Zmanda Windows Client Users Manual

Unattended Windows Client installation/uninstallation

If you are planning to install Windows Client on multiple machines, you should record the user input for playback. Using the user input recorded file, you can install Windows client using command line on multiple machines in an unattended manner.

To record user input, run

setup.exe /r /f1<recording file>

The recording file will contain all user input for playback.

Windows client installer can read the user input recorded file from the same directory. Alternate location for user input can be provided using /f1 option. The installation log file will be created in same directory (default: Setup.log). Alternate location for the log can be provided using /f2 option. An example command for replaying user input from C:\Temp\Setup.iss file.

setup.exe /s /f1"C:\Temp\Setup.iss"

The command will complete before the installation or uninstallation process is completed. Use /WAIT flag if you want the setup.exe command to wait for the process to be completed. For example: Run the following installation command that will wait till process is completed in Windows command shell

start /WAIT setup.exe /w /s /f1"C:\tmp\Setup.iss''

The Zmanda Windows client zip archive file (downloaded from Zmanda Network) provides default install.iss and uninstall.iss that can be used of unattended installation and uninstallation. This example setup files assumes
1. Zmanda Windows Client will be installed in the C:\Program Files\Zmanda\Zmanda Windows Client folder. The amandabackup password will be password
2. Zmanda Windows Client uninstallation will not preserve configuration data.

Installation Troubleshooting

If the installation failed for some reason, the ZWC installer rolls back the installation to the last working configuration.

The installation program logs messages to the following locations:

• The Windows $temp directory (MSIMM:DD:HH.txt) The MSI-generated files are named by date and time rather than by the software being installed.
• Successful installation messages are logged to C:\Program Files\Zmanda\Zmanda Client for Windows\Debug\LogFile.txt
• Installation failures are logged to C:\zwc_install.log.

Installation can fail for a variety of reasons. For example, the user set a Password not conforming to Windows requirements, or running the installation program without the necessarily permissions. The log messages will explain what went wrong.

Changing the Location of the Installation Data Directory

The Windows Client Installation Data Directory contains following critical folders:

• C:\Program Files\zmanda\zmanda client for windows\MySQL\data is where the catalog file(s) are stored. If you move these files, the new location must be specified in the ZWC my.ini file. This database stores the list of files backed up along with their metadata. This information is stored between full backups so that files already backed up are not included in incremental backups. A full backup of a directory will cause all the information stored about earlier incremental backups to be removed (and hence the database size is reduced). The size of the database is directly proportional to the number of files in the directory or volume being backed up. We recommend at least 1GB of disk space allocated for the catalog.
• C:\Program Files\zmanda\zmanda client for windows\misc is where the backup set header files are stored. This location can be changed using the ZWCConfig utility.

The database stores the list of files that are backed up and their meta data.
This information is stored between full backups to track what was backed up and
determine what should be backed up in incremental backups. Doing full backup of
the directory will cause all the information stored about earlier incremental
backups to be removed (and so database size will be reduced).  

The size of database is directly proportional to number of files in the
directory or volume being backed up.

If you find that the ZWC installation folder runs out of disk space while processing backup sets, you can move location of these files. There are two methods of doing this:

• By uninstalling ZWC and re-installing it on a different volume (preferred).

• By manually moving the catalog and backup set header files and editing the my.ini file and Windows Registry to specify the new locations (see the steps listed below).

1. Use the Control Panel to stop both the ZWCService and the ZWC-MySQL services.
2. Move the data directory under ZWC_Installation_Directory\MySQL\Data to the new location. For example, move C:\Program Files\Zmanda\Zmanda Client for Windows\MySQL\data to F:\MySQL\data
3. Open ZWC_Installation_Directory\MySQL\my.ini and put the following entry under the [mysqld] section:
   
   ----------------------------------------------
   [mysqld]
   datadir=SQL_data_dir
   
   ----------------------------------------------
   where SQL_data_dir is the new data location.
    
4. Run the ZWCConfig utility. In the Advance tab, edit the location of temp dir.
5. Start the ZWC-MySQL service.
6. Start the ZWCService service.

Backing up Windows-Mapped Drives

The Zmanda Management Console can back up mapped drives on a Windows client provided the drives have been mapped from the 'amandabackup' account on the Windows machine. This constraint is because XP, Vista, Windows 2003 server drive letters are not global; different users can map different directories on different servers to the same drive letter. For further information, see the article "Backing up network mapped drives on Windows clients" on Zmanda's Knowledgebase.

Restoring to Windows-Mapped Drives

The Zmanda Management Console can restore to a mapped drive. The pre-requisites for restoring to a Windows mapped drive are the same as that for backing up the Mapped drive. See the knowledgebase article for requirements.

You can restore the data backed up from mapped drive to original location or to another mapped drive (alternate location). In ZMC Restore Where page, select the following options:

Original Location:   Restoring data backed up from mapped drive to original location.

Alternate Location:  To restore to an alternate location, use the Windows Folder option in the ZMC Restore Where page. Specify the Mapped drive letter or a path in the Mapped drive where the data needs to be restored to. For example: Z:\ or X:\test.

Backing up Windows Applications

If you have purchased and installed the relevant Zmanda licenses, Amanda Enterprise can perform intelligent backups of selected Windows applications such as Exchange and Oracle. These backups use Microsofts VSS (Volume Shadow Service) to capture a consistent copy of the database(s) in question.

Refer to the Zmanda Application Modules User Guide for further details.

Backing Up Hardlinked Files

If only one of the hardlinked files is present in the backup set, then the information about its other hardlink files will not be backed up. Also at restore time, if only one hardlink file is selected for restore, then its other hardlink file will not be restored. Please see this Zmanda Knowledgebase article for details.

Completing the Restore Where page for Windows Clients

Restoring to Windows-Mapped Drives

The Zmanda Management Console can restore to a mapped drive. The pre-requisites for restoring to a Windows mapped drive are the same as that for backing up the Mapped drive. See the knowledgebase article for requirements.

You can restore the data backed up from mapped drive to original location or to another mapped drive (alternate location). In ZMC Restore Where page (see the figure in the last section), select the following options:

Original Location:   Restoring data backed up from mapped drive to original location.

Alternate Location:  To restore to an alternate location, use the Windows Folder option in the ZMC Restore Where page. Specify the Mapped drive letter or a path in the Mapped drive where the data needs to be restored to. For example: Z:\ or X:\test.

Workstations

Workstation in this context means any Windows XP machine or any Windows Vista or Windows 2003 server machine which does not have Active Directory (AD).

• Boot Files:

• On Windows XP and Windows 2003: SystemDrive\NTDETECT.COM, SystemDrive\ntldr, SystemDrive\boot.ini (SystemDrive is usually C:).
• On Vista: SystemRoot\boot directory (SystemRoot is usually C:\windows)

• Catalog files: SystemRoot\System32\CatRoot\.
• MachineKeys Files: SystemRoot\System32\Microsoft\Protect\* and AllUsersProfile\ApplicationData\Microsoft\Crypto\RSA\MachineKeys\* where ALLUSerProfile is c:\Documents and Settings\All Users.
• Performance counters: perf*.dat and perf*.bak files in C:\windows\system32 on all OSs.
• WFP files: All dll and exe files that come under Windows File Protection (WFP). Usually the dll files reside in C:\windows\system32
• IIS metadata file if IIS is installed (applicable to all OSs).
• Certificate Database (Applicable to only Windows 2003 server that are Certificate Servers): files in C:\windows\system32\certsrv
• COM+ registration database.
• Registry: System, default, SAM, Security and Software files in SystemRoot\system32\config and additional Components and Schema files in Vista.

Domain Controllers

A Domain Controller (or DC) is any Windows 2003 machine with Active Directory installed. DC backups include all of the state information listed above for Workstations, plus the Active Directory database, log files, and Group Policy Objects (GPOs).

Windows System State Backup from the ZMC

To back up the Windows System State (which is always a full backup), choose Windows System State as the type under File Systems in the Backup What page of the Zmanda Management Console, and the following options are displayed:

Host Name

The Fully Qualified Domain Name (FQDN) or IP address of the Windows system to be backed up.

Encryption & Compression Options

Lists Encryption and Compression choices. See Enabling Encryption for Windows Backups for details.

Advanced Options - Estimate 

If estimates are taking too long and the databases being backed up do not change in size that much from backup to backup, use the the Historical Average calculated from previous backups. In most cases, the default of Reliably Accurate is appropriate.

After you have set the options, click the Add button to add the Winows snapshot to the backup set. You can then configure the backup set just as you would any other by setting the options on Backup Where, Backup How, and Backup When, etc.

Windows System State Restore from the ZMC

To restore Windows system state, specify the Initial Directory as SystemState in the Restore What page of ZMC.

Please note the following requirements and cautions regarding System State backup and restores through the Zmanda Windows Client:

• The System State backup source Windows version, platform (i.e. whether it is 32- or 64-bit) and Service Pack level must match those on the target system. For example, you cannot restore a System State backup taken from an XP system to a Vista system, nor can you restore a 32-bit System State backup to a 64-bit target even if the Windows versions match.
• If restoring the System State backup to the original source of the backup, you must restore all components of the system state using Express Restore option in the ZMC Restore Where page; partial restores are possible only to an alternate destination directory. The picture shows the error message printed when you are trying to restore few selected files to original location using Explore & Select in the ZMC Restore Where page.

• Windows 2003 Active Directory restores are non-authoritative by default. To perform an authoritative AD and SYSVOL restore, follow the steps here. The Zmanda Windows Client does not directly support authoritative AD/SYSVOL restore.
• For System State restore to a Domain Controller (provided AD is already installed), you must reboot the machine in Directory Services Restore Mode (DSRM), and then manually start the ZWCService using the DSRM or "Local System"account, then run the System State restore.
• If Active Directory is not installed, then Restoring System State does not require the system to the be in Directory Services Restore boot mode.
• Even if the System State restore is not to the original location, the OS versions must match. If the System State that contains the AD database & restore is not to the original location, then the System does not need to be booted in Directory Services Restore mode.
• If restoring to the entire system state to the original backup source, you must reboot the machine to complete the System State restore.

Creating and Managing Windows Templates

A Windows template is roughly equivalent to a backup object in the Zmanda Management Console, or a Disk List Entry (DLE) in Amanda. A template is useful if you want to back up different files and folders that reside on different drives as part of a single backup object/DLE.

In addition to specifying drives and folders for backup (which can be accomplished via ZWCconfig), you can also manually edit the template file to specify programs or scripts that should be run before and after the backup.

Templates created using ZWCConfig utility are stored in the template.txt file located in the \Misc directory of the Zmanda Windows Client installation directory on Windows XP and Windows 2003 systems, or %ProgramData%\misc in on Windows Vista, Windows 7 and Windows 2008 systems.

Template Name

Unique name of the template. Only alphanumeric characters and '_' is
allowed for a template name.

Files/folder to include

List of files and folders to be backed up.

Add

Opens a dialog that lets you browse for and select files/folders to back up.

Delete

Deletes the currently selected file/folder from the list of files and folders to include. Click on an entry in the list to select, then click Delete to remove it.

Templates

Lists the templates that have been created and saved to template.txt. Use the dropdown menu to select a template to edit, or select <New Template> to create a template.

Add Template

Click to add a new template.

Delete Template

Click to delete the currently-displayed template from template.txt.

<MyTemplate>
        <DLE_NAME>MyData</DLE_NAME>
        <DLE_TYPE>USER-DEFINED</DLE_TYPE>
        <FILE_LIST>
                <FILE_NAME>c:\data</FILE_NAME>
        </FILE_LIST>
        <PRE_BACKUP_SCRIPT>C:\preScript.bat prebackup.txt</PRE_BACKUP_SCRIPT>
        <POST_BACKUP_SCRIPT>C:\postScript.bat
postbackup.txt</POST_BACKUP_SCRIPT>
</MyTemplate>

Setting the Amanda Server

Click the Server tab to display server settings:

Server Name

The Fully Qualified Domain Name (FQDN) of the Amanda Backup server. To specify an IP address instead, you can leave this field blank and use the IP Address field instead.

IP Address

The IP Address of the Amanda backup server.  To specify an FQDN, you can leave this field blank and use the Server Name field instead.

Server List

This drop-down menu lists previously-saved Server Names that you can select for viewing and changing settings.

Add/Delete Server

Lets you save the current Server Name (along with its settings) to the Server list dropdown.

Click Exit to save any changes you have made and exit the ZWCconfig utility.

Changing the Log Settings

Log File Name

The name of the logfile (which will be stored in the \Debug subdirectory of the Zmanda Windows Client Installation directory).

Log Level

Range of 1-5. Increasing the level generates more detailed logs; decreasing the level results in more compact (but less detailed) logs. The default level is 2.

Log File Size (in MB)

Depending on the Log Overwrite setting (see below), when this file size limit is reached, the log file will either be renamed to NLogFileNumber.txt (allowing more recent information to be saved in LogFile.txt) or simply overwritten with newer information. If log rotation is enabled, older files are overwritten after the Log File Count is reached.

Log File Count

When log rotation is enabled (i.e., Log Overwrite is disabled), sets the number of logfiles that can be saved before older files are overwritten with newer log entries.

Log Overwrite

If checked, disables the rotating log feature (in other words, newer log entries will overwrite older entries in LogFile.txt after Log File Size has been reached).

Save

Saves the log settings currently displayed.

Reset

Resets all log settings to their default values.

Exit

Exit the ZWCconfig utility.

Advanced Settings

Data Queue Size

Set the number of buffers allowed within each queue of the ZWC messaging framework. Do not change from the default of 50 unless a different value is recommended by the Zmanda Support Team.

Temporary Directory

Sets the location of temporary files created during backup and restore processes. For Windows Vista, the default is C:\ProgramData\Zmanda; for other windows platforms it is the \Misc subdirectory of the ZWC installation.

Backup Port/Restore Port

Ports to use for backup of and restores to the Windows client.

Certificate to use for encryption

Select the digital certificate to use for encryption/decryption of backup data. Please specify the certificate's subject name in this field. The Zmanda Windows Client uses certificate-based Windows Encryption to secure the archive with RC4 encryption. For details on importing/exporting certificates to use for encryption, see Exporting a Certificate to Use for Encryption.

Password for user amandabackup

Update amandabackup user password if it has been changed since Zmanda Windows Client installation.

Save

Saves the advanced settings currently displayed.

Reset

Resets all advanced settings to their default values.

Exit

Exit the ZWCconfig utility.

When you exit the program, you are prompted to restart the ZWCservice, which is necessary for the configuration changes to take effect.

The Zmanda Windows client service can be also be manually restarted from the Windows services user interface (Administrative Tools > Services). An example services screen is shown below.

AES 256 bit encryption

The encryption pass phrase is set for each Windows machine. All backups done on the Windows machine are encrypted using the same key as long as AES 256 bit client encryption is configured on the ZMC.  

Windows administrator should set encryption passphrase using Zmanda Windows Client configuration utility (ZWCConfig). 

PFX Certificate based encryption

ZWC uses RSA RC4 algorithm for backup encryption. RC4 is RSA's standard streaming encryption algorithm. ZWC supports Windows PFX (Personal Information Exchange) certificates only.

The backup archive stores all encryption metadata information in encoded form including the certificate that was used to encrypt. The SHA1(secure) hash of the certificate is also stored in the archive.

ZWC can decrypt the backup image only if the encryption certificate (in the same form during backup) is present on the target machine. A renamed certificate of the same form will also be able to decrypt the files. User will be able to view the files (filenames) stored within the archive through Winzip and PKZIP Windows utilities, but will not be able to decrypt through these utilities. Only ZWC can decrypt the backup files.

The certificate to be used for encryption must be in amandabackup user's Personal Certificate Store as well as Trusted Root Certification Authorities. Validation of the backup set will fail if the encryption certificate specified in the backup set is not in the certificate stores. The procedure to add the certificate to certificate store is described in next two sections.

If you are using ZWC 3.0.x, ZWC used Zmanda key container to manage the private keys associated with amandabackup user. When amandabackup user is deleted or in Disaster Recovery situation, it is important to export the Zmanda key container and import it in the new machine. Exporting/Import Key container section discusses this procedure. This procedure is not required if you started data encryption starting from 3.1 or 3.3 release.

If you are using ZWC 3.0.x, the backup user amandabackup must have “Full Control” permissions on the following folders so that it can create Zmanda key container during backup encryption process. These permissions are not required for 3.1 or 3.3 release.

Windows XP and 2003 server:

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

Windows Vista, Windows 7 and 2008 server:

C:\Program Data\Microsoft\Crypto\RSA
C:\Program Data\Microsoft\Crypto\RSA\MachineKeys

For Disaster Recovery and restoring encrypted backup archives to another machine (not original machine), the encryption certificates must be available on the restore target machine. If you are using restoring encrypted backup archives created using ZWC 3.0.x, Zmanda Key container must be available on the restore target machine.

Exporting a Certificate to Use for Encryption

The Zmanda Windows client requires a Windows PFX (Personal Information Exchange) certificate to encrypt a backup. Windows PFX files are native certificate formats used in Windows. The certificate's subject name and friendly name must be the same. If it is different, Zmanda Windows Client will not be able to use it for data encryption.

To export a certificate that the ZWC can use for encryption, follow these steps:

1. Decide which certificate to be used for encrypting backups. Without the certificate, backups encrypted using the certificate cannot be restored. Please keep the certificate securely as part of backups.
2. This step is not required if you already have the certificate pfx file. Export that certificate to a location. From the Windows Start menu, click Run and enter
   
     certmgr.msc
   
   Find a certificate to export, double-click it, then click Details. Choose the Copy To File option, which will let you select a location for the exported certificate. When exporting the certificate, make sure that:
   
   -the Yes, export the private key option is checked
   -the Delete Private Key if export is successful option is left unchecked
   
   After the file has been saved, close the certmgr.msc utility. The exported certificate should be in a folder that is accessible by the amandabackup user.
3. Log on to the Windows client machine as the amandabackup user and import the certificate by double-clicking it from the file manager. 

Double clicking the certificate pfx file will start the Certificate Import Wizard.  The password used to protect the private key must be entered. Make sure the Mark this key as exportable option is selected. See the above screen figure. Place it in a certificate store. It should be in Personal certificate store.

4. From Windows Start menu, click Run and enter certmgr.msc to browse the certificate store.  Browse Personal Certificate Store certificates (See screen figure below) and copy the imported certificate (right click menu) from the Personal\Certificates folder to the Trusted Root Certification Authorities\Certificates folder to inform the system that the newly imported certificate is a trusted one.

5. The certificate to be used for encryption must be in amandabackup user's Personal Certificate Store as well as Trusted Root Certification Authorities. See the screen image below.
6. You can now specify the certificate in the Zmanda Windows Client Configuration utility's Advanced Options dialog. This utility must be run as Administrator user.

Exporting and Importing Key container

Zmanda Key Container is required only if you have backup archives client encrypted using ZWC 3.0.x release.

Encryption Metadata for the association between amandabackup user and the digital certificate used is stored under the Zmanda key container on disk on the backup client machine.It is important to export the key container before uninstalling ZWC on the client machine. Also, this key container will be needed, in the case of restoring encrypted archives on a different  machine.

The exported XML file is needed for disaster recovery and must be backed up. To export and import key containers, .NET framework (version 2.0 or greater) must be installed on the Windows machine. It is usually found under C:\WINDOWS\Microsoft.NET\Framework and Framework64 folders.

To export the Zmanda key container to XML file, run the following command (Windows Start > Run > command):

aspnet_regiis -px “Zmanda” “<Name of XML file to be created>” -pri

IMPORTANT: Before importing Zmanda key container from another machine, make sure you have exported Zmanda key container from the current machine. This step is necessary if you are importing Zmanda Key container to a machine that is already performing Amanda encrypted backups. Use the above procedure to export Zmanda key container. To import the Zmanda key container from the XML file, run the following command (Windows Start > Run > command):

aspnet_regiis -pi “Zmanda” “<Name of the exported XML file>” -exp

You will need to import the exported key container from the current machine, in order to recover from encrypted archives backed up from this machine.

After importing the Zmanda key container, the digital encryption certificates have to be imported for the amandabackup user. This is necessary to recover from encrypted archives.

Location

The Zmanda Windows Client support utility zwc-support.bat is included with the Zmanda Windows Client. To start the script, click Start->Programs->Zmanda Client for Windows->zwc-support

Files Gathered

The following types of log files are gathered by zwc-support:

Output File

After the utility is run, an output file with the name zwc-logs-datetimestamp.cab is created in the Zmanda installation directory.