Servers (14)

Dynamic VHD Recovery Wednesday, 20 January 2016 00:00

Dynamic VHD Recovery

HyperV is Microsoft’s offering for handling the virtual disk environment. As with all new technologies there are times when even the best laid plans of mice and men go awry. This segment offers some answers into the recovery of the most difficult of scenarios, the Dynamic VHD deletion. The following are a few steps that hopefully will allow you to mount your deleted VHD and in doing so bring you and or your client back online.

Building an Image:

For a Fixed VHD this part is easy since for all practical purposes a Fixed VHD is a partition in file form. It has the same attributes and characteristics as a standard partition and maintains the same file system components. There is a bit of metadata and the front of the file but all in all a very basic partition. A dynamic partition however is only as large as the amount of data necessary to maintain the embedded VHD block handler and the actual file system data. In order to recover a dynamic partition I suggest trying to create a VHD file the same size as the maximum size of the VHD if it were full. This value is found in the ‘Size’ column of the VHD Finder under ‘Found VHDs’. Even if the amount of data is less than the total size of the partition the VHD handler will ignore the overall size and just address the actual data.

Mounting the image through software:

There are several good pieces of software that will read a dynamic VHD file and recover the data. There are even pieces of software that will expand the dynamic VHD and make it a Fixed VHD in order to recover the data. Acquire one of those tools and use it to recover the data from the partition.


Old server hardware is a fact of life – the perpetual drive for increased processing power, more storage and improved software functionality means that the average lifespan for a new server is around three years. And with support for Server 2003 ending in less than a month, there is expected to be a large increase in the number of redundant servers that need to be disposed of.

So what are the factors you need to consider when disposing of server hardware?

Data implications

By their very design, servers are intended to store data. More importantly still, they are supposed to simplify sharing of information within your corporate network.

So when disposing of servers, it is important to carefully consider the data that may still be stored on the drives. Cybercriminals or even your competitors could easily recover sensitive data from your dumped server, before using that information to steal your intellectual property (IP), leverage your product development and research for their own use, or headhunt your customers using your own data against you in future bids for work.

To prevent such problems you must either remove the hard drives and physically destroy them, or use a secure file deletion tool to ensure all information is unrecoverable. A simple format of the drives is insufficient – tools like this are more than capable of recovering data deleted in this way.

Legal implications

Where your business handles personal data, there is a legal duty under the Data Protection Act 1998 (DPA) to prevent loss or theft of that information. Your business must be able to demonstrate that you have properly disposed of personal data and put it beyond recovery by unauthorised third parties.

To meet such requirements, your business will either need to employ a secure file deletion tool, or physically destroy the hard drives belonging to the server being disposed of. If you are hoping to resell or donate it to charity, secure file deletion will leave you with a usable machine – otherwise it will require replacement drives, significantly reducing its value to a buyer.

It is hard to miss the news that today marks the very end of the road for Microsoft’s popular Windows Server 2003 operating system. After that date, Microsoft will no longer offer support, maintenance or security patches for computers running Server 2003 leaving businesses reliant on the OS unprotected against software flaws or security vulnerabilities.

With only a few days until the deadline, the chances of realistically planning and executing a migration to another OS are very, very slim. So what are your options moving forward?

1. Don’t panic!

The end of support for Server 2003 does not mean that servers using that OS variant will simply explode tomorrow. Everything should continue running as normal, giving you time to finalise your migration plans and transfer data, services and roles to a new machine.

You could even use this grace period to seek assistance from a third party migration specialist to help make the transition as smooth as possible.

2. Dig deep

Despite official support ending today, Microsoft will actually continue to provide hotfixes and maintenance for Server 2003 indefinitely under certain conditions:

  • Your business takes out a special support contract for each Windows 2003 server.
  • You agree that each support request you lodge with Microsoft may be chargeable.
  • You are able to pay a vastly inflated sum for the contract – the US Navy just paid $9 million for ongoing support of their Windows XP devices for instance.

News that Microsoft is to end support for Windows Server 2003 on 14 July this year has masked a more pressing issue for small businesses using Windows Small Business Server 2003 (SBS2003) – the Exchange email component of their system has not been supported since 8 April 2014. This means that should something go wrong with your email server, Microsoft will not provide any patches, service or support, placing your data in jeopardy.

The obvious solution to this problem would normally be to upgrade to the newest version of Windows Small Business Server, thereby addressing both the Windows 2003 and Exchange 2003 problems simultaneously. But Microsoft dropped the Small Business Server (SBS) edition when Windows Server 2012 was released.

This leaves you with a choice – upgrade to SBS 2011 which is already four years old, or make the move to Windows Server 2012 Foundation. The sticking point is that the entry-level Server 2012 Foundation edition offers no native email functionality. Instead Microsoft is encouraging small businesses to adopt the Office 365 service which includes hosted email.

But whether you choose to adopt SBS2011 or Server 2012, you will still need to carry out an Exchange Server migration. Because SBS2011 is relatively aged, this guide will look at the move to Office 365. For further information about upgrading SBS2003 to SBS2011, see this Technet guide.

1. Specify the Office 365 subscription your business needs

Although you can purchase Office 365 subscriptions direct from Microsoft, you may find that in terms of accuracy and speed, using the services of a VAR (value-added reseller) may be more appropriate. They will help you understand how many subscription licenses you need to cover your workforce, and the difference between the available plans.

Because you are replacing your Exchange 2003 server with Office 365, you will need to select the Office 365 Business Premium plan which includes hosted Exchange email. On the plus side

After 12 years of service, Microsoft is finally pulling the plug on Windows Server 2003 with extended support for Microsoft Windows Server 2003 ending on the 14th of July – next month. To avoid problems with software compatibility, security weaknesses and general operating system failures, any business still reliant on Server 2003 needs to upgrade to a newer version sooner rather than later. Because maintaining the status quo is not an option.

Here we outline the pros and cons for each of the available operating systems so you have the information you need to make a more informed purchasing decision.

Windows Server 2008

Offering support for both i386 and x64 architectures, Windows Server 2008 was the last Microsoft operating system to work with 32-bit processors.

As the second oldest Microsoft operating system still in use, there is little to recommend Server 2008 for anything other than the oldest hardware.


  • Windows Server 2008 still supports 32-bit architecture, making it the only “up to date” option for old i386 systems.
  • Provides native support for Windows XP and Vista clients.

Windows Server 2003 support ends July 14th 2015. While you’ve probably heard this a multitude of times, the severity of support no longer being offered by Microsoft for this aging server offering could be detrimental security wise to the organization you support. The following are 25 steps that I have been walking our customers through at a high level to fast track them off of their aging infrastructure and into Windows Server 2012 R2.

Let’s take a Server that is running Windows 2003 and is a Domain Controller, DHCP, DNS, and some File Services.

  1. Build a new Windows 2012 R2 Server, install all necessary patches and join it to the Domain
  2. Install the AD, DHCP, DNS, and File Services (Including De-Duplication) Roles
  3. Logon to the Existing Windows 2003 Domain Controller and stop the DHCP Server Service 
  4. Copy the DHCP Database from the from Windows 2003 (%windir%\system32\dhcp\dhcp.mdb) to the new Windows 2012 R2 Server (c:\Export\DHCP\dhcp.mdb)
    NOTE: Only grab the DHCP Database and not the associated log files. This will take all of the associated Scopes from the old server to the new one. It is a complete cutover. If you need to take individual scopes you should use NETSH or the Server Migration Toolkit.

After a 12 year run, Microsoft is finally set to withdraw extended support for the Windows Server 2003 family of operating systems. After 14 July, Microsoft will not provide any patches, updates or support to businesses using Server 2003 unless they take out an extremely expensive custom support agreement.

In the event that your business does not have a spare $9 million (or access to public funds), the only cost effective option available is to take the leap and upgrade to one of the two more recent versions of Server – 2008 or 2012. But only a few days until the deadline, what do you need to do to be ready? This checklist will take you through the most important steps required to complete a successful migration.

1. Assess your upgrade options

Chances are that your direct upgrade options are severely limited if you are still using Windows Server 2003 because the hardware simply will not handle the demands of a later version. Even if you can coax an upgrade to Server 2008 you must decide whether the effort and relatively short remaining lifespan of the OS outweigh the benefits of buying an upgraded system capable of running Server 2012.

Use this handy guide to find out more about the different upgrade options you have available.

2. Assess your migration options

In all likelihood you will need to purchase a brand new server and migrate data and settings from the original machine. It is important to note that Microsoft does not provide an automated upgrade tool for moving from Server 2003 to Server 2012.

Instead you will need to perform a double upgrade (2003 to 2008, followed by 2008 to 2012) or more likely, a manual migration between the two versions. For the rest of this guide we will assume you are migrating software, services and files to a completely new system running Windows Server 2012 R2.

Windows XP has long been an OS Microsoft begrudgingly kept alive far longer than it could have ever imagined. Initially released in 2001, official support for Windows XP persisted all the way through April 2014. At the time, Microsoft noted that after 13 years of support, it was time for the company to look forward, unencumbered by outdated software.

But Microsoft is more than willing to make an exception if you’re willing to pony up some big bucks. Case in point: The US Navy’s Space and Naval Warfare Systems Command recently agreed to pay Microsoft $9 million in exchange for ongoing support of its Windows XP systems. The contract, recently signed in early June, also contains a number of options, which if exercised, “would bring the cumulative value” of the contract to nearly $31 million.

According to the US Navy, they have approximately 100,000 workstations still in use running legacy Windows XP applications. “Support for this software can no longer be obtained under existing agreements with Microsoft because the software has reached the end of maintenance period,” Navy officials explained. In addition to support for Windows XP, the contract also calls for ongoing support for Microsoft Office 2003, Exchange 2003, and Server 2003.

DTI Data Recovery receives several requests for data recovery quotes each and every day. Many times the quotes are self-explanatory and we can offer an accurate solution as well as an upfront price for almost any recovery. With that being said, there are times when a more complex solution is necessary and some additional information is needed in order to offer an accurate quote and estimate the possibility of recovery. One of these instances is the deletion of data, any data. The possibility of recovery hinges on so many factors that a phone conversation is normally necessary in order to gather more information and make sure that the Deleted VMWare VMDK can be recovered.

Some of the most complex situations when dealing with deleted data involves virtual technology. Although this technology has been a real life safer when it comes to optimizing hardware resources it is a real nightmare when it comes to unraveling the mystery that involves a deleted VMWare VMDK. That being said, I received a request for a deleted VMWare VMDK recovery quote  recently. The person inquiring could not be contacted by phone so I could not speak to them. The description of the problem was so vague that I decided to send a list of questions that would enable me to make an educated and informed assessment of the recovery as well as the pricing for that recovery. The following are those questions and the reasons why they were asked. The questions were designed for a VMWare server.

1. What version of ESXi are you running on the server?
This is important in as much as some of the older versions of ESXi had file size limitations. In addition there are some utility functions for more recent versions that do not exist on the older versions of the operating system. These types of version discrepancies can and do affect the possibility of recovery.

2. Was the VM set up as thick or thin provision?
When a VKDK file is deleted then the storage map for that particular file is destroyed. There are times when a low level forensic scan is necessary to try and piece together the file. If the original VMDK is ‘thin’ provision then that means the file is compressed and allocated on an as needed basis. Thin provision can be difficult to recover if the actual block map for the file has been destroyed due to a deletion. Whereas ‘thick’ provision allocates the full size of the VMDL and can be treated like any other operating system partition.

The ideal mix of performance and reliability starts with learning which server BIOS settings you should configure for a virtualized system.

Simply installing processors with virtualization extensions does not always guarantee optimum performance or best host server stability; you must enable a variety of BIOS settings to manage details of the processors' virtualization behavior. The options allow IT professionals to configure host platforms to use virtualization features that best support the computing needs of virtual machines and to disable unneeded features to ensure stability. Let's consider some of the most common virtualization options found in server BIOS.

Enable virtualization

BIOS settings allow technicians to enable or disable the processors' virtualization extensions. You should never assume that processors such as Intel VT or AMD-V's capabilities are enabled by default. Motherboards like Intel's S2600GZ/GL server board disable Intel VT by default, and the option to enable virtualization extensions is only available if all of the installed processors support virtualization extensions. With the option disabled, the server will continue to run in the traditional nonvirtualized mode (one server; one workload). Remember that changing this option is a major change to the hardware, and you may need to power cycle the server before the change takes effect.

Enable I/O virtualization

While ordinary virtualization extensions allow the virtualization of processor and memory resources, additional virtualization features are typically needed to virtualize I/O activities such as DMA transfers and device interrupts. By virtualizing I/O resources, the server can potentially improve the way the I/O resources are secured and allocated to virtual machines (VMs). Intel calls these I/O virtualization extensions VT-d. I/O virtualization is also a part of AMD-V extensions.

Since some I/O devices or subsystems do not fully support I/O virtualization, the BIOS may disable this feature -- and typically does by default to ensure the best system stability and device interoperability. However, if every server component or subsystem is capable of supporting virtualized I/O, a technician can enable I/O virtualization such as Intel VT for Directed I/O. This option normally appears underneath the overall virtualization setting and is only available if all of the processors support virtualization extensions.

Enable interrupt remapping

I/O virtualization changes the way I/O resources are assigned to workloads. When I/O virtualization is enabled, the system's interrupt table is abstracted before being reported to the hypervisor. This allows more flexibility and control over the way system interrupts are allocated and dealt with at the hardware level. Interrupt remapping is often enabled by default once I/O virtualization is enabled, but you should specifically verify that the interrupt remapping feature is available and active. In some cases, interrupt remapping may be forced on, and you may have to disable this feature by disabling I/O virtualization entirely.