Protect Your Ass, Redux

Another flaw in the human character is that everybody wants to build and nobody wants to do maintenance.  - Kurt Vonnegut

I've written several times about the importance of having a serious backup strategy for your production web server, mostly about ways to backup the Registry. But there are a few other components of a good emergency recovery strategy that are important as well.

A significant percentage of developers and webmaster / administrators run production sites on production machines and have no reliable backup strategy for the components of the machine that are critical to the successful operation of IIS. The mere fact that up to now you haven't had a production server blow up on you may actually have increased the statistical likelihood that you will experience such a failure!

The three critical components to be protected and backed up -- with an easy path to restore them - are the Windows Registry, the IIS Metabase, and the .NET Framework machine.config file.

Why do you need to do this?  Simple:

  • You could have a power failure or some similar glitch that occurs while the Registry is being written, rendering it corrupt.
  • Some third party (and even some Microsoft) software may not uninstall correctly, leaving Registry baggage behind that renders IIS inoperable.
  • Some software may not uninstall correctly, leaving the metabase file and / or your machine.config file in an unstable state, or leaving them as malformed XML, which will prevent IIS from functioning.

Any one of the above glitches can leave you with either a machine that won't boot, a machine that boots but doesn't run correctly, or an IIS installation that no longer works. If you do not have a reliable way to "go back" on these files to a time when the system was stable and working, you're toast.  Add to that the stress of running a public or large corporate intranet site that no longer functions, and you have bought yourself big problems. Hey - if you are the kind of person that just thrives on stress, stop reading now!

The Windows Registry

The most reliable way I have found to back up the Registry is Lars Hederer's ERUNT. Accept the default installation features, and it automatically backs up your Registry to a dated folder under C:\Windows\ERDNT\AutoBackup each day your machine is rebooted.  Simply execute the ERDNT.EXE file in that folder, and your Registry from that date is restored. Reboot, and you are fixed. You can even execute this file from a Recovery Console window if your OS won't boot. ERUNT runs on all versions of the Windows OS, including 64-bit versions. It's saved my butt several times; I won't run a Windows machine without it.

The IIS Metabase

In IIS 6.0, the metabase is an xml file that is located at  C:\Windows\System32\inetsrv\config

IIS7's "metabase" is actually an XML configuration file that should be very familiar to you since it is similar to ASP.NET's web.config. It is called applicationHost.config and is located in C:\Windows\System32\inetsrv\config

You can easily back up the IIS Metabase  or the machine.config file with a simple batch file, and by adding it to the Startup folder in your ProgramFiles, this file will be automatically copied to a dated file in your backups folder. Example batch file that backs up both files:

@For /F "tokens=2,3,4 delims=/ " %%A in ('Date /t') do @(
    Set Month=%%A
    Set Day=%%B
    Set Year=%%C

copy C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config c:\backups\machine.config_%Year%%Month%%Day%
copy C:\Windows\System32\inetsrv\config\applicationHost.config c:\backups\applicationHost.config_%Year%%Month%%Day%

REM SEE C:\Windows\System32\inetsrv\History for backups of the IIS 6.0 Metabase


You can create a shortcut to your batch file in your backups folder. Then in Start / Programs / Startup, right - click and choose "Explore". Drag your shortcut from the one Explorer folder into the Explorer view of the StartUp Programs folder. Reboot your machine, and you'll see your backup files. There are other ways to run files on boot without a user having to log on to the machine, they involve registry settings and I don't cover them here.

NOTE: To access backup and recovery tools for Windows Server 2008, you must install the Windows Server Backup, Command-line Tools, and Windows PowerShell items that are available in the Add Features Wizard in Server Manager. This installs the following tools:

• Windows Server Backup Microsoft Management Console (MMC) snap-in

Wbadmin command-line tool

• Windows Server Backup cmdlets (Windows PowerShell commands)

Each of these commands or batch files can also be set up to run under Task Scheduler, say once a day or once every 3 days, whatever makes sense for you. In this case, the tasks will run automatically and nobody has to log on to the box.

Don't say that all this is a "great idea, I'll get around to it". Just do it! I hope you don't have to thank me later. But -- you probably will!