The monitoring system on certainly one of my servers working Windows Server 2016 began sending a number of messages of the Volume Shadow Copy Service error with the Event ID 8193 and VSS as a supply. The full error description within the Event Viewer (Application log) seems to be like this:
Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW (-2147483646, SYSTEMCurrentControlSetServicesVSSDiag,...). hr = 0x80070005, Access is denied. Operation: Initializing Writer Context: %MINIFYHTMLb5bdc426b817a5035bf92ebd42cdf8ae5%Writer Class Id: Writer Name: System Writer Writer Instance ID:
At the identical time, the server is working fantastic, and there have been no seen issues with the companies or apps. There have been no errors within the listing of VSS modules for the occasion ID of .
vss listing writers
VSS EventID 8193 is a recognized error that’s typically associated to the set up of the DHCP position on a server working Windows Server 2008 (or newer) ensuing within the Network Service account dropping the permissions on the registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesVSSDiag.
The drawback is expounded to the set up of the VSS module – DHCP Jet Writer, which is chargeable for right shadow copy creation of the DHCP service. This VSS module modifications permissions on the desired registry key throughout set up.
To repair this error, you must manually grant the Full Control permission for Network Service on the desired key.
- Run the Registry Editor (
- Go to the registry key HKLMSYSTEMCurrentControlSetservicesVSSDiag and open its permissions (Permissions possibility within the context menu);
- Find Network Service within the listing and assign the Full Control permissions.
Instead of enhancing the registry manually, it could be extra right to revive the default permissions on the registry key utilizing a particular command CLI instrument – SubInACL. Download and set up it (when you’ve got not finished it but) and run the next instructions:
cd “C:Program Files (x86)Windows Resource KitsTools”
subinacl.exe /Subkeyreg SystemPresentControlSetServicesVSSDiag /sddl=D:PAI(A;;KA;;;BA)(A;;KA;;;SY)(A;;CCDCLCSWRPSDRC;;;BO)(A;;CCDCLCSWRPSDRC;;;LS)(A;;CCDCLCSWRPSDRC;;;NS)(A;CIIO;RC;;;OW)(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;CIIO;GA;;;BA)(A;CIIO;GA;;;BO)(A;CIIO;GA;;;LS)(A;CIIO;GA;;;NS)(A;CIIO;GA;;;SY)(A;CI;CCDCLCSW;;;S-1-5-80-3273805168-4048181553-3172130058-210131473-390205191)(A;ID;KR;;;AC)(A;CIIOID;GR;;;AC)S:ARAI
In Windows Server 2008 R2, the command will appear to be this (in line with Microsoft KB):
subinacl.exe /Subkeyreg SystemPresentControlSetServicesVSSDiag /sddl=O:SYG:SYD:PAI(A;;KA;;;BA)(A;;KA;;;SY)(A;;SDGRGW;;;BO)(A;;SDGRGW;;;LS)(A;;SDGRGW;;;NS)(A;CIIO;RC;;;S-1-Three-Four)(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;CIIO;GA;;;BA)(A;CIIO;GA;;;BO)(A;CIIO;GA;;;LS)(A;CIIO;GA;;;NS)(A;CIIO;GA;;;SY)(A;CI;CCDCLCSW;;;S-1-5-80-3273805168-4048181553-3172130058-210131473-390205191)
Then change the permissions on the kid (nested) objects within the Registry Editor. To do it, open the Diag reg key properties and click on “Permissions” -> “Advanced” -> “Replace all baby object permissions”.
Then simply restart your Windows.
PS. When writing this text I discovered that there was one other VSS error with the identical (!!!) EventID 8193 and the next description:
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2470146651-3958396388-212345117-21232.bak). hr = 0x80070539,The safety ID construction is invalid. Operation: OnIdentify occasion Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: Writer Name: Shadow Copy Optimization Writer Writer Instance ID: .
To make the article complete, I’ll describe the answer of this challenge as effectively.
This error doesn’t let you create system state backup or (by way of the Windows Server Backup), which results in the next error: “
0x80042308: The specified object was not discovered”.
This drawback is solved in a different way and associated to the wrong entry within the profile’s reg key HKLMSoftwareMicrosoftWindows NTCurrentVersionProfileList. The challenge happens on account of VSS service (Shadow Copy Optimization Writer part) can not discover a consumer profile with the ending in .bak and returns an error. You must delete the registry key proven within the description of the ConvertStringSidToSid occasion (S-1-5-21-2470146651-3958396388-212345117-21232.bak).
- Open the
- Go to the HKLMSoftwareMicrosoftWindows NTCurrentVersionProfileList;
- Find and delete the registry key with the .bak suffix;
- Restart your pc and attempt to run your backup process once more.