For Dedicated Servers, Server Power Deals und Value Dedicated Servers managed in the server administration of the IONOS account

In this article, we'll show you how and why you should use the Windows Rescue System on your Windows Dedicated Servers.

The rescue system allows you to access your server even if it is no longer accessible through the network. This is a kind of minimal Windows system with which you can, for example, repair your server in an emergency or back up important files.

With the help of the rescue system, you can do the following:

  • Activate/deactivate services
  • Deactivate a personal firewall
  • Delete/copy/edit files
  • Run a command line
  • Edit the registry
  • Debug the server after a crash ("Blue screen" debugging)
  • Start CheckDisk supervised (to repair a corrupt file system)
  • Back up data and move it via FTP to your backup server
Note

Make sure that outgoing connections using port 5900 are allowed in the firewall of your local computer and/or router. Otherwise, no connection to the rescue system can be established.

Booting the Server into the Rescue System

For instructions on how to boot your server into the rescue system, see the following article:

Booting a Windows Server into the Rescue System

Notes
  • During this process, you will be assigned a temporary password for security reasons. It is required to connect to the VNC client. This password is only displayed once, so make sure you copy it/write it down somewhere safe.

  • Booting into the rescue system can take up to 10 minutes.

Using a VNC Client to Establish a Connection to the Rescue System

To log into the rescue system, you need a VNC client such as the freeware options Real VNC or Ultra VNC.

Real VNC

Follow these steps to establish a connection to the rescue system with the VNC client Real VNC:

  • Start Real VNC.

  • In the VNC Server Address field, enter or browse for the IP address of your server and press Enter.

  • Click Continue.

  • In the Password field, enter the temporary password that you took note of previously.

  • Click OK.

The connection to the rescue system is now established. After successfully logging in, the Windows Rescue System start screen will be displayed.

Ultra VNC

Follow these steps to establish a connection to the rescue system with the VNC client Ultra VNC:

  • Start Ultra VNC.

  • Enter the IP address of your server in the field VNC Server.

  • Click Connect to establish a connection to the rescue system.

  • Enter the temporary password.

  • Click Log in.

The connection to the rescue system is now established. After successfully logging in, the Windows Rescue System start screen will be displayed.

Note

The rescue system shown may differ from what you see on your end.

Activating/Deactivating Services

Services cannot be activated/deactivated as usual through an MMC SnapIn but instead must be edited in the registry.

If you have configured the Local Security Policies incorrectly, you can use the following steps to set that the Local Security Policies service will not start at the next boot:

  • Open RegEdit.

  • Select File > Load Hive.

  • Select the System file. This can be found under the following path: C:\Windows\system32\config.

  • Specify a temporary name (for example, RegTemp).

  • To load the file, click OK.

  • The registry subtree is now available under HKEY_LOCAL_MACHINE\RegTemp.

  • Open HKEY_LOCAL_MACHINE\RegTemp\ControlSet001\Services\PolicyAgent.

  • Set the registry key 'Start' to 3 (manually).

  • Now click on RegTemp again.

  • Click Unload Hive in the File menu.

  • Close the registry.

If you have configured the local security policies incorrectly, you can ensure that the Local Security Policies service will not be started after rebooting the server. Remember to set the boot mode back to local. Your server should now be accessible again.

The example just explained can be applied to any service on your Windows Server. You only need to know the service name in the registry.

Disabling the Firewall

Follow these steps, for example, to disable the Personal Firewall Zone Alarm.

  • Open RegEdit.

  • Click HKEY_LOCAL_MACHINE.

  • In the File menu, click Load Hive.

  • Select the System file. You can find it under the path C:\Windows\system32\config.

  • Specify a temporary name.

  • Confirm with OK to load the file.

  • The subtree of the registry is available under HKEY_LOCAL_MACHINE\-TemporaryName-.

  • Open HKEY_LOCAL_MACHINE\-TemporaryName-\ControlSet001\Services\vsdata

  • Set the registry key Start to 4.

  • Open HKEY_LOCAL_MACHINE\-TemporaryName-\ControlSet001\Services\vsdatant.

  • Set the registry key Start to 4.

  • Now click again on -TemporaryName-.

  • Click Unload Hive in the File menu.

  • Close the registry.

After you reboot, your Windows Server should be reachable again.

After the next login, we recommend that you uninstall ZoneAlarm.

Note

ZoneAlarm, like most free firewall applications, is not suitable for servers! Please also read the Firewalls section. It is better to use local security policies instead.

Deleting/Copying/Editing Files

The rescue system offers you the possibility to delete, copy, and edit files. The A43 FileManager is structured similar to Windows Explorer and offers many of the Windows Explorer features (such as .ZIP functionality). With the integrated Notepad application, a text editor is also included.

Debugging/Evaluating the Blue Screen

Driver errors, defective RAM, or configuration problems often lead to a so-called blue screen. If your Windows Server should fail at some point, this could be a sign of a blue screen. With a Bluescreen an image of the last used memory is always saved. This so-called memory dump file is located at C:\Windows\MEMORY.DMP. The rescue system contains an analysis tool to evaluate MEMORY.DMP files. You can find the analysis tool under X:\i386\ntsd.exe. The following call starts an analysis: X:\i386\ntsd.exe -z C:\Windows\MEMORY.DMP

The analysis will show you, for example, if it is a driver defect that caused the blue screen, which driver is responsible for the crash. The driver is the .sys file found in the output. If this analysis does not help you, please contact Microsoft Support with the result of the analysis for further testing.

Checkdisk- Repairing a Damaged File System

If the file system is damaged (dirty file system), the so-called dirty bit will be set. Simply put, this means that your file system is in an inconsistent state. This happens whenever, for example, changes are pending on the volume, but the server is rebooted before these changes can be applied.

How to query a dirty bit:

C:\>chkntfs c:
The type of the file system is NTFS.
C: is dirty. You may use the /C option to schedule chkdsk for
   this drive.
C:\>

A set dirty bit always causes the checkdisk program to be executed after a reboot. While checkdisk can repair a damaged file system,
a checkdisk directly after a reboot cannot be supervised by you. Therefore we recommend that you use the following command to prevent Checkdisk from starting automatically after the next reboot:

C:\>chkntfs C: /X
The type of the file system is NTFS.
C:\>

Instead, boot your system into the rescue system to run Checkdisk. Before you start Checkdisk, you should make a complete backup of your data. How to start Checkdisk:

C:\>chkdsk C: /F

After successfully completing Checkdisk, the next check of the file system should show the following:

C:\>chkntfs C:
The type of the file system is NTFS.
C: is not dirty.
C:\>

Your file system is now in a consistent state again.

Backing Up Files

With the Rescue System, you can back up files and upload them to your backup server through FTP or other methods. This procedure is explained using the following example:

  • Open the A43 FileManager from the menu.

  • After the A43 FileManager has opened, select the folder to be backed up.

  • Select File > Zip > Second Menu.

  • Select the path and enter a name, for example D:\MyData.zip and click Save.

  • Open the FTP program FileZilla contained in the rescue system.

  • Establish a connection to your backup server. Then you can transfer the desired files to the backup server by drag&drop.

Note

For very large files (>1GB), we recommend splitting the file to be backed up into smaller files (around 200 MB) before transferring it via FTP using HJSplit, which is also included in the Rescue System. You can put the split files together either in the Rescue System or after successfully reinstalling your server (HJSplit can be found under C:\Install).