Creating VSS snapshots on Windows 2003 Server.

January 15, 2009 at 4:36 pm (windows) (, , , )

At work, I recently was chosen to be the administrator for a new SAN system that we are purchasing.  I intend to do a full article at some point about this product once it is installed.  For now, I will just tell you that it runs on CentOS and is called FalconStor.  Anyhow, while I was in initial technical training on this system we began a discussion about how to correctly backup windows systems, especially servers.  The major issue with backing up MS OSes is how to acquiesce all applications running on the system.  What I mean by this, is making the system right all data that is in flight to the disk and freezing it.

Microsoft has created an interesting mechanism to make this task more managable.  It is called Volume Shadow Service.  I suggest reading theese two documents first to get an introduction to what the service is and how it works:

Essentially, when you create a a snapshot using VSS the following highly summarized steps occur:

  1. VSS sends a signal to all apps that have been registered as WritersWriters are applications that are writing data to disk in such a way that there might be in flight data.  Each of these writers have a different method of acquiescing it’s data.  For instance, the file system will flush all of it’s buffers to disk.  Another example of a writer is MS SQL server.
  2. Each writer will signal back to the VSS manager once it’s data is in a acquiesced state.
  3. Once all writers have checked in, a Copy on Write snapshot is created.  This snapshot is essentially a frozen image of the data.  This COW snapshot is only updated with differential data.
  4. The VSS manager will wait until it knows that the COW snapshot has successfully been created.
  5. Finally, the VSS manager will notify all writers that they can now un-acquiesce their data.  Essentially, this will thaw out the data and let whatever was being buffered, be written to disk.
  6. All operations have now been completed and a COW based snapshot now exists.

All applications written for the Microsoft platform are supposed to utilize the VSS sub-system for acquiesceing it’s data.  Therefore, the only way to acquiese data on a MS OS is to use VSS.  The reader of this article who has been paying attention will notice something at this time in relation to Microsoft backup software.  Many software companies that sell backup tools for the Microsoft platform also sell little applications called ‘Agents’.  Such as ‘Agent for Open Files’.  It should now be clear that the only way that these applications could be working, is by creating a VSS snapshot and then backing up from that.  Therefore, it would appear that you really don’t need these agents.  One could simply write some scripts that would be lauched using the pre and post script starters of your backup software that could handle this task.  The scripts would simply create the snapshots when needed and delete then when the backup is done.

How would one access the the snapshot though?  How do you actually get at that volume?  The VSS snapshot is not normally exposed as a drive.  However, you can install the tool vshadow.exe from the VSS SDK pack.  More information about this SDK can be found here.  This tool will allow you to create snapshots and manage them in a variety of ways.  One of the more useful functions of this tool, is that it will allow you to expose a VSS snapshot as either a drive letter or a mount point.  This is excellent for scripting, because now you can create a persistent VSS snapshot and mount it as a drive and copy things off of it…like perhaps a backup.

Lets do a few examples of this process.  Before you can try this out, you must install the VSS SDK as discussed above.

Now run:

vshadow.exe -p c:

This will create a persistent VSS snapshot of the C drive.  There are two types of VSS snapshots: 1) Persistent  2) Temporary.  The default type of snapshot to be created is temporary.  Windows XP is only capable of making temporary snapshots.  This means that an application can request that a snapshot be created.  Once it is created, the VSS system will notify the application of the Global Root ID of the snapshot volume.  The application will then access that volume and process it however it wanted to.  Once the application is done processing the data, it will then notify the VSS system it is done.  The VSS system will then stop holding open the snapshot and it will be destroyed.  In Windows 2003 the concept of a persistent snapshot was introduced.  This is where a snapshot can be requested and it will remain in existence, even when there is no application still attached to it.  We want a persistant snapshot, so we provide the -p argument.

You will now see some output that looks similar to this:

VSHADOW.EXE 2.2 - Volume Shadow Copy sample client
Copyright (C) 2005 Microsoft Corporation. All rights reserved.

(Option: Persistent shadow copy)
(Option: Create shadow copy set)
- Setting the VSS context to: 0×00000009
(Gathering writer metadata…)
(Waiting for the asynchronous operation to finish…)
Initialize writer metadata …
Discover directly excluded components …
- Excluding writer ‘MSDEWriter’ since it has no selected components for restore.

Discover components that reside outside the shadow set …
Discover all excluded components …
Discover excluded writers …
Discover explicitly included components …
Verifying explicitly specified writers/components …
Select explicitly included components …
* Writer ‘System Writer’:
- Add component \System Files
* Writer ‘Event Log Writer’:
- Add component \Event Logs
* Writer ‘Registry Writer’:
- Add component \Registry
* Writer ‘COM+ REGDB Writer’:
- Add component \COM+ REGDB
* Writer ‘WMI Writer’:
- Add component \WMI
Creating shadow set {97147285-295c-4112-ac7b-365a667c62e8} …
- Adding volume \\?\Volume{4910a320-7ecf-11db-8356-806e6f6e6963}\ [C:\] to the s
hadow set…
Preparing for backup …
(Waiting for the asynchronous operation to finish…)
(Waiting for the asynchronous operation to finish…)
Creating the shadow (DoSnapshotSet) …
(Waiting for the asynchronous operation to finish…)
(Waiting for the asynchronous operation to finish…)
Shadow copy set succesfully created.

List of created shadow copies:

Querying all shadow copies with the SnapshotSetID {97147285-295c-4112-ac7b-365a6
67c62e8} …

* SNAPSHOT ID = {647617de-d55b-45c5-a087-74f0143cbffa} …
- Shadow copy Set: {97147285-295c-4112-ac7b-365a667c62e8}
- Original count of shadow copies = 1
- Original Volume name: \\?\Volume{4910a320-7ecf-11db-8356-806e6f6e6963}\ [C:
\]
- Creation Time: 1/14/2009 1:52:16 PM
- Shadow copy device name: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5
- Originating machine: mymachine.mydomain.com
- Service machine: mymachine.mydomain.com
- Not Exposed
- Provider id: {b5946137-7b9f-4925-af80-51abd60b20d5}
- Attributes: No_Auto_Release Persistent Differential

- Mark all writers as succesfully backed up…
Completing the backup (BackupComplete) …
(Waiting for the asynchronous operation to finish…)
(Waiting for the asynchronous operation to finish…)

Snapshot creation done.

The important line to pay attention her is the one called SNAPSHOT ID.  This is the ID number of the snapshot that was just created.  You will need this to expose this volume as a drive letter or a mount point.

You can verify that that the snapshot has been created by running this command:
vshadow.exe -q

At this point you are ready to expose the snapshot as either a drive letter or a mount point.
vshadow.exe -el={18b93c57-ca61-467d-abc4-d4fa19559ded},m:\mypoint

This will expose the snapshot with the ID string that is in the braces on the mount point of M:\mypoint.  This command can also be used to just mount it on a drive letter that is currently not in use.  To do this, just put the drive letter of choice and colon as the second argument:
vshadow.exe -el={18b93c57-ca61-467d-abc4-d4fa19559ded},X:

Next, you might wonder how you can un-expose a snapshot volume from a drive letter or mount point.  I have not been able to find a way to do this, while keeping the snapshot in tact.  The only way that I have found to do this is to delete the snapshot itself.  If you can figure out a way to keep the snapshot while un-exposing it, please post the solution as a comment to this article.

This command will delete that snapshot volume and remove the drive letter or mount point:
vshadow.exe -ds={18b93c57-ca61-467d-abc4-d4fa19559ded}

That should be enough information to get you started with VSS snapshots.  This information should help the skilled SysAdmin take better control of backing up the Windows Server 2003 servers that he is tasked to work with.  There are many other features of VSS that seem like they would be interesting to explore, such as transportable snapshots, etc.  I hope to look more into it in the future.

About these ads

11 Comments

  1. Chip said,

    You can delete a drive letter using SUBST, as in
    SUBST X: /d

  2. Joe said,

    If robocopy is interrupted when copying exposed shadow copy it can leave the exposed drive mounted which causes other robocopy jobs to copy data from an old job. If you look in explorer you will see the drive with old data exposed. To delete exposed shadow copy drive export results of vshadow -q (ie. vshadow.exe -q >c:\vshadowdriveletter.txt) to a text file and do a find for for drive letter used to expose drive. This will give you the snapshot ID to use with the delete command vshadow.exe -ds=. Subst X: /d doesn’t work to delete the snapshot drive on server 2003

    • Darrin said,

      don’t use SUBST use vshadow -ad

  3. Peter Barganski said,

    I can’t mount the Snapshot using vshadow.exe – get error:

    (Option: Expose a shadow copy)
    - Setting the VSS context to: 0xffffffff
    - Exposing shadow copy {bf87156c-899e-4a1e-9868-92b5f4e00e44} under the path ‘t:’

    ERROR: the snapshot ID identifies a Client Accessible snapshot which cannot be exposed

    C:\Scripts>

    Any ideas anyone?

  4. Joe said,

    For unexposing a snapshot: http://msdn.microsoft.com/en-us/library/aa382233%28VS.85%29.aspx

    also the server 2008 R2 tool, diskshadow has an unexpose command.

  5. charanjit said,

    I would like to know , what is inside the snapshot , is it a reference to data on the drive. or if its data , then why it gets created very fast , and it is very small

  6. Juan said,

    I have developed a method to access the ShadowCopies and delete it when unexposed in Windows 2003.

    You can create the shadow via vshadow.exe, vssadmin.exe or via System GUI.

    Once you have created it, you need to know the Shadow Copy Volume Name which is in the format: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopyXXX

    You will also need dosdev.exe utility, i have tested it with the one contained in mpsreports_x86.exe (Microsoft Product Support Records: http://www.microsoft.com/downloads/en/details.aspx?FamilyId=CEBF3C7C-7CA5-408F-88B7-F9C79B7306C0&displaylang=en)

    Steps:

    1.- Create shadow
    2.- vssadmin list shadows and find the name of the shadow
    3.- create an empty folder in the disk, example: e:\shadow1
    4.-dosdev X: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 (use the number of the Shadow you need to expose)

    at this point you have the ShadowCopy accessible under X: but ONLY in CMD window

    5.- linkd E:\shadow1 X:

    Now you can see it in windows explorer under the junction point E:\shadow1

    Once you finish with whatever you need to do with the ShadowCopy

    6.- linkd E:\Shadow1 /d

    This will remove the Junction AND the directory E:\Shadow1, but the ShadowCopy is still exposed under X:

    7.- dosdev -r -d X:

    Now the Shadowcopy is unexposed, you can check it is still around withcommand vssadmin list shadows

  7. Juan said,

    There is a typo in 4:

    4.-dosdev X: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\

    The last backslash has to be there in order to work.

    Also I forgot to say that linkd.exe comes with Windows 2003 Resource Kit Tools (http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en)

  8. Glooch said,

    Hi, you can use “mountvol” cmd tool. On 2003 Server works good.

  9. Ben said,

    You don’t need to assign a drive letter as an intermediate step, you can link directly to the shadow volume device.

    Use the -script=shadow_info.cmd argument to get the Device name of the shadow.

    MKLINK.exe /D c:\$SHADOW$%SHADOW_ID_1% %SHADOW_DEVICE_1%

    Will create a symlink to the shadow copy called c:\$SHADOW${GUID}. You can specify whatever name you like, of course.

    Once you have done that you can access it as if it was a normal directory, except it wil lp

  10. Samiul Sheikh Jahid said,

    GSCopy Pro v6.0 (RoboCopy Alternative) with Open File Agent
    GSCopyPro is a single command-line tool (CLI) that can copy, replicate and move files from one folder to another. This folder can be on the same machine/ server or another server elsewhere. What makes GSCopyPro stand out from other competitors is the fact it works on 32-bit as well as 64-bit systems and has no restrictions. It can easily be scheduled to run as a scheduled task and fully automated. GSCopyPro also comes with an open file agent which can copy files that are locked/ opened by other processes. This feature is supported in all windows versions from widows XP/ 2003 and later.
    Go To:>> http://www.gurusquad.com/GSCOPYPRO

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: