of dotnet 35 is done I'm going to go ahead and install our is using a PowerShell script this will also be included in description but this is just going to install is as well as the is for all services that we need to install there we go I think I pasted that wrong so that's going to go ahead and install is while we're waiting for that we'll go ahead and get the ADK started so we're going to install the Windows 10 18:09 ADK now we need you SMT and the deployment tools now if you want more details about the core installation check out the initial video I did for setting up a CCM I think it's the first guide in my series that does go into more detail about all these prerequisites I'm doing and why we do them but for now we're just trying to get all the the requirements in order to do the restore alright so that part of the ADK is done next we're going to install the wind PE portion of the ADK so we'll do next here next here defaults in we're gonna install wind PE go ahead and do YES on that looks like is just completed so that looks good so while we wait for the ATK and the next thing that will kick off is sequel but before we do that I'm gonna go ahead and bring all the discs online so since we basically reused the previous machine we still have all the discs that we had for the previous installation so I mainly did that just to be lazy so let me go ahead and just bring these all online and they should have basically the same partitioning and the disk name as the previous server since we only formatted the disk 0 and bring these all on all right there we go so that looks pretty good so let's go ahead and take a look at this computer and we see that we have a very similar dis structure as what we had before now what I'm going to do is go ahead and delete all of the content for all of the previous server files that were here so we'll go ahead and get rid of all that to make it like a clean machine alright so the ADK is done we've now got all the content removed from all these discs so we're now ready to go ahead and reinstall sequel so we're just through a similar installation we're going to the sequel 2017 installation so I'm going to go ahead and walk through that and get that all installed in the background all right so the database engine service is now installed now we're going to go ahead and get the sequel management studio installed so that is a separate installation with sequel server 2017 so we're gonna go ahead and launch that and get that running all right so the management studio is now installed if we take a look back at the screenshot that we did before the recovery we can see that we did also have the reporting services Point installed so sequel reporting services is also a separate installation from the core sequel 2017 install so I did go ahead and pre install or pre-download the reporting services and we'll go ahead and get that installed as well all right so that installation is done so we'll quickly run the configuration wizard just because we will have to define our web service URL so we'll go ahead and apply that otherwise when SCCM tries to reinstall the reporting point if we don't pre-configure our reporting point through the configuration manager here it will not be able to configure it so we'll go ahead and see if we can create this new database now if you did want to recover a database if you did have custom reports this is also the wizard where you can go through and choose that database that you restore so we'll go ahead and create that there we go and then finally we just need to create our web portal URL and then we'll apply that all right so at that point we have sequel reinstalled now before we can install the latest criminal update which is criminal update 12 I haven't thought that or I have pre download of that we will have to go ahead and restart this machine otherwise when we try to install the Cu it will say there's a pending restart alright so we're going to go ahead and install the Kimber update 12 for sequel 2017 just to make sure we're at that latest patch level alright so that is currently upgrading now while we wait for that the upgrades in sequel management studio shouldn't be part of this in 2017 let's see if we can go ahead and get that open actually I probably will want to wait for this instance to upgrade before I try to connect to it so we'll wait for this patch to install all right so that installation is now upgraded so let's go ahead and connect into sequel alright so here we go we can see that we have just the default report server database that we created so what we're gonna do is go ahead and restore the backup of wsus so let me go ahead and look back at our backups sequel backup so here we are so we're gonna right click our databases and choose restore file or file groups our to database is going to be sus dB that's the name of the database that we want to restore to and our from database we are going to choose a file so if we go ahead and browse out we'll paste in that UNC path and then we're going to select that sus DB backup the dot BAC file we do ok on that select that database to restore that looks good now under options it looks like it might have retained the previous data path which I believe is correct so if we look at the H drive that is the drive that I dedicated to my W sauce database it looks like it must have retained that from the backup so that is in fact the that we want to restore to so that all looks good a file and we do okay and that should recover our wsus database there we go so we're refresh that now for this scenario we're going to go ahead and just restore directly the config manager database so we're going to assume that we're using option two where we had our database backup in place and we're just recovering using that database backup so let me go ahead and copy that path again now within the recovery wizard it we will go through basically both options of what you would see if you were to do a site recovery using the default task or just the database only so we're going to go ahead and restore this to CM underscore I believe it's actually PR 3 for this site let me just rename that we're going to go ahead and add that backup file so there we go it is CM underscore 3 was our database name that looks good we'll do OK on that choose the database that we just added under the options it's going to be adding our database file to the EE Drive and then our log file to the F Drive so that should be the same exact folder structure that we previously had so our Y Drive is our MDF that looks good and then our log file should be going to F on the database folder so that all looks correct so we already have that same folder structure so we'll do OK on that alright so the database is now restored so that looks good we do a quick refresh here there we go so that looks good now the next thing we'll do is jump back out to that backup folder and within my scripts I do have a custom restore script so this is essentially the exact same as the copies script except instead of the robocopy using the source we initially copy from the UNC path to our local drives I just swapped these two around everything else is exactly the same so let me go ahead and run that run his admin all right so it looks like I had a small typo in the UNC folder name so let me go ahead and try this again there we go so now we have robocopy let's go ahead and grab CM trace let's go ahead and copy that over set that to our default all right so now we can see all the data getting restored so it's currently working on the content library so it's bringing it back from that UNC backup and just bringing it back to this local machine so we'll pause it while that goes through and creates that all right so it looks like the content library is now restored if we look back on the J Drive it looks like it's currently restoring wsus okay it looks like that's already done now for the CD dot latest I'm restoring that just to the D Drive so that's just going to restore it locally to D and we'll use that for the reinstallation and then the last folder was the sources so while we have that already restored I may go ahead and share that out just because it was our shared path for our content before so we'll go ahead and give everybody full control for the share permissions and then for NTFS we'll just make sure that we have our administrators users we'll leave that in there with read access you could edit that as needed and our system account of course needs control and that looks good all right so the restore of content is now complete I'm just going to do a few small memory optimizations just so we don't get the warning when we go to reinstall it I'm gonna set the men to at least 8 gig of sequel and then we'll cap it to 12 gig based on this current server configuration now if you want more details about this check out my first video about installing secm we go pretty deep into the specs of what we should do here as well as all these different disk layouts that I'm using and more details about why we do that all right now finally we're going to go ahead and reinstall wsus so we're gonna go ahead and do next here next here we'll choose wsus and go ahead and accept any of the additional services that it needs now we of course want to use our sequel database not Windows internal so we're going to choose sequel server for the content path so we're gonna go ahead and copy the WCS content folder that we restored so this has all the data for those third-party updates that we had published so we'll do next here now for the database we're going to go ahead and connect to SC cm3 contoso dot local now I do want to point out in this scenario we did upgrade from Server 2016 to 2019 it's not a technically supported scenario from the product group to perform a recovery from a previous operating system so if you wanted to go a supported route that's been tested now I've done this a few times it seems to work great in the even within the post configuration script we can see that it detects that it was a previous version and actually runs an upgrade portion but it's not officially listed as supported in the WCS Docs anywhere to perform a backup and recovery from a sequencer or from the wsus running in a previous OS and restore that database to a new one so if you did want to upgrade the OS like I did here and you wanted to go a supported route you might be better just not recovering the WCS database and just let it rebuild and resync with Windows Update and if you did have any third-party updates you would just have to republish those to wsus all right so the initial configured and run the post installation tasks so if we go ahead and look at the log file for that installation it's going to be the temp directory for your user there we go w sus post install here we go so we can see that it's currently running that task let me see if I can find the part that I wanted to show you here it looks like that's still running all right it looks like the post install completed let me take a quick look here oh you know what it showed it as a fresh install instead of an upgrade because when I recovered the database we can see that I type sus BD instead of dB so let me go ahead and uninstall w sauce and delete this database all right so after to remove what looks like there is a pending restart so let's go ahead and perform that all right so we restarted with W sauce uninstalled so I'm going to go ahead and delete the sus t be that W sus created so we're delete that okay alright now let's go ahead and rename the W sauce database that we restored but we just had a typo so instead of BD it should be DB Wow there we go so sus DB that looks good so now we're going to come back in here and let's launch our W sauce install and this time it should go ahead and reuse that migrated database that we had backed up and performed the upgrade so we're gonna go ahead and choose sequel connection browse out to our path okay she's our sequel server here locally and then do next and then install right let's launch that post install task go ahead and launch that log file so it looks like it is performing the install here we go so here we can see that it detected the database already existed and it's going ahead and doing the upgrade so even though it's not officially documented it seems to work but if you did want to go a truly tested and supported scenario if you went from a previous major version of an operating system and you went to a new one like 2012 to 16 or 16 to 19 for example and you had your software update point and WCS installed on your site server you would probably want to just start with the clean one but just to validate things are working let's go ahead and open the WCS console and we should be able to see if we have all the synced updates that we previously had from that restore all right so let's look at just like any update and then any accept/decline and do a quick refresh so we can see we do have some of those third-party patches as well as some of the Microsoft ones that we had in our previous site so this looks good so in our instance we are using HTTP so we will want to make sure that we go ahead and request our is certificate from our certificate authority now if you're just using HTTP this could of course be completely ignored but if you do want to learn more about PKI within SCCM there is a separate guide that i'll include there but basically we want to go to our template that we've already issued to our site server group and go ahead and request that and we're gonna go ahead and add our dns alternative name for SCCM 3 and then we'll go ahead and add SCCM 3 dot contoso dot local now if you don't have the certs installed before the recovery and you had your site in HTTPS mode it would just fail to reinstall the NP until you actually initiated that cert and had it enrolled so now that we have our certificate we will go ahead and open up is and then we'll just get that bound to our default website as well as our ws website so under the default we'll go ahead and add a new HTTP binding and we'll choose that is cert and then okay for wsus I did also have my W sauce within this environment set for HTTPS so we'll go ahead and bind that to port 8 v 31 for W sauce we can run a quick test just by browsing out HTTP /s CCM 3 since we included the hostname as well as the fqdn we should validate that it is in fact using that cert all right so that looks pretty good so let's go back and launch our SCCM install now there's probably a couple of warnings that I'm going to get with sequel configurations being in native and sequel authentication mode but for the most part I think that we should be ready to reinstall with most of the prerequisites ready to go so in our installation we are going to choose the recovery site option all right so these are where we have the options that we can perform so let's go ahead and browse out to where we had our backup so if you wanted to use the native maintenance task you would essentially point out your backup for the site server to the backup folder and also for the database and that's going to copy the database and install that to sequel and it's going to also use the existing backup now in our case we're gonna go ahead and choose to reinstall the site server because we're going to perform the sequel backup only and assume that we went with option 2 now we're gonna choose to use a site database that has been made you leave recovered and then let's go ahead and choose next we're gonna recover a primary site and it's going to be s CCM 3 dot contoso dot local let me take a look there and said it was caz [Music] all right so this was just a little tricky for me if we're just doing a primary site and you were not in a caz you can simply skip over this option right so reinstall the site server use the database that has already been manually recovered we're recovering a primary site in our case it was not part of a caz so we can simply just click Next here for this one I'm just going to do the evaluation for 180 days this is where you could re-enter your license key the next here and then accept now I have previously downloaded so if we look at the prerequisites and our downloads this is where I already downloaded those just to save some time so I'm going to choose that option and go ahead and choose that alright now since we weren't with option two to recover the site and do a clean or reinstall the site we do need to basically specify the exact same site code your site server and the hostname that was previously used with this site that we're recovering using that option 2 where we're not using the maintenance task now if you did define and you wanted to use the maintenance task recovery option for that backup it would just pre fill in the site code and everything for you in my case our site code was PR 3 our site name was site PR 3 and I might go ahead and use the same installation directory that we had before so that was d microsoft configuration manager well there we go so that's just going to reinstall it to that d drive we are going to install the console that looks good our site server is going to be just this machine here here's our database so we should be able to detect that we already have that installed now this does come up like it's gonna recover the database this should essentially be ignored but I'm just going to go ahead and paste in the sequel database path for the MDF as well as the log file but since it's already there it should basically just read that and that really shouldn't affect much so we'll go ahead and do next here and look at the prereqs there's probably gonna be a few things around sequel authentication mode maybe a few other minor warnings that I may have not configured alright that looks good I think I'm okay with going ahead and proceeding with the current configurations these are just warnings so we'll go ahead and click on begin install and we're going to open up the log file so this sees setup config manager dot log and we'll kind of monitor to see if our recovery is successful here so there we go if we look back we can just take a quick look and see that it was able to connect to the database so that all looks good there it is we can see it ran a few stored procedures just to reset everything for the recovery so this is looking good so far looks like now we're copying some of the boot files and the installation files alright so looks like the a lot of the key components are now installed but when we see that it installed the site component manager that's the component that handles the installation of all the site system roles so if we look back on our SCM log files and we look at this site comp dot log this is where you're gonna see a lot of the other site system roles that are gonna start getting installed so for example we can see that the SMS Executive is starting to install so this is where the management point the reporting services point so if you want to get more details after the core installation shows that it's complete here in a few minutes you can monitor the site comp log to make sure that all of the site system roles that are being reinstalled in the components all seem to be in recovered okay as well all right so we can see the core setup is now completed so that looks pretty good here so coming back to our site comp log we can see that it looks like we are currently installing the management point role so the initial kind of post installation tasks are going to be handled through site comp so we can go ahead and click Next here and there are going to be some accounts that we need to manually recover the password for so here we go so here's from the recovery documentation it's just saying you know there's going to be some post actions that are going to be saved to the C Drive so things like reentering account passwords etc so we'll go ahead and click Next here and here's our report of things that we would have to manually set the password for and whether there are any SEC M hot fixes that would have to get reinstalled now let's go ahead and take a look at the C Drive just to validate that HTML document is there there we go so that looks good so we do know the exact accounts that we need to configure as well as any hot fixes if that was applicable so first thing we'll go ahead and quickly get those set for us so let's take a look and see if our console is here yet okay looks like the console is up and running so the first thing we want to do is set the account on that sequel server reporting services point so here we go here's that account that was defined so let me just go ahead and click on new account and we'll just type in that same name but then we'll just enter that password to make sure that we recover that password okay so there's the first account the next one is going to be our client push account so let's go ahead and configure that so that's done under sites settings configure client installation settings and client push under the accounts let's just go ahead and delete that and then we'll go ahead and add a new account and then SCCM underscore was it client push no maybe I just pushed there we go so we will go ahead and set that password click OK and then the last account that we need to re-enter is the network access account for OSD so SCCM underscore naa is the account I use for that so that's under site configuration configure site components software distribution and then our network access account that would be used for OSD so we'll go ahead and remove that create a new account paste in that account and go ahead and get those credentials in and then okay and then okay so that should have been the manual configurations that we had to do with restoring the account passwords that looks good let's go ahead and open that up again so those should be complete and then we should be able to go ahead and close that all right it looks like a few of the other components are just finishing up now but if we look at our MP setup log it looks like the management point reinstall was successful since that was running on our site system so I think the majority of the roles are back up and running and reinstalled we'll just kind of wait a few more minutes to see the additional ones that are coming through our site component manager and getting reinstalled just to make sure everything looks ok and we don't have any failed alright so all the components have now been installed the log files kind of died down I did run a quick comparison so if we take a look at our backup let me grab that screenshot that I was looking at over there okay so under documentation the UNC shares so this is our pre restore and now if we take a look at our SCC M shares now we can see that they've pretty much aligned exactly alike so we have our sources we have just the default wsus content that got shared out as well as just all the native SCCM directories that would be in within here so looking back at our console we can see that we already have our clients talking to our management point showing it as active so this is a really great sign you know you should have all your device collections take a quick look at our software update groups we have our two software update groups we had we should of course have all the software updates that show exactly the same same thing with any applications and packages just kind of verify that things are looking good there and then probably the next thing just kind of look at your monitoring and your site system just make sure that your status looks ok there's no errors and if there are just make sure that it's not related to the restore that you that you did so this all looks good I mean we've done our restore and at this point we're back up and running in our site so I think that was really all I had to cover I know this went pretty long but hopefully it was helped

Info

Channel: Patch My PC

Views: 16,069

Rating: undefined out of 5

Keywords: SCCM Backup, SCCM Recovery, ConfigMgr Site Backup, SCCM Backup Site Server, How To Backup SCCM, Backup Configuration manager, Recover SCCM, Recovery ConfigMgr

Id: puQyt3aJsmY

Channel Id: undefined

Length: 70min 11sec (4211 seconds)

Published: Thu Dec 13 2018