NetWare Server Swap Procedure

I suggest you print this procedure out and study it carefully. With proper preparation, you use NWCopy to upgrade file servers with multi-gigabyte volumes onto new hardware with only an hour or two downtime needed—many hours of downtime less than the conventional tape backup and restore method.

Objective
Overview
Procedure
Notes

Objective

To establish a standard method for performing a NetWare 4.x/5.x/6.x file server hardware swap. This is not a disaster recovery procedure but a way of performing a controlled hardware upgrade. These instructions assume that the server contains volumes SYS and VOL1. Adjust accordingly for your environment. Note that if you are running this procedure on a NetWare 5.x/6.x server, where the procedure refers to INSTALL.NLM or DSMAINT.NLM, you use NWCONFIG.NLM instead.

Overview

The major steps in the procedure are:

  1. Prepare the new server
  2. Take a snapshot of the file system trustee rights on the old server
  3. Copy files from the old to the new server
  4. Save NDS on old server to file
  5. Transfer NDS file to new server
  6. Down old server
  7. Rename new server to old; remove NDS, down and reboot
  8. Restore NDS from file copied from old server
  9. Restore file system trustee rights from shapshot.

Procedure

You will need a 32-bit Windows workstation with the Novell client and with the TRUSTNDS and NWCOPY utilities installed.

  1. Configure new server hardware and install NetWare. The server should be installed with a temporary name and into a temporary NDS tree. Patch NetWare to current levels. Volumes should have the same name space support installed as the server being replaced.
  2. From the workstation, login to both your production tree and the temporary NDS tree as a user with administrative rights.
  3. From a workstation, run NWCopy and copy all of VOL1 excluding the DELETED.SAV directory and the VOL$LOG.ERR file in the root of the volume. Ensure that the "Copy NetWare file and directory attributes", "Copy inherited rights mask on files and directories", and "Retain file compression on supported media" boxes are checked, and that you use a log file and check the "Automatically answer prompts and error messages" box.
  4. For all steps beyond this point, you must have no users logged into the existing server, and have login disabled to prevent any user login. There can be a considerable time delay between steps 1—3 and all the following steps. I have actually performed steps 1—3 on one weekend and the rest of the procedure on the following weekend.
  5. At the old server console, unload all non-essential software (eg. Arcserve, Inoculan, Pserver, Managewise, Groupwise, etc) so that files are not in use and can be successfully copied to the new server.
  6. Map a drive to the old server, make this the current drive, and run TRUSTNDS /R /A from a Win32 command prompt. This will create a SYS:\TRUSTEES.BAT file on the server which contains the RIGHTS commands needed to recreate all the file system trustee rights and inherited rights masks. Copy this file to the root of SYS: on the new server. It is usually worthwhile opening this file in a text editor and viewing the trustee rights as a form of audit. It's surprising how many excessive trustee rights are sometimes found.
  7. From a workstation, run NWCopy and copy all of VOL1 excluding the DELETED.SAV directory and the VOL$LOG.ERR file in the root of the volume. In addition to the options you used previously, also use the "Only overwrite older files" option to copy only only new or updated files since the initial copy. Also use the "Copy and synchronize" mode of operation to remove files on the new server which have been deleted from the old server since the initial copy. Copying only the file changes in this manner is much faster than performing the entire file copy at this point, and reduces the downtime needed for the swapover to a fraction of what would otherwise be needed.
  8. From the workstation, run NWCopy and copy all of SYS except the SYSTEM directory. Make sure that you have the "Only overwrite older files" box check in the NWCopy options. Then transfer the SYSTEM directory selectively. For example, AUTOEXEC.NCF on the new server will probably contain commands specific to the hardware on that server; the PRODUCTS.DAT on the two servers may be different. (Note: steps 6—8 can be run concurrently).
  9. Run DSREPAIR on the old server to ensure that NDS is error-free. The old server must be able to successfully contact all other servers containing replicas of the NDS partitions on the server before you attempt the next step.
  10. Make sure you are logged into both servers, then at the old server console, load DSMAINT (NWCONFIG for NetWare 5.x/6.x) and select the "Prepare NDS for hardware upgrade" option. This saves NDS to SYS:SYSTEM\BACKUP.DS (BACKUP.NDS for NetWare 5/6) and leaves NDS not operational on that server (no-one can login to the server). Copy the BACKUP.DS file to the SYSTEM directory on the new server.
  11. Edit AUTOEXEC.NCF on the new server and ensure that all non-essential commands (Arcserve, Pserver, Compaq Insight Manager agents, Lprotect, Managewise etc.) are commented out at this stage. Edit the server name and internal IPX network number to be the same as they were on the old server.
  12. Down the old server.
  13. At the new server console, enter LOAD INSTALL -DSREMOVE, (for NetWare 5/6 use LOAD NWCONFIG -DSREMOVE) and under the Directory Services option, select "Remove Directory Services from this server". Answer all the warning messages until NDS has been removed.
  14. Reboot the new server so that it comes up with the same name as the old server.
  15. LOAD DSMAINT (or NWCONFIG) and select "Restore NDS following hardware upgrade".
  16. Exit DSMAINT, then LOAD INSTALL (or NWCONFIG), and under the Directory Services option, select "Upgrade mounted volumes into the directory".
  17. Exit INSTALL, then LOAD DSREPAIR and perform a full unattended repair.
  18. From a workstation, login to the new server and run SYS:\TRUSTEES.BAT to restore trustee rights.
  19. Uncomment any commented sections of AUTOEXEC.NCF and reboot the server to confirm correct operation.
  20. Login as a test user and confirm correct operation of applications, printing, etc.

Notes

  1. Once you have verified correct operation of the new server and of NDS on the new server, you should delete and purge the BACKUP.DS file from SYS:SYSTEM. This is because it contains a complete copy of NDS on that server, including the hashed user passwords, and an attacker who managed to get hold of a copy of this file could use it to launch a password attack.
  2. For a similar reason, once you are satisfied that all files were transferred to the new server, that it is running properly, and that you have a backup of it, you should erase the disks on the old server to remove all data from them.

Copyright © Nick Payne 1999