Trinity Rescue Kit saves the day

Posted in Linux | Monday, January 14th, 2008 | Trackback

Linux

After I came back to work after the holiday, there were several mysterious system failures to investigate. The solutions ranged from the ridiculously simple (it was unplugged) to the arcane (no display, no boot-up, no beep codes). Unfortunately this last was on a fairly important machine used for software development in the engineering department. It took just a few minutes to eliminate most of the possible causes for this problem (tightening cables, unplugging USB devices, reseating memory, etc.) and I soon had the machine booting into Windows but the system process was running at 99% and it was basically unusable. The user claimed that there had been a Windows update on the last day before holiday and I suspected that the machine had been turned off in a rush mid-update (or there was some virus at work). I certainly couldn’t prove either yet, and it didn’t matter. trk.gifThe user notoriously forgets to check in code and it was imperative that I get all data off immediately and over to a working machine so work could continue, plenty of time for post-mortem after the user was back in business.

Normally I would just dump the hard drive into another machine and copy the data over directly, but I didn’t have a machine that I could afford to bring down at the time. Also the drive was IDE, and I would have to find a machine I could plug it into easily since most machines I have are SCSI or SATA now. I’d have to use a CD Rom cable on those, and then I’d probably end up wasting time with cables and jumpers as well as potential problems in Windows recognizing it, or drive letters… I just wanted to just boot up from a Live CD and copy the stuff off immediately to the laptop the user was going to use until I had the problem fixed.

I’ve used Knoppix Live CDs for many years to rescue data in this manner, but for some reason I was having trouble with it this time. I didn’t have a nice ssh program (like Filezilla) on the laptop, so I had just started the samba service in Knoppix. I had gotten about a third way through a copy oepration and it crapped out. Also the transfer was taking forever. I didn’t know what was going on, I just needed the data and i wasn’t going to get into a tangent investigation. I was considering how long it would take me to put the drive in one of the machines when I remembered a post I had read on the LILUG’s mailing list over the holiday. I hadn’t ever tried the Trinity Rescue Kit, but a quick read about it suggested it was just the kind of thing I needed. Whereas Knoppix is a full blown OS on a disc, TRK is a lean set of utilities to do those jobs that admins need to do - and more frequently when you have a bunch of Windows machines around.

I had the machine booted up with TRK and serving up the hard drive on the network in just a few minutes. I copied off the entire drive to the laptop and put the user back to work shortly thereafter (after a short lecture about checking in more often ;)

PS: It’s been some time since TRK saved the day, but I’ve tried TRK’s virus scanning abilities on a machine another co-worker brought in from home which was hobbled by viruses (why do they always blame their kids?) with less success - this is probably because I didn’t know what to expect and didn’t use it properly. The virus scanning took a *long* time, and eventually it found 90 virii on the machine. It supposedly saved these to a tarred gzipped file, but although the instructions said I would be given a change to delete these quarantined files, I was instead dumped to a command line. I didn’t know what to do next and shut down. The file was never saved to the disk, so I basically wasted time since they were all there upon reboot. TRK had helped identify the viruses, but not eliminate them. I ended up using some specific cleaning utilites targeted for the viruses involved, and then Windows didn’t work correctly anyway. TRK could have helped get the personal files off the machine, but these were properly backed up already anyway by the user, so that wasn’t needed. I’d really like to figure out how to use TRK to virus scan properly, though since my company has mandated no IE or Outlook (we use Firefox and Thunderbird now) we haven’t ever had a virus problem… well, once we did - when somebody decided they *had* to use IE anyway. That guy learned his lesson the hard way when I had to wipe the machine and he lost data :(

One Comment

  1. Nate Says:
    Comment posted on 2-23-2008

    So I finally got some time to look at the mystery problem machine yesterday. Strangely enough, the machine had decided to give up the ghost almost entirely - No output to the video card (no signal) and I wasn’t getting any beep codes at start up at all. I ripped every piece of removable hardware (a modem, all the RAM, the hard drive, optical drives, an add-on serial port card) and it wouldn’t beep at me at all. I tried resetting the CMOS jumper, no change. I was starting to think it was a fried motherboard and ran over to see my friend Wally in the other building who used to have a business fixing computers before people started just throwing out computers that break and buying new ones. He asked if I had taken out the battery yet. The battery! Even if it was dead, the worst I’ve ever seen is that the date and time get reset to 1970 or 2001 or something - it never stopped a machine from booting, but when when we pulled it and tested the battery it was at 1V (should be 3V). I tried to start it with no battery, and voila! It beeped! A quick run over to Radio Shack, and the machine (an IBM Thinkcentre) was back in business. The user got themselves a faster Dell workstation in the bargain, but they deserved it ;)

Leave a Reply

*
To prove you're a person (not a spam script), type the answer to the math equation shown in the picture. Click on the picture to hear an audio file of the equation.
Click to hear an audio file of the anti-spam equation

This page was created in 6.488 seconds.

Valid XHTML 1.0 Transitional