11 January 2012

TMG configuration backup automation - Part I

Having backups of your configurations are essential.  The configuration is kept in various places depending on the deployment size.  Regardless of the built in redundant configuration stores, you still need to keep backups.  You either need to backup manually regularly or automate the backup process with a script.


The following script allows you to backup and import the array level configuration.  I use this for backing up array level configuration, but my personal preference would be to use the GUI for doing the import and restore.



'  TMG Array Configuration Backyp Script
'
'  Original from http://msdn.microsoft.com/en-us/library/dd435786.aspx
'
'  Changed by Etienne Liebetrau  - http://fixmyitsystem.com to append the date
'  to the export file name
'
' Usage cscript exportimport.vbs e backup
 

Sub ImportExport()
    ' Define a constant to indicate that no optional 
    ' data will be exported or imported.
    Const noOptionalData = 0
    If WScript.Arguments.Count <> 2 Then
        WScript.Echo "Error: Invalid number of parameters." & vbCrLf & _
                     "Syntax:" & vbCrLf & _
                     "ImportExport {e | i} filename"
        Exit Sub
    End If
    'Declare the objects needed
    Dim root      ' The FPCLib.FPC root object
    Dim isaArray  ' An FPCArray object
    localDate = FormatDateTime(date(), 1)
    
    ' Create the root object.
    Set root = CreateObject("FPC.Root")
    ' Get a reference to the array object. 
    Set isaArray = root.GetContainingArray()
    If WScript.Arguments(0) = "e" Then
       WScript.Echo "Exporting the configuration of the " & _
                     isaArray.Name & " array object to " & _
                     WScript.Arguments(1) & " " & localdate & ".xml" & " ..."
      ' Export the array configuration to the XML document.
      ' Notice that values are not specified for the 
      ' optional parameters.
      isaArray.ExportToFile WScript.Arguments(1) & " " & localdate & ".xml",noOptionalData
      WScript.Echo "Exporting was completed successfully."
      WScript.Quit
    End If
    If WScript.Arguments(0) = "i" Then
      WScript.Echo "Importing the configuration from " & _
                    WScript.Arguments(1) & " to the " & _
                    isaArray.Name & " array object ..."
      ' Import the array configuration from the XML 
      ' file specified. Notice that values are not 
      ' specified for some of the optional parameters.
      isaArray.ImportFromFile WScript.Arguments(1),noOptionalData,,,True
      WScript.Echo "Importing was completed successfully."
    End If
End Sub
ImportExport



This script is originally from http://msdn.microsoft.com/en-us/library/dd435786.aspx

One thing to note the export is done with the  noOptionalData flag set.  This means that when doing the import you cannot select the option to "Import server-specific information"



If you do you will get the following error:
Import failed
Error: 0xc0040341



An XML DOM document object that was exported without the fpcExportImportServerSpecific flag set cannot be imported with the fpcExportImportServerSpecific flag set.


The error occurred on object 'GUEST' of class 'Array' in the scope of array 'GUEST'.

Given that the scripted backup is not as complete as a manual backup I would still recommend doing those periodically.  Think of the manual export as a full backup and the  scripted backup as an incremental backup.

** Update **

I have also FINALLY managed to figure out how to export the additional "check boxes" that are available in the GUI.



Export Confidential information relates to a hex value of 1 for the FpcExportImportOptionalData flag
Export User permissions settings relates to a hex value of 2

The fpcExportImportServerSpecific flag mentioned above has a hex value of 4

Here is the list from http://msdn.microsoft.com/en-us/site/aa490382


fpcExportImportPasswords (0x00000001)
The optional data includes encrypted secret data, such as passwords or shared secrets that are used to create digital signatures for authenticating to RADIUS servers.
fpcExportImportUserPermissions  (0x00000002)
The optional data includes the security roles assigned to delegated administrators. The delegated administrators are identified by the security identifiers (SIDs) of their user accounts, which are included in this optional data. These SIDs, which are relevant to the workgroup or domain of the exporting computer, are not necessarily relevant to that of the importing computer.
fpcExportImportServerSpecific  (0x00000004)
The optional data includes server-specific information, which consists of cache drive settings and SSL certificates.


When exporting with the following line from the script you have some options


isaArray.ExportToFile WScript.Arguments(1) & " " & localdate & ".xml",noOptionalData


You can remove the noOptionalData and replace it with the individual hex values.


isaArray.ExportToFile WScript.Arguments(1) & " " & localdate & ".xml",2+4


If you use fpcExportImportPasswords you also need to specify a password


isaArray.ExportToFile WScript.Arguments(1) & " " & localdate & ".xml",1+2+4, "mypassword"


Or you can add them up


isaArray.ExportToFile WScript.Arguments(1) & " " & localdate & ".xml",7, "mypassword"




So the updates script that exports all the check boxes and specifies the password would be


'  TMG Array Configuration Backyp Script
'
'  Original from http://msdn.microsoft.com/en-us/library/dd435786.aspx
'
'  Changed by Etienne Liebetrau  - http://fixmyitsystem.com to append the date
'  to the export file name and exports all the configuration for an Array
'
' Usage cscript exportimport.vbs e backup
 

Sub ImportExport()
    ' Define a constant to indicate that no optional 
    ' data will be exported or imported.
    Const noOptionalData = 0
    If WScript.Arguments.Count <> 2 Then
        WScript.Echo "Error: Invalid number of parameters." & vbCrLf & _
                     "Syntax:" & vbCrLf & _
                     "ImportExport {e | i} filename"
        Exit Sub
    End If
    'Declare the objects needed
    Dim root      ' The FPCLib.FPC root object
    Dim isaArray  ' An FPCArray object
    localDate = FormatDateTime(date(), 1)
    
    ' Create the root object.
    Set root = CreateObject("FPC.Root")
    ' Get a reference to the array object. 
    Set isaArray = root.GetContainingArray()
    If WScript.Arguments(0) = "e" Then
       WScript.Echo "Exporting the configuration of the " & _
                     isaArray.Name & " array object to " & _
                     WScript.Arguments(1) & " " & localdate & ".xml" & " ..."
      ' Export the array configuration to the XML document.
      ' Notice that values are not specified for the 
      ' optional parameters.
      isaArray.ExportToFile WScript.Arguments(1) & " " & localdate & ".xml",
7, "mypassword"
WScript.Echo "Exporting was completed successfully." WScript.Quit End If End Sub ImportExport

The resultant xml file is nearly identical to the full GUI export but they to not match 100% as an example my lab test machine exports are the following

Exporting with the GUI = 16 218 619 bytes
Export with the script above = 16 174 434 bytes

So I would still use a full GUI export as the full backup and treat the scripted ones as the last incremental.

Some additional info
If you check the exported XML file form the GUI you will see the following line

   <fpc4:OptionalData dt:dt="int">15</fpc4:OptionalData>

This is of course different to the value of 7 the script uses.  The reason is that there is an additional option


fpcExportImportEnterpriseSpecific (0x00000008)
The optional data includes information that is specific to ISA Server Enterprise Edition (available only in ISA Server Enterprise Edition).

If you add up the hex values you get F which converted to decimal is 15

You can export the enterprise configuration as follows


'  TMG Array Configuration Backyp Script
'
'  Original from http://msdn.microsoft.com/en-us/library/dd435786.aspx
'
'  Changed by Etienne Liebetrau  - http://fixmyitsystem.com to append the date
'  to the export file name and exports all the configuration for EMS only
'
' Usage cscript exportimport.vbs e backup
 

Sub ImportExport()
    ' Define a constant to indicate that no optional 
    ' data will be exported or imported.
    Const noOptionalData = 0
    If WScript.Arguments.Count <> 2 Then
        WScript.Echo "Error: Invalid number of parameters." & vbCrLf & _
                     "Syntax:" & vbCrLf & _
                     "ImportExport {e | i} filename"
        Exit Sub
    End If
    'Declare the objects needed
    Dim root      ' The FPCLib.FPC root object
    Dim isaArray  ' An FPCArray object
    localDate = FormatDateTime(date(), 1)
    
    ' Create the root object.
    Set root = CreateObject("FPC.Root")
    ' Get a reference to the Enterprise object. 
    Set isaArray = root.Enterprise
    If WScript.Arguments(0) = "e" Then
       WScript.Echo "Exporting the configuration of the " & _
                     isaArray.Name & " array object to " & _
                     WScript.Arguments(1) & " " & localdate & ".xml" & " ..."
      ' Export the array configuration to the XML document.
      ' Notice that values are not specified for the 
      ' optional parameters.
      isaArray.ExportToFile WScript.Arguments(1) & " " & localdate & ".xml",
15, "mypassword"
WScript.Echo "Exporting was completed successfully." WScript.Quit End If End Sub ImportExport


This will export a fairly small file.  You would also need to export each array's config.


Check out Part 2 http://fixmyitsystem.com/2012/01/tmg-configuration-backup-automation_13.html on how to do this for multiple arrays with a single script.



5 comments:

Jason Jones said...

Did you specifically want to use the noOptionalData flag? If not, I can post how to enable the checkboxes for the optional elements...

Etienne Liebetrau said...

Hi Jason

Please do!

Also - I have been trying to get an Enterprise backup script going but no proper backup yet. If you have can you share please.

Et

da84tona said...

This article was immensly helpful! Thank you Jason!

da84tona said...

This article was immensly helpful in creating a scripted backup for our TMGs! Thank you sir!

Anonymous said...

Hi Jason,

Very usefull the article, how can I use the script to import configuration in a new server?

Alessandro Proenca

Post a Comment