ColdFusion Muse

Working With Hive Files (Recovering From a Crash)

Mark Kruger November 1, 2005 12:28 PM Hosting and Networking Comments (0)

Did you ever have a truly catastrophic crash where you had to reinstall the whole operating system? If you work with servers this is particularly daunting. A server configuration is more than just the installation of programs. For example, one of our customers recently lost the system drive on a mail server. The hosting company reinstalled Windows 2000 on a new drive and we had to come up with a plan for getting Imail back up and running with over 200 domains. The prospect of calling so many users and reissuing so many passwords made us want to run out into the cold Nebraska night screaming (like we do whenever the Huskers lose to Oklahoma). We had to come up with an alternative plan.

Imail is a product by Ipswitch. Searching the support site I found a clear document that states that Imail stores its data in 2 places, the registry and the file system. We had the file system intact so no problem there, but how do we get at that registry information? Of course Imail provides for backing up the registry key for Imail, but this fine utility had never been used (needless to say it will be now - our oversight!). But wait - we had the old drive, what about finding and recovering the registry from the old hive file?

You may not know that registry is stored in files called "hive files". Unfortunately there really isn't any rhyme or reason to the names or extensions of these files. I know you might expect to find things like "hklocalmachine.hive" in the system32 directory but that's not how it works. When a Win2k server boots it actually opens hive files like "user.dat" and "software" and "system" and "users.sam". It takes those files and parses them, then creates the keys you are familiar with like 'HKEY_LOCAL_MACHINE' (HKLM). So first you have to know what you are looking for. In our case, we were looking for the key HKLM/Software/Ipswitch/Imail/. But before we recovered the key we had to find the right hive file, load it into something that could read it, and export it into a format that could be imported into the current HKLM Hive. Here are the steps we took.

Loading the Hive File

To load a hive file from an alternate or old installation you cannot use regedit. Instead you must use regedt32.exe. To use Regedt32 go to Start-->Run and type regedt32 and hit ok. Note: All the blather about the danger of editing the registry applies here - be careful that you know the impact of each step that you take. Select the top key of any hive and then go select "registry-->load hive" from the menu. The next trick is to find the file that contains the information you need. In our case we knew the it was the "software" key - so we went to the old drive's \WINNT\system32\config directory. This is the secret lab where you will find most of the hive stuff. The hives are generally the files without an extension. I found one there called "SOFTWARE" and I selected it. rededt32 asked for a key name and I put in "OLD_SOFTWARE". I now had a key called HKLM/OLD_SOFTWARE.

Finding and Saving the Old Key

Opening up HKLM/OLD_SOFTWARE I could see all the software keys from the previous installation of Win2k. I navigated to the "ipswitch" key and found the subkey called "Imail". I chose "registry-->save key" from the menu and saved it to my desktop as "Imail.sav" (the extension is not important). Now I was ready to import, but first to avoid confusion I selected the "OLD_SOFTWARE" key and deleted it.

Installing Imail and Pointing it to the Original Files

This is something you might not think of. The installation takes care of "other things" like service registration. So installing it will make sure you don't miss something. But if you restore the Imail key before you install Imail the key will simply be overwritten. Instead, I did the following:

  • Renamed the "imail" folder to "Imail_old" to save all the user mailboxes and settings
  • Installed Imail
  • Stopped the "imail" services (there are several)
  • Renamed the "new" imail folder (from the new installation) to something else (imail_new).
  • Renamed the "old" Imail folder (the one I really wanted) back to it's original name of "Imail". At this point The new installation of imail services is pointed to the original imail files.
Note: I did not start the Imail services yet. First, I wanted to restore the registry keys.

Restoring the Registry Key

Again Using RegEdt32, I opened the HKLM/Sofware/Ipswitch/ key. I saw the "Imail" subkey listed there, but it only contained it's default parameters. I made sure "Ipswitch" was selected (so I was putting the "Imail" sub key into the key "Ipswitch" where it belonged) and I chose "Registry-->Restore" from the menu. This opened the file dialog box. I browsed to my "imail.sav" file on the desktop and clicked on it. At that point the "old" registry settings replaced the new ones and my Imail installation was back to the way it was before the crash. I Restarted the services and Viola!! .. the Imail server lives!!

Summary

No, this is not something you want to do on a regular basis. However, in this case it took about a half an hour and saved our customer from configuring hundreds of users and having to call hundreds of people with new passwords. For that reason it was worth it.

  • Share:

0 Comments