Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

WinXP Pro SP3 ntbackup issues 3

Status
Not open for further replies.

usanzac

MIS
May 13, 2009
8
US
I'm here because the thread I attempted to attach as a URL to this post provided the most information of near a hundred links I investigated to determine the problem at hand and it was recent.

As per that thread, at least to begin with, ntbackup.exe fails whether run from the GUI or the command line. There is evidence that a process starts but it fails almost immediately. There are no obvious errors and no event log entries.

All the suggestions in the attached thread have been attempted as well as some investigation of apparently pertinent registry keys for which I can find precious little specific information in the public domain.

Other potentially salient information:

- ntbackup.exe worked just fine when directed to backup to an external drive connected to a server on the same network.

- the external drive morphed into a doorstop and was replaced.

- in the process of all of this, the replacement external drive was connected to a different server and associated with a different drive letter on the machine for which backups are now no longer working

- also during this time, a multi-card reader was connected to the machine for which backups are no longer working. (It has since been disconnected)

- The backup software choice is not an option and I have little previous experience with it in deference to better products out there (this is not my machine we are trying to fix.)

I'm interested in all helpful comments but the questions foremost on my mind at this point are as follows:

1. Where the heck are the relevant registry keys documented? (I did try changing the "...\Ntbackup\Hardware\Logical Disk File" key values to a valid destination but that made no difference)

2. How do I get something more out of ntbackup either in terms of event log entries or, shock, horror, an actual error message? Registry key "...\Ntbackup\Logging\Log Level" perhaps? (Current value 4...whatever that means)

3. If all else fails, what do I need to do to get this crap working the way it was before? I know I can reinstall it but I don't know if I can/should change or delete the entire registry key root before I do so. Again, no information that I can find in the public domain.

Many thanks in advance for any help, particularly anything I haven't already read (saves time :) .)
 
Wow - too much information, almost. You have a problem that isn't related to registry keys if the NTBACKUP won't even launch. Try disconnecting everything not necessary (external drives, card readers, etc., etc. just for testing).

Answer the basics for me.

1. If you go to START RUN NTBACKUP - does it launch in regular mode?? In safe mode???

2. Have you done a malware scan using MalwareByte's Anti-Malware just to be sure??

3. Have you done a SFC /SCANNOW to verify system file versions?

4. Have you done a CHKDSK just to be sure things are OK?


Backup logs should be here (substitue XXX for YOUR user name) C:\Documents and Settings\XXX\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data
 
Thanks for your post, goombawaho! You do some great work here and I appreciate your response. In spite of limited access to the machine at hand, I performed all the steps you laid out. I thank you for the reminder about SFC. Always a good thing to try. And MalwareByte is my new favorite anti-malware tool; found something that none of the plethora of tools I use couldn't find; a little annoying creep called "Micro Antivirus" which probably explains a fast-flashing dialog that other tools were suppressing and now seems to have disappeared.

To your specific suggestions:

1. NTBACKUP does not run, period. Even NTBACKUP /? does nothing no matter what; normal mode, safe mode, you name it.

2. Malware; see above. No change to other results as a result of cleansing.

3. SFC ran for a long time but reported nothing which I assume means all is well.

4. Basic CHKDSK completed but said it wasn't able to "complete" so I'm going to run the complete CHKDSK overnight and see what happens. Not sure I can see why that might explain the behavior of NTBACKUP (especially NTBACKUP /?) but who knows, right?

The last ten ntbackup logs are on disk where they should be and indicate normal behavior, more or less. That is they pertain to the backup WD external drive which went bad and has been removed, before all this craziness began.

I will report back tomorrow. Many thanks again.
 
Where are you launching NtBackup from? Is it a Shortcut on the Desktop or in the Start Menu Programs link? Have you tried clicking on the actual .exe in the System32 folder? Have you tried copying the .exe to a different folder and running it from there? What about Renaming the copied .exe to something else other than NtBackup.exe, perhaps xxxx.exe, or .com, or .bat. This might get it to run, or might at least supply you with a relevant error message as to why the program is failing to launch.
 
Check event log for error messages after 1. completing the CHKDSK and 2. doing what Linney says.

If you can't get chkdsk to run. Create a BartPE CD and boot from that. Go to command prompt and run it against the C: drive. X:\bartpeblahblah chkdsk c: /f

I hope there's something in the event log that might help.

Try copying the ntbackup.exe file from another similar (service pack level) machine and see if it will run.
 
Well, I would run chkdsk with the /r switch and let it run. This will require a reboot. If standard chkdsk failed to complete, your hdd has issues. This may be why ntbackup won't run. Also, did you reconfigure the backup device (your op stated the external drive died and was replaced).
By any chance is there a config file you can look at (vs not finding the system registry entries)?


Now I remeber why I hated ntbackup....Always thought it was a pain in the butt to use.
 
OK, chkdsk (on boot) completed overnight and fixed a few orphaned index entries and security descriptors.

Code:
Cleaning up minor inconsistencies on the drive.
Cleaning up 352 unused index entries from index $SII of file 0x9.
Cleaning up 352 unused index entries from index $SDH of file 0x9.
Cleaning up 352 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

linney: I have tried to run ntbackup.exe every way I know how, including:
[ul]
[li]Start -> All Programs -> Accessories -> System Tools -> Backup[/li]
[li]Hard Disk Properties -> Tools -> Backup[/li]
[li]\Windows\system32\ntbackup[/li]
[li]Start -> Run -> ntbackup.exe[/li]
[/ul]

Per your suggestion, I copied \Windows\system32\ntbackup.exe to C:\fred.exe but that produced the same results.

goombawaho: CHKDSK ran fine, as above. I checked Event Viewer before, after and during all the above scenarios and see nothing of relevance there.

Along the lines of your suggestion, I copied ntbackup.exe from another machine where it is working but that didn't work. Even more interestingly, I copied ntbackup.exe from the machine where it is not working to a different machine and it ran fine on the other machine.

PRPhx: The replacement backup device is in situ and working fine (from the "My Computer" point-of-view). Not sure what you mean about a config file. Alternatively, which one do you mean? I too share your dislike of this "Utility".

I am going to contrast registry entries between the two machines I have been playing with and see if anything jumps out there.

I also have a feeling that the NtmsData directory has something to do with this. One interesting difference between the machine where it is not working, in comparison to the one that is, is an additional file that gets created, when I force the directory to be rebuilt from scratch. The file name is NTMSJRNL and the contents indicate it is an NTMS Database Journal File ... for what that's worth.

Is there anything I can do to verify the Remote Storage and Volume Shadow Copy services are working correctly?

Many thanks to all ... I'm stubborn but determined!
 
You could try repairing windows by running it over itself. You will lose all your windows updates but your files will be untouched.

How to Perform an In-Place Upgrade (Reinstallation) of Windows XP (Q315341)

Undocumented Ntbackup Registry Keys


 
I would do what you were thinking - deleting the backup database BEFORE doing anything more drastic.

%SystemRoot%\Documents and Settings\YOURACCOUNT\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\catalogs


Did you try creating another user with ADMIN equivalency and try to run it from that user.

This is weird!!!!
 
linney: Thanks for the links. I'm not inclined to do an in-place upgrade at this point. I did, however, download a fresh ntbackup.msi and install it. No dice.

I did go through the various ntbackup subkeys in the registry and make changes to match them to that on a working system. Again, no dice.

I'm inclined to delete all ntbackup subkeys and reinstall ntbackup.msi but haven't done so yet.

goombawaho: I deleted the catalogs which is safe to do for what I am doing but that didn't help.

I also created a new administrative user, fred, and switched to that user to run ntbackup. Yep, you guessed it; didn't work.

Yes, it is weird. Playing to what appears to be OCD on my part, I ran WinDBG with the relevant Windows Symbol set. I will be honest, I'm not all that comfortable with WinDBG so I'm going to reach out to you all and ask how I should set it up to debug ntbackup to determine exactly where the point of failure is in the hope that this will narrow this down further.

I also messed around with Remote Storage Management and even Volume Shadow Copy but nothing jumped out at me there.

Again, even ntbackup /? does nothing. If I'm looking at Task Manager's processes tab and keep executing the command until the process shows there, I see it appear and disappear. There is absolutely nothing displayed even then, and nothing anywhere in the event viewer.

I know we're scraping the bottom of the barrel here but all help is appreciated.
 
Been watching this thread for a while now, and since I did not have any other input then already given, I had not posted...

but now it seems that it is time for either Process Explorer or Process Monitor, found at the same site as the one posted last by Linney (click on Downloads) or this link...

I don't remember which one, or if both, will allow to record what is happening in the background when you run a program, e.g. what DLL's, Reg Keys get activated, etc. As it seems that, perhaps a crucial DLL may not be registered correctly, or it is missing a crucial REG KEY...

Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
I think you've spent enough cycles on this problem. Time for a reload. Your time isn't free after all.

Can you use an image of a similar machine to make things easier?
 
Resolved!!!

Thanks to everyone who has offered anything here. Every link and suggestion has been of some merit. Ultimately, it was BigBadBen's suggestion that led directly to the answer.

I downloaded Process Monitor on the affected machine and a similar machine where ntbackup was working fine. Then, filtering on events with a process name of ntbackup.exe, I found ntbackup failed right after an unsuccessful search, in the registry, for PowerCfg (HKCU). I exported both the HKCU and HKLM PowerCfg subkeys from the working machine, imported them into the registry on the failing machine and ntbackup appears to be working again.

In this case, I know there has been some problems with the Power Schemes application (Lenovo Thinkvantage) and I'll mess with that next. However, there is still clearly a fault within ntbackup.exe wherein it does not correctly handle an exception when this PowerCfg-related registry information is unfound.

I commend [link technet.microsoft.com/en-us/sysinternals/bb896645.aspx]ProcessMonitor[/url] to you when you get to the point of needing to figure out what something is doing at the point-of-failure and no other diagnostics are available.

Again, thanks to all for your time and help.
 
You mean Process Explorer and I use it all the time. That was a bizarre interaction to cause a problem.

Glad you didn't give up as I suggested.
 
[link technet.microsoft.com/en-us/sysinternals/bb896653.aspx]Process Explorer[/url] is different to [link technet.microsoft.com/en-us/sysinternals/bb896645.aspx]Process Monitor[/url] though also quite useful in its own right. Where Process Explorer focuses on files in real-time, Process Monitor is an event-by-event history monitor, capturing all file, process, thread and registry-related events.

It was the registry related event (looking up power configuration registry data - and this has what to do with backing up files???) that ultimately led to resolution.

It may have well been my last roll of the dice but the whole exercise has value from an educational perspective.
 
and this has what to do with backing up files???
I think that NTBACKUP looks to see if the PC/Laptop is running on batteries before it begins it's function...

I am assuming that it is to prevent that a backup fails when the power goes out...



Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top