Linux & "mdadm"

Recently I had a difficult scenario repairing a customers computer.  This particular situation involved an unusual hard drive configuration, massive amounts of data and sensitive information. 

The scenario:

A customer called and described Windows repeatedly locking, crashing even showing the dreaded BSOD, Blue Screen of Death.  Such a combination of problem can mean any number of issues for a PC.  Upon careful examination I determined that the customer had a failing hard drive.

The solution for a failing drive is of course to replace it, the difficulty comes in the data that the customer wants to retrieve from the drive.  Here is where I should remind everyone, Please back up your data.  Of course this customer had frequently discussed implementing a backup system, but never had.

The complication:

The system the customer used was a Dell XPS.  It had been configured from Dell with Raid 0 using the onboard Intel Rapid Storage Technology and dual hard drives.

Raid 0 is a method of joining multiple hard drives to appear as one.  Raid 0 gives a small performance advantage at the expense of reliability.  Every hard drive is rated with a MTTF.  Mean Time To Failure is the hard drive manufacturers rating of how long a hard drive should last.  Of course this is only an average and at best an estimation, but the one thing it guarantees is that eventually all hard drives will fail.  By combining two devices guaranteed to fail it doubles our chances that failure will happen, hence the expense of reliability.

Further complication:

The customer had over a terabyte of critical information.  As an example if you had a 5 megapixal camera and never deleted an image you would have to take 625,000 pictures to fill 1 terabyte. 


Since Windows would not run reliably it was necessary to boot the computer with an alternative OS.  I choose my System Rescue CD.  It boots into Gentoo linux and has a variety of useful recovery tools.  I tried to use gparted to copy the entire Raid 0 partition, but unfortunately gparted does not support Raid arrays at this time.  So my next solution is to mount the Raid 0 partition and copy the data.  That way I can reinstall the OS and restore the data.  Using mdadm, the linux software raid management tool, I tried to Assemble the array. 

But it never would work.  I figured out by looking at /proc/partitions that linux was trying to mount my raid with some default settings.  I had two devices, /dev/md126 /dev/md127 listed in /proc/partitions.  Neither would mount with any settings.  Reading several forums I realized that I needed to BUILD the array not asssemble.  Before I could build it I needed to STOP the to erroneous devices. By running the commands:

mdadm --stop /dev/md126
mdadm --stop /dev/md127

they would be removed from /proc/partitions.  Then I ran:

mdadm --build /dev/md0 --chunk=128 --level=0 --raid-devices=2 /dev/sda /dev/sdb

this built the existing raid as a level 0, using a strip of 128kb and the two hard drives detected as sda and sdb.  Then I could successfully mount the raid using mount /dev/md0 /mnt/windows and copy off my customer's data off.


Utilizing linux it is possible to recover data from a failing hard drive even when Windows will not boot.  Also, please backup your data.  Three Leaf Company has several solutions available to our customer's.  Give us a call so we can look at your needs and implement a reliable and secure method of storing your data.