This is part 2 of granular backup/restore blog in which I’ll cover the Recover data from an unattached content database option in Central Administration. This is located in backup/restore section under granular backup/restore. SharePoint 2010 utilizes SQL snapshots both to create and to restore from. This blog will also cover the overall uses of snapshots since they can be used in multiple ways. You can be has granular as possible in choosing what you want to restore from snapshots whether it’s the entire site collection or a specific document library\list.
Snapshot Basics
Before going though the steps it’s important to know the basics of SQL snapshots. SQL snapshots were introduced in SQL 2005 timeframe and only available to Enterprise and Developer editions of SQL. SQL 2008 maintains this rule in that snapshots are only available to Enterprise and Developer editions of SQL. SQL snapshots are a read-only copy of a data base as it existed at snapshot creation. Snapshots operate at the DB page level so when a page is about to be modified for the first time in the source DB, the page is first copied to the snapshot thus preserving the data record. If the page already exists and has been modified post snapshot, it’s not updated or copied to the snapshot. At snapshot creation, all pages from source db are considered new and are copied to the snapshot. Snapshots are linked to the source database where they originated. If the source database goes offline for any reason, then the snapshot is unavailable. This is why snapshots are great for granular backup/restore operations but this shouldn’t be your main backup/restore method. Keep in mind that snapshots are limited to content databases only. To learn more about snapshots check out the following:
http://msdn.microsoft.com/en-us/library/ms175158.aspx
What can SharePoint 2010 Administrators do with snapshots?
SharePoint 2010 Administrator can now do common administrative tasks when it comes to snapshots. The following lists some common things which can be performed on a SharePoint 2010 server using PowerShell.
· Create snapshots
· Delete snapshots
· Restore snapshot
· Use snapshots for granular recovery operations <- Can also use Central Administration
Note: You cannot create, delete, or restore snapshots on SharePoint 2010 standalone server due to the fact it runs on SQL 2008 express edition. Snapshot operations are not supported against SQL server express edition.
Creating Snapshots
Two common methods exist for creating snapshots of SharePoint 2010 data.
Method 1: Using SQL Server
Snapshots are created via TSQL commands within SQL Management Studio query window. SQL Management Studio doesn’t expose any UI for creating snapshots. If my content database is named "WSS_Content" then I would run the following query from SQL Management Studio:
CREATE DATABASE ContentSnapshot on (NAME = "WSS_Content", Filename = 'c:\snapshot\contentsnap.ss') as SNAPSHOT OF "WSS_Content";
Once this is completed, the snapshot resides in the snapshots folder.
Method 2: Using PowerShell aka “SharePoint Management Console”
SharePoint Management Console can also be used to create snapshots. Yes, this is a fancy way of saying powershell but get used to hearing it since it’s listed that way on the start menu. You can now create SQL snapshots from a SharePoint 2010 server. Using SharePoint Management Console you can input something like the following:
$ContentDB = get-spcontentdatabase WSS_Content
$ContentDB.Snapshots.CreateSnapshot()
Below, a new snapshot is created within SQL Management Studio:
Recover Data from an unattached content database
The recover data from an unattached content database option is used for pulling data out of a snapshot or detached content database and exporting to a file. The exported file can be imported back into production using the sp-import cmdlet via powershell. Both Central Administrator and Powershell can be used to pull data out of a snapshot. Three specific operations exist depending on what specifically you want to pull out of the snapshot. Selecting the recover data from an unattached content data base option exposes the following operations.
Browse Content – Provides ability to browse for a specific site collection, Site, or list. Once a selection is made, the same operations are available which is backup site collection or Export site or list.
Backup Site collection – Provides the ability to backup a site collection from a snapshot which can then be restored into production
Export Site or List – Provides the ability to export a specific site, list, or document library from a snapshot
Walkthrough
Using Granular backup/restore to pull a document library from a snapshot and import into production
Using Central Administrator
This example demonstrates exporting a document library named hr out of a snapshot named “contentsnapshot2”:
1.) Within Central Administration, Select backup/restore, Recover Data from an unattached content database
2.) The following screen is where the SQL server name is populated and the corresponding snapshot name:
After filling out required fields and selecting Export site or list click next.
3.) After clicking next, drill down to specified list as well as includes options for exporting security, version, and specify export path.
Select the start export button to pull the data from the snapshot into the export.cmp.
4.) Finally, run the import-spweb cmdlet via powershell to import the data back into production. For these steps, see the previous nugget.
Using Powershell
This example demonstrates exporting a document library named hr out of a snapshot named “contentsnapshot”:
1.) Get the snapshot database and assign it to variable named $snappy:
$snappy = get-spcontentdatabase -ConnectAsUnattachedDatabase -DatabaseServer contososql -DatabaseName contentsnapshot
2.) Pipe $snappy with export-spweb cmdlet to pull hr list out of the snapshot:
$snappy | export-spweb http://contosoweb –usesqlsnapshot –itemurl /hr –path \\contososql\bu\mybackup.cmp
3.) Finally, run the import-spweb cmdlet via PowerShell to import the data back into production. For these steps, see the part 1 of granular backup/restore blog.
Hello! Russ Maxwell here and I’d like to provide a glimpse into SharePoint 2010 granular backup/restore. Several things have changed and have been improved in this area. This article is specifically themed around granular backup\restore and what you need to know.
Key Concepts:
Granular Backup: Granular backup has been placed into its own section within Central Administrator. This includes multiple options including the following options:
· Perform a site collection backup
· Export a site or list
· Recover data from an unattached content database
Basics
In SharePoint 2007, all granular backup and restore operations were only available using stsadm. SharePoint 2010 has integrated granular backup restore operations into both Central Administrator and PowerShell. Some backward compatibility does exist with stsadm but PowerShell is the new and improved replacement. Stsadm will be left out of this blog. Part 1 of this blog will include all granular backup/restore options except for “Recover data from an unattached content database”. Part 2 of this series will be dedicated to that topic. Performing backup operations deemed as granular can be performed from Central Administrator or PowerShell. Granular restore operations are only available using PowerShell. SharePoint 2010 is more flexible in terms of what can be backed up and restored. It’s possible to backup and restore site collection, sites, lists, document libraries, and items. The options for performing granular backups using Central Administrator are:
· Recover data from an unattached content database (Covered in Part 2 of this series)
Granular backup operations
Backing up a Site Collection
You can backup a specific site collection using either Central Administrator or Powershell.
backup-spsite -identity http://contosoweb -path \\server\backupshare\bufile.bak
Backing up a Site, Library, or List
Exporting a Site/sub-site
Export a specific site using Central Administrator:
1. Select Backup and Restore 2. From the UI select Export a site or list 3. Select Site Collection\Site "leave list drop down clear" 4. Optional categories is to export full security or export versioning history 5. Selecting Start export redirects to _admin/sitebackuporexportstatus.aspx page.
export-spweb -identity http://contosoweb -path \\servershare\bu\site.cmp
Export a specific list or library:
1. Select Backup and Restore 2. From the UI select Export a site or list 3. Select Site Collection\Site 4. Select a list 5. Optional categories “export full security or export versioning history” 6. Selecting Start export redirects to _admin/sitebackuporexportstatus.aspx page.
export-spweb -identity http://contosoweb -path \\servershare\bu\hrpowershell.cmp -itemurl /cake
Note: This example demonstrates exporting a document library named cake from Contosoweb site.
Granular restore operations
Granular restore operations require the use of Powershell as no UI in Central Administrator exists. Two cmdlets are available for granular restore operations.
restore-spsite
This cmdlet is used to restore site collections that have been backed up using “Perform a Site Collection Backup” in central administrator or backed up using backup-spsite cmdlet.
For Example: restore-spsite -identity http://contosoweb -path \\server\backupshare\backupfile.bak
You have plenty of parameters available but the example demonstrates the required parameters. To get the full scope of parameters you can run:
get-command restore-spsite -syntax
What you should know about using restore-spsite
The identity/URL parameter shouldn't point to a site collection that is present. If the intention is to overwrite an existing site collection, you must use the -force parameter.
import-spweb
This cmdlet is used to restore sites, list, and libraries exported with “export site or list” option in central administrator or using export-spweb cmdlet.
For Example: import-spweb -identity http://contosoweb/ -path \\appserver\bu\list.cmp
Note: You can’t decipher if a list or library is being imported into the contosoweb site using import-spweb. This has been predefined in the backup prior to running import-spweb.
What you should know about using import-spweb
Sites and subsites: Importing a site/subsite works as long as you specify a URL with a site that contains a matching template. For Example, importing a team site to http://contosoweb requires that I first provision a site using the team site template using URL http://contosoweb. Attempting to import to a site using a blank template or different template will result in an error.
List and Libraries: It’s important to determine exactly what items you want to import into a list or document library. If no items exist, then running the command in the example above will suffice and all items will be imported. What if a user accidently deletes 5 items out of 1,000 and you simply want to restore those 5 items? By default, the import-spweb cmdlet overwrites items if they exist with the restored version. In this case, the item version prior to restore can be salvaged by restoring the previous version as long as versioning is enabled. To prevent a scenario where you want items which currently exists to be ignored by import operation, you must include the -updateversions parameter with ignore
So in this example, to restore 5 items without affecting the 995 items which currently reside in a list named odst I can run the following:
Import-spweb –identity http://contosoweb/ -path \\appserver\bu\odst.cmp -updateversion ignore
Note: New Items created within the ODST library after initial export will not be touched by an import operation.
Check Granular backup job status
A sleek new page has been added to check on granular job back status. Two ways to get to this page is through Central Administrator and after initiating a granular backup automatically redirects you to the _admin/sitebackuporexportstatus.aspx page.
Stay tuned for Part 2 of this series which I’ll discuss how SharePoint 2010 leverages snapshots using the Recover data from an unattached database option.
How to automate prerequisite install without an internet connection
I want to cover a few things about the prerequisite installer that everyone should know about. First, all but one prerequisite component is installed locally. The rest of them are downloaded from the web during setup. This is great for servers with an internet connection but what if you want to install prereq’s without an internet connection. This blog demonstrates how to run automate the install of prerequisite components on a box without requiring an internet connection.
First, prerequisites need to be manually downloaded and moved over to server:
SQLClient http://go.microsoft.com/fwlink/?LinkId=123718
SyncFramework http://go.microsoft.com/fwlink/?LinkID=141237
MSChart http://go.microsoft.com/fwlink/?LinkID=122517
PowerShell http://download.microsoft.com/download/D/0/E/D0E6D2C1-2593-4017-B26D-7375BC9263D5/PowerShell_Setup_amd64.msi
Geneva Framework http://download.microsoft.com/download/F/3/D/F3D66A7E-C974-4A60-B7A5-382A61EB7BC6/MicrosoftGenevaFramework.amd64.msi
Microsoft ADOMD.NET http://download.microsoft.com/download/A/D/0/AD021EF1-9CBC-4D11-AB51-6A65019D4706/SQLSERVER2008_ASADOMD10.msi
Automate Installing Prerequisites without Internet Connection
It's possible to install each prerequisite manually on a server with no internet connection but a more automated option exists. The steps are the following:
1.) Place the downloaded files into a directory. For my example: C:\sp
2.) Run the following command via command prompt within the root directory of the install media:
PreRequisiteInstaller.exe /SQLnCli:C:\sp\sqlncli.msi /ChartControl:C:\sp\MSChart.exe /PowerShell:C:\sp\PowerShell_Setup_amd64.msi /Sync:C:\sp\Synchronization.msi /IDFX:C:\sp\MicrosoftGenevaFramework.amd64.msi /adomd:C:\sp\SQLSERVER2008_ASADOMD10.msi
NOTE: This has been updated as of 2/2/2010! This has only been tested against SharePoint 2010 "without Fast integrated". Thanks to Jon Waite for cleaning up some of these steps.
It might be necessary at some point to use PowerShell to provision search service applications. For Example, setting up a search service application for hosted sites requires you to use PowerShell. The following steps manually take you through this process and I highly recommend going through the steps to become more familiar with the command-lets. A sample powershell script is provided at the bottom of this blog.
Creating Search Service Application using PowerShell
1. Create Application Pool
Creating a an application pool for your search service application and throwing the object into a variable called $ app:
$app = new-spserviceapplicationpool –name contososearch-apppool –account domain\user
2. Create search service application
$searchapp = new-spenterprisesearchserviceapplication -name ContosoSearchServiceApplication -applicationpool $app
Note: Add the -partitioned switch after -name if the search service application will be consumed in a hosted environment.
3. Create search service application proxy
$proxy = new-spenterprisesearchserviceapplicationproxy -name Contososearchserviceapplicationproxy -Uri $searchapp.uri.absoluteURI
Note: Add the -partitioned switch if the search service application will be consumed in a hosted environment.
Verify the search service application proxy is online. It should be online by default..
$proxy.status
If it's not online, you can change the status by punching in the following:
To change this property you could type something like this:
$proxy.status = “online”
Finally, you must update the change by calling the update method.
$changestatus.update()
4. Ensure the local search service instance is started
Run the following:
$si = get-spenterprisesearchserviceinstance –local
$si.status
If it's enabled/started, skip to step 5!
If it's disabled then run the following:
Start-SpEnterpriseSearchServiceInstance -identity $SI
5. Provision Search Administration Component
Configure the administration component of the associated Searchserviceapplication. You can do this with the following command:
set-spenterprisesearchadministrationcomponent –searchapplication $searchapp –searchserviceinstance $si
6. Provision Crawl Component and Activate
By default, a search application created in PowerShell has a crawl topology but is missing the following:
· crawl component
· query component
You cannot add a crawl\query component to the default crawl\query topology because it's set as active and the property is read only. The easiest way around this is creating a new crawl topology and new query topology. After creating both, they will be set as inactive by default. This allows for both crawl components to be added to crawl topology and query component to be added to newly created query topology. Finally, you can set this new crawl topology to active.
a. Create Crawl Topology
$ct = $searchapp | new-spenterprisesearchcrawltopology
b. Create a new Crawl Store
$csid = $SearchApp.CrawlStores | select id
$CrawlStore = $SearchApp.CrawlStores.item($csid.id)
c. Create a new Crawl Component
Create a crawl component for new crawl topology by passing the variables representing the crawl topology, search instance, and crawlstore.
$hname = hostname
new-spenterprisesearchcrawlcomponent -crawltopology $ct -crawldatabase $Crawlstore -searchserviceinstance $hname
d. Finally, set the new crawl topology as active.
$ct | set-spenterprisesearchcrawltopology -active
7. Create Query Components and Activate
a. Create a new Query Topology
$qt = $searchapp | new-spenterprisesearchquerytopology -partitions 1
b. Create a variable for the Query Partition
$p1 = ($qt | get-spenterprisesearchindexpartition)
c. Create a new Query Component
new-spenterprisesearchquerycomponent -indexpartition $p1 -querytopology $qt -searchserviceinstance $si
d. Create a variable for the Property Store DB
$PSID = $SearchApp.PropertyStores | Select id
$PropDB = $SearchApp.PropertyStores.Item($PSID.id)
e. Set the Query Partition to use the Property Store DB
$p1 | set-spenterprisesearchindexpartition -PropertyDatabase $PropDB
f. Activate the Query Topology
$qt | Set-SPEnterpriseSearchQueryTopology -Active
==========================================================
Sample Script
Thanks is in store to Colin at MSFT for taking the cmdlets above and throwing together a great sample script. Copy the script below and save it as a .PS1 file.
Note: When provisioning a search service application for hosted “multi-tenant” sites, the following cmd-lets must contain the –partitioned parameter.
New-SPEnterpriseSearchServiceApplication (Step 3 below) New-SPEnterpriseSearchServiceApplicationProxy (Step 4 below)
Add-PSSnapin Microsoft.SharePoint.PowerShell
# 1.Setting up some initial variables. write-host 1.Setting up some initial variables. $SSAName = "ContosoSearch" $SVCAcct = "Contoso\administrator" $SSI = get-spenterprisesearchserviceinstance -local $err = $null
# Start Services search services for SSI write-host Start Services search services for SSI Start-SPEnterpriseSearchServiceInstance -Identity $SSI
# 2.Create an Application Pool. write-host 2.Create an Application Pool. $AppPool = new-SPServiceApplicationPool -name $SSAName"-AppPool" -account $SVCAcct
# 3.Create the SearchApplication and set it to a variable write-host 3.Create the SearchApplication and set it to a variable $SearchApp = New-SPEnterpriseSearchServiceApplication -Name $SSAName -applicationpool $AppPool -databasename $SSAName"_AdminDB"
#4 Create search service application proxy write-host 4 Create search service application proxy $SSAProxy = new-spenterprisesearchserviceapplicationproxy -name $SSAName"ApplicationProxy" -Uri $SearchApp.Uri.AbsoluteURI
# 5.Provision Search Admin Component. write-host 5.Provision Search Admin Component. set-SPenterprisesearchadministrationcomponent -searchapplication $SearchApp -searchserviceinstance $SSI
# 6.Create a new Crawl Topology. write-host 6.Create a new Crawl Topology. $CrawlTopo = $SearchApp | New-SPEnterpriseSearchCrawlTopology
# 7.Create a new Crawl Store. write-host 7.Create a new Crawl Store. $CrawlStore = $SearchApp | Get-SPEnterpriseSearchCrawlDatabase
# 8.Create a new Crawl Component. write-host 8.Create a new Crawl Component. New-SPEnterpriseSearchCrawlComponent -CrawlTopology $CrawlTopo -CrawlDatabase $CrawlStore -SearchServiceInstance $SSI
# 9.Activate the Crawl Topology. write-host 9.Activate the Crawl Topology. do { $err = $null $CrawlTopo | Set-SPEnterpriseSearchCrawlTopology -Active -ErrorVariable err if ($CrawlTopo.State -eq "Active") { $err = $null } Start-Sleep -Seconds 10 } until ($err -eq $null)
# 10.Create a new Query Topology. write-host 10.Create a new Query Topology. $QueryTopo = $SearchApp | New-SPenterpriseSEarchQueryTopology -partitions 1
# 11.Create a variable for the Query Partition write-host 11.Create a variable for the Query Partition $Partition1 = ($QueryTopo | Get-SPEnterpriseSearchIndexPartition)
# 12.Create a Query Component. write-host 12.Create a Query Component. New-SPEnterpriseSearchQueryComponent -indexpartition $Partition1 -QueryTopology $QueryTopo -SearchServiceInstance $SSI
# 13.Create a variable for the Property Store DB. write-host 13.Create a variable for the Property Store DB. $PropDB = $SearchApp | Get-SPEnterpriseSearchPropertyDatabase
# 14.Set the Query Partition to use the Property Store DB. write-host 14.Set the Query Partition to use the Property Store DB. $Partition1 | Set-SPEnterpriseSearchIndexPartition -PropertyDatabase $PropDB
# 15.Activate the Query Topology. write-host 15.Activate the Query Topology. do { $err = $null $QueryTopo | Set-SPEnterpriseSearchQueryTopology -Active -ErrorVariable err -ErrorAction SilentlyContinue Start-Sleep -Seconds 10 if ($QueryTopo.State -eq "Active") { $err = $null } } until ($err -eq $null)
Write-host "Your search application $SSAName is now ready"
Configure Kerberos Authentication in SharePoint 2010
When configuring Kerberos with SharePoint 2010 you will be using IIS 7.0.
Integrated windows authentication is now handled in kernel mode and enabled by default. This technically was primarily for ease of use and performance boosts since auth is no longer happening in user mode. The problem is that Kernel mode authentication is not supported in SharePoint 2010. Kernel mode authentication is disabled by default in SharePoint 2010 so will not go into further detail.
The basic steps for enabling Kerberos in a web “SharePoint” farm is to specify the application pool identity for the associated web application. Then you need to create an SPN using setspn tool.
Farm scenario task:
Enable Kerberos for the following:
· SharePoint Web Application “Sharepoint – 80”
· Site is named contoso.com
· Web Application is using domain account, ”contoso\farmadmin”, as application pool identity.
Step 1: Setting useAppPoolCredentials to true in application.config file.
The first step is setting the useAppPool Credentials to true in application.config file for the associated web site.
In this example, I want to set this attribute on my “SharePoint – 80” web application:
Locate the application.config file in the following dir:
c:\windows\system32\inetsrv\config\
When you open application.config host file with notepad you will see something like this for web application “WebApplicationName”:
<system.webServer> <security> <authentication> <windowsAuthentication enabled="true" </authentication> </security> </system.webServer>
A.) Run appcmd and set useAppPoolCredentials attribute to true for the associated web application.
Appcmd set config “SharePoint - 80” /section:windowsauthentication /useAppPoolCredentials:true /commit:MACHINE/WEBROOT/APPHOST
Now checking application.host config file you should see the following for the associated web application:
<system.webServer> <security> <authentication> <windowsAuthentication enabled="true" useAppPoolCredentials="true" /> </authentication> </security> </system.webServer>
Step 2: Set SPN
SPN is required to map the service/host name to the Application Pool identity.
A.) Install SPN from the following location:
http://www.microsoft.com/downloads/details.aspx?familyid=5fd831fd-ab77-46a3-9cfe-ff01d29e5c46&displaylang=en
B.) From cmd prompt, run the following cmd:
Setspn.exe –a http/contoso.com contoso\farmadmin
Note: Run setspn from a member server and not a domain controller :)
Step 3: Trust the service account for delegation
A.) Launch Active Directory Users and Computers
B.) Locate account running as the application pool identity
C.) Go to properties on the account, select delegation tab
D.) Select “Trust this user for delegation to any service (Kerberos only)
Step 4: Enable Kerberos on the Web Application
A.) Launch Central Admin and select Application Management
B.) Select Manage Web Application and choose the appropriate web application
C.) From the ribbon, select Auth Providers
D.) Select the associated zone and enable Negotiate (Kerberos) and save
Step 5: Verify that Kerberos authentication is working
A.) Go to the security log on the WFE
B.) Filter on all Event ID’s 4624’s
In the above event, you can see the logon process is using Kerberos. If you scroll up on the event further, you can also get the source computer as well as user account used to log in. It’s easier to filter on this event with the logon account to confirm on a high traffic server.
I’m checking in as it’s been awhile since I’ve posted anything. I’m currently a beta rotational engineer supporting SharePoint 2010. I’ve been so wrapped up in supporting the new product in it’s early stages that I haven’t had a lot of time to post on 2007. I’ll be providing an ample amount of blog post on SharePoint 2010 so feel free to check back at a later date.
Next week, I’ll be attending the SharePoint conference Oct 19-22nd in Vegas and will be available via the CSS booth in the exhibition hall. Stop by and say hello and feel free to ask questions.