Re: Cannot restore Windows Server 2003 after attac...

Steve_Yau · ‎06-29-2005

Hi there

One of our server was attacked by recent Veritas Remote Agent Buffer vulnerability. Now I applied HF52 & HF54 to our Veritas 9.1 (SP2) media server. And the followed http://seer.support.veritas.com/docs/236286.htm to recover the remote system.

After successful restore, I rebooted the remote system. But it failed to boot and shortly after the Windows 2003 splash screen, it stopped in blue screen:
---
PROCESS1_INITIALIZATION_FAILED

Stop 0x0000006B(0xC000007A, 0x00000008, 0x00000000, 0x00000000)
---

What's the problem with that? How can I know if other system that are "protected" by BEWS are really protected? What's the use of BEWS then?

Steve

Ashutosh_Tamhan · ‎07-05-2005

Hi Steve

following technote will be helpful to you:
http://support.veritas.com/docs/250291

Regards,
Ashutosh

NOTE : If we do not receive your reply within two business days, this post would be marked assumed answered and would be moved to answered questions pool.

Steve_Yau · ‎07-05-2005

Hi Ashutosh

The technote doesn't help at all !!!

Our media server is running on Dell PowerEdge 1750, and the tape drive is Dell PowerVault 122T attached to an additional Adaptec 29160. The target remote server is a Dell PowerEdge 1650. Both running on Windows Server SP1, using BEWS v9.1

So none of the condition in this technote is satisfied.

Do you have any other hints?

Steve

Giles_Coochey · ‎07-07-2005

The Dell 122T utilises an HP drive within it.

At least our two LTO versions do.

Deepali_Badave · ‎07-11-2005

Hello,

Is it a Windows 2003 IBM server?

Have you installed any drivers on the server?

Are there any errors occured in th event logs?

===========================================
Additional Information :
For information on the recent VERITAS Backup Exec security vulnerabilities, including links to the downloads for the necessary hotfixes, please refer to the following document:
Patch summary for Security Advisories VX05-001, VX05-002, VX05-003, VX05-005, VX05-006, VX05-007

http://seer.support.veritas.com/docs/277429.htm

NOTE : If we do not receive your reply within two business days, this post would be marked assumed answered and would be moved to answered questions pool.

Steve_Yau · ‎07-11-2005

It is just a standard Windows Server 2003 running on Dell PowerEdge 1650. I used Dell's system boot disk to install Windows 2003 with standard Dell's device driver preinstalled. Then I start the restore process by pushing BEWS remote agent to that server and then start the restore. The restore process completed successfully. But the blue screen appeared shortly after reboot. It seems that the blue screen appears before eventlog service has started.

I cannot enter safe mode, safe mode with command prompt. Boot logging does help too (since no log is generated)

Steve

MANUEL_FLORES · ‎07-15-2005

Hi,

I've exactly the same problem. Reading this post, I don't have clear what I should do.

Is there any news about this?.
What the problem is?

I have BE 9.1 SP2.

Regards,

Al_Capone · ‎07-15-2005

try the following
Boot with your Windows installatino Cd
Press F6 to load addition driver.
Give the driver needed for your Raid Controller
Press Enter for new installation
Follow instruction
Then Select repair existing windows installation
then reboot.
should work like a charm!

Ciao

Al Capone

Steve_Yau · ‎07-15-2005

No, it doesn't help at all. Dell PE1650 has Adaptec Ultra 160 SCSI built-in. The before-restore Windows Server 2003 installation has already had all necessary drivers (scsi/nic/display...) installed.

Amruta_Purandar · ‎07-29-2005

Hello,

As per the technote http://support.veritas.com/docs/250291
you need to check for other points as well.

Please check for the following:
1. An IDE hard drive is designated as the system boot device.
Do you have an IDE hard drive designated as you system boot device?

2. When the first BOOT of the server attempts to complete, the following stop message appears when loading the controller's drive (SYM_U3.SYS):

0x0000006b (0xc000012F, 0x00000003, 0x00000000, 0x00000000)

PROCESS1_INITIALIZATION_FAILED

In your case does it give the driver name. Please provide us the driver name. In most cases it is the driver which causes the blue screen.

Additional Information :
For information on the recent VERITAS Backup Exec security vulnerabilities, including links to the downloads for the necessary hotfixes, please refer to the following document:
Patch summary for Security Advisories VX05-001, VX05-002, VX05-003, VX05-005, VX05-006, VX05-007

http://seer.support.veritas.com/docs/277429.htm

NOTE : If we do not receive your reply within two business days, this post would be marked assumed answered and would be moved to answered questions pool.

Thomas_Cavuoto · ‎09-29-2005

I am having the same problem.

I have a Dell PowerEdge 2650 running Windows 2003

Before I put this server in production, I want to make sure I can do a full system restore. I do this with all my systems.

I reloaded Windows 2003 Server, usiung the Dell assistant CD, and reinstalled the backupagent.

I try a full restore (with NO hardware changes since the backup was done), and it completes successfully.

When I go to reboot, I get the same blue screen

PROCESS1_INITIALIZATION_FAILED

0x0000006B (0xC000007A,0x00000008,0x00000000,0x00000000)

There is NO driver name displayed on this blue screen. I need to get this squared away. Thank you.

Tommy

Bruce_Willis · ‎04-10-2006

Hi,

I have experienced this exact problem and I am unable to find any answers. I am running 3 production servers with 3 identical D/R (disaster recovery) servers.

Originally, I was able to perform full system restores of the Windows 2000 servers using BEWS 9.1 onto the identical D/R servers. However, I am now unable to do so, either with W2K servers upgraded to 2003, or with fresh Windows 2003 servers. All attempts give the same error as reported by Steve Yau. It does not matter if the server is a standard Windows 2003 server or if it is the Domain Controller.

I have followed tech note 276524 which states that all BEWS 9.1 installations should be upgraded to SP4 before. I have applied SP4 both to the production server and to the D/R server. Same result.

I have also followed tech note 236240 to the letter. Same result.

In my case, all servers are HP/Compaq ML350.

I have to agree with Steve that if this cannot be resolved, then what is the point of BEWS 9.1 with Windows 2003? It's OK if all you want to do is recover basic data, but if you want to recover an entire server, it does not work!

This is really important for me and I really need an answer to this as I have been unable to solve this problem for several months.

Bruce

Harrison_Pace · ‎05-12-2006

I had a similar problem 2 days ago. IBM 346, Windows Server 2003 Std, Veritas Backup Exec 10.
For some reason the mirrored hard drives lost their partition so we had to recover from our last good full backup. After reloading the OS and the Veritas backup agent we restored the machine from the last good full backup. I then rebooted the server and saw the error you are talking about. The server got stuck in a loop where it kept restarting and blue screening at the same point.

I followed some advice in this thread where the person suggested trying a Windows repair using the Windows 2003 CD. The first time I did it the machine still blue screened but, it had a different error code. Just for the heck of it I ran the repair again over the first repair and it worked.

Bob_Berquist · ‎05-18-2006

The double repair worked for me also.
win2k server running Terminal services BE 10.0
I also did the following after the double repair.
1 Re applied sp4
2 Manually deleted the computer from active directory
3 Changed the system to a member of a workgroup
4 Changed it back to a member of the domain.

Until I did steps 2 through 4 domain members could not log into Terminal Services.
I do not understand why the backup exec procedure as documented does not work.

This work around seems more like magic and does nothing for my confidence level regarding how well my systems are protected.

Bob

VOX

Cannot restore Windows Server 2003 after attack