Windows Server Backup crashing

3

Environment: I'm running an HP DL165 G7, with Windows 2008 R2 x64.

Recently, when I perform a backup with "Windows Server Backup", it will crash the system. I run the backup over the weekend. When I come in on Monday, it has the screen shows a BSOD. (I will try to get the info from BSOD).

I have to hold the power button to power down the system. Then power it back on. It comes back up normally; all features running: Active Directory, DHCP, DNS, WINS, etc.

I check the event log. At the start of the backup I get a series of warnings Event ID 8230:

Volume Shadow Copy Service error: Failed resolving account admin6 with status 1376. Check connection to domain controller and VssAccessControl registry key.

Operation: Initializing Writer

Context:

Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Writer Name: Registry Writer

Error-specific details: Error: NetLocalGroupGetMemebers(admin6), 0x80070560, The specified local group does not exist.

Then I get Error Event ID 8193

Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied. . Operation: Initializing Writer

Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {9d7780ba-4e63-4c0e-a90c-c6f492c75870}

I've done some googling. but most of the responses I've seen involve Small Business System (like this: http://support.microsoft.com/kb/2537096) or SQL server, which this server does not have. I'm still searching.

Does the SBS situation apply? I'm thinking no, but need verification. Anyone experience these errors before? and what solutions were applied?

windows-server-2008-r2
vss
asked on Server Fault Oct 7, 2013 by Scott

3 Answers

1

The Event ID 8193 error is caused by installation of the DHCP Server role on your server. During installation of that role, the registry key referenced in the event log entry (HKLM\SYSTEM\CurrentControlSet\Services\VSS\Diag) has its permissions overwritten, resulting in the NETWORK SERVICE account no longer having access to that key.

This is documented at http://support2.microsoft.com/kb/2298620.

The solution (taken from the MSKB article) is as follows:

  1. Download the SubInACL.exe tool from the following Microsoft website: http://www.microsoft.com/downloads/en/confirmation.aspx?familyId=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displayLang=en

  2. Restore the old permissions together with permissions for the DHCP Server by running the following command:

    subinacl.exe /Subkeyreg System\CurrentControlSet\Services\VSS\Diag /sddl=O:SYG:SYD:PAI(A;;KA;;;BA)(A;;KA;;;SY)(A;;SDGRGW;;;BO)(A;;SDGRGW;;;LS)(A;;SDGRGW;;;NS)(A;CIIO;RC;;;S-1-3-4)(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;CIIO;GA;;;BA)(A;CIIO;GA;;;BO)(A;CIIO;GA;;;LS)(A;CIIO;GA;;;NS)(A;CIIO;GA;;;SY)(A;CI;CCDCLCSW;;;S-1-5-80-3273805168-4048181553-3172130058-210131473-390205191)
    
0

http://www.itexperience.net/2011/09/02/vss-error-failed-resolving-account-administrator-with-status-1376/

this link showed how to do it. it's registry change. go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl

Find the account that is shown (in the event log error) and delete that entry. I guess I misread or didn't understand what this was asking me to do.

I deleted the registry entry and both the errors do not show up during backup. Hopefully it won't crash the system. If the BSOD appears again, then it wouldn't be related to this issue and I'll research and start another topic if necessary

answered on Server Fault Oct 8, 2013 by Scott
0

Open regedit and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl. Once you done this, delete the account in question by removing the key and restart the computer for changes to take place.

answered on Server Fault Oct 9, 2014 by Sumit

User contributions licensed under CC BY-SA 3.0