Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Windows Server 2016 / Fixing Volume Shadow Copy (VSS) Error with Event ID 8193

February 5, 2020 Windows 10Windows Server 2016

Fixing Volume Shadow Copy (VSS) Error with Event ID 8193

The monitoring system on one of my servers running Windows Server 2016 started sending multiple messages of the Volume Shadow Copy Service error with the Event ID 8193 and VSS as a source. The full error description in the Event Viewer (Application log) looks like this:

Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW (-2147483646, SYSTEM\CurrentControlSet\Services\VSS\Diag,...).  hr = 0x80070005, Access is denied.
Operation:
Initializing Writer
Context:
%MINIFYHTMLb5bdc426b817a5035bf92ebd42cdf8ae5%Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4f096fb4-2e00-4864-aa8f-885aa9186850}

EventID 8193 VSS - Volume Shadow Copy Service error

At the same time, the server is working fine, and there were no visible problems with the services or apps. There were no errors in the list of VSS modules for the instance ID of VSS Writer.

vss list writers

vss system writer

VSS EventID 8193 is a known error that is generally related to the installation of the DHCP role on a server running Windows Server 2008 (or newer) resulting in the Network Service account losing the permissions on the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag.

The problem is related to the installation of the VSS module – DHCP Jet Writer, which is responsible for correct shadow copy creation of the DHCP service. This VSS module changes permissions on the specified registry key during installation.

To fix this error, you have to manually grant the Full Control permission for Network Service on the specified key.

  1. Run the Registry Editor (regedit.exe);
  2. Go to the registry key HKLM\SYSTEM\CurrentControlSet\services\VSS\Diag and open its permissions (Permissions option in the context menu);
  3. Find Network Service in the list and assign the Full Control permissions. HKLM\SYSTEM\CurrentControlSet\services\VSS\Diag registry permissions

Instead of editing the registry manually, it would be more correct to restore the default permissions on the registry key using a special command CLI tool – SubInACL. Download and install it (if you have not done it yet) and run the following commands:

cd “C:\Program Files (x86)\Windows Resource Kits\Tools”
subinacl.exe /Subkeyreg System\CurrentControlSet\Services\VSS\Diag /sddl=D:PAI(A;;KA;;;BA)(A;;KA;;;SY)(A;;CCDCLCSWRPSDRC;;;BO)(A;;CCDCLCSWRPSDRC;;;LS)(A;;CCDCLCSWRPSDRC;;;NS)(A;CIIO;RC;;;OW)(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;CIIO;GA;;;BA)(A;CIIO;GA;;;BO)(A;CIIO;GA;;;LS)(A;CIIO;GA;;;NS)(A;CIIO;GA;;;SY)(A;CI;CCDCLCSW;;;S-1-5-80-3273805168-4048181553-3172130058-210131473-390205191)(A;ID;KR;;;AC)(A;CIIOID;GR;;;AC)S:ARAI

In Windows Server 2008 R2, the command will look like this (according to Microsoft KB):

subinacl.exe /Subkeyreg System\CurrentControlSet\Services\VSS\Diag /sddl=O:SYG:SYD:PAI(A;;KA;;;BA)(A;;KA;;;SY)(A;;SDGRGW;;;BO)(A;;SDGRGW;;;LS)(A;;SDGRGW;;;NS)(A;CIIO;RC;;;S-1-3-4)(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;CIIO;GA;;;BA)(A;CIIO;GA;;;BO)(A;CIIO;GA;;;LS)(A;CIIO;GA;;;NS)(A;CIIO;GA;;;SY)(A;CI;CCDCLCSW;;;S-1-5-80-3273805168-4048181553-3172130058-210131473-390205191)

Then replace the permissions on the child (nested) objects in the Registry Editor. To do it, open the Diag reg key properties and click “Permissions” -> “Advanced” -> “Replace all child object permissions”.

replace permissions on child objects

Then just restart your Windows.

PS. When writing this article I found out that there was another VSS error with the same (!!!) EventID 8193 and the following description:

Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2470146651-3958396388-212345117-21232.bak).  hr = 0x80070539,The security ID structure is invalid.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {5e5d68e6-9c97-4af6-a09f-bb2db4c65058}.

To make the article comprehensive, I will describe the solution of this issue as well.

This error doesn’t allow you to create system state backup or backup your Hyper-V VMs (through the Windows Server Backup), which leads to the following error: “0x80042308: The specified object was not found”.

This problem is solved differently and related to the incorrect entry in the profile’s reg key HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList. The issue occurs due to VSS service (Shadow Copy Optimization Writer component) cannot find a user profile with the SID ending in .bak and returns an error. You need to delete the registry key shown in the description of the ConvertStringSidToSid event (S-1-5-21-2470146651-3958396388-212345117-21232.bak).

  1. Open the regedit.exe;
  2. Go to the HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList;
  3. Find and delete the registry key with the .bak suffix; delete registry bak key from CurrentVersion\ProfileList
  4. Restart your computer and try to run your backup task again.

3 comments
0
Facebook Twitter Google + Pinterest
previous post
Using iPerf to Test Network Speed and Bandwidth (Throughput)
next post
Start Menu and Taskbar Search Not Working in Windows 10

Related Reading

How to Sign a PowerShell Script (PS1) with...

February 25, 2021

How to Shadow (Remote Control) a User’s RDP...

February 22, 2021

Configuring PowerShell Script Execution Policy

February 18, 2021

Configuring Proxy Settings on Windows Using Group Policy...

February 17, 2021

Updating Group Policy Settings on Windows Domain Computers

February 16, 2021

3 comments

iamauser February 10, 2020 - 9:00 am

What monitoring system are you using on your servers? Especially for reading the event logs?
Thanks

Reply
admin February 11, 2020 - 7:28 am

Event logs from Windows servers are sent to Elasticsearch. There is also a Zabbix server with email alerts about critical events.

Reply
iamauser February 11, 2020 - 7:39 am

Thanks!
Do you have any blog post how you do that?
There are so many articles out there in the web about doing things but only a few about monitoring and topics like file/folder access monitoring etc.

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • Accessing USB Flash Drive from VMWare ESXi

    February 26, 2021
  • How to Sign a PowerShell Script (PS1) with a Code Signing Certificate?

    February 25, 2021
  • Change the Default Port Number (TCP/1433) for a MS SQL Server Instance

    February 24, 2021
  • How to Shadow (Remote Control) a User’s RDP session on RDS Windows Server 2016/2019?

    February 22, 2021
  • Configuring PowerShell Script Execution Policy

    February 18, 2021
  • Configuring Proxy Settings on Windows Using Group Policy Preferences

    February 17, 2021
  • Updating Group Policy Settings on Windows Domain Computers

    February 16, 2021
  • Managing Administrative Shares (Admin$, IPC$, C$, D$) in Windows 10

    February 11, 2021
  • Packet Monitor (PktMon) – Built-in Packet Sniffer in Windows 10

    February 10, 2021
  • Fixing “Winload.efi is Missing or Contains Errors” in Windows 10

    February 5, 2021

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Allow Multiple RDP Sessions in Windows 10?
  • How to Repair EFI/GPT Bootloader on Windows 10?
  • How to Restore Deleted EFI System Partition in Windows 10?
  • Network Computers are not Showing Up in Windows 10
  • How to Run Program without Admin Privileges and to Bypass UAC Prompt?
  • Error Code: 0x80070035 “The Network Path was not found” after Windows 10 Update
  • How to Configure Google Chrome Using Group Policy ADMX Templates?
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top