Windows OS Hub
  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux

 Windows OS Hub / Windows Server 2016 / Fixing Volume Shadow Copy (VSS) Error with Event ID 8193

February 5, 2020

Fixing Volume Shadow Copy (VSS) Error with Event ID 8193

The monitoring system on one of my servers running Windows Server 2016 started sending multiple messages of the Volume Shadow Copy Service error with the Event ID 8193 and VSS as a source. The full error description in the Event Viewer (Application log) looks like this:

Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW (-2147483646, SYSTEM\CurrentControlSet\Services\VSS\Diag,...).  hr = 0x80070005, Access is denied.
Operation:
Initializing Writer
Context:
%MINIFYHTMLb5bdc426b817a5035bf92ebd42cdf8ae5%Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4f096fb4-2e00-4864-aa8f-885aa9186850}

EventID 8193 VSS - Volume Shadow Copy Service error

At the same time, the server is working fine, and there were no visible problems with the services or apps. There were no errors in the list of VSS modules for the instance ID of VSS Writer.

vss list writers

vss system writer

VSS EventID 8193 is a known error that is generally related to the installation of the DHCP role on a server running Windows Server 2008 (or newer) resulting in the Network Service account losing the permissions on the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag.

The problem is related to the installation of the VSS module – DHCP Jet Writer, which is responsible for correct shadow copy creation of the DHCP service. This VSS module changes permissions on the specified registry key during installation.

To fix this error, you have to manually grant the Full Control permission for Network Service on the specified key.

  1. Run the Registry Editor (regedit.exe);
  2. Go to the registry key HKLM\SYSTEM\CurrentControlSet\services\VSS\Diag and open its permissions (Permissions option in the context menu);
  3. Find Network Service in the list and assign the Full Control permissions. HKLM\SYSTEM\CurrentControlSet\services\VSS\Diag registry permissions

Instead of editing the registry manually, it would be more correct to restore the default permissions on the registry key using a special command CLI tool – SubInACL. Download and install it (if you have not done it yet) and run the following commands:

cd “C:\Program Files (x86)\Windows Resource Kits\Tools”
subinacl.exe /Subkeyreg System\CurrentControlSet\Services\VSS\Diag /sddl=D:PAI(A;;KA;;;BA)(A;;KA;;;SY)(A;;CCDCLCSWRPSDRC;;;BO)(A;;CCDCLCSWRPSDRC;;;LS)(A;;CCDCLCSWRPSDRC;;;NS)(A;CIIO;RC;;;OW)(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;CIIO;GA;;;BA)(A;CIIO;GA;;;BO)(A;CIIO;GA;;;LS)(A;CIIO;GA;;;NS)(A;CIIO;GA;;;SY)(A;CI;CCDCLCSW;;;S-1-5-80-3273805168-4048181553-3172130058-210131473-390205191)(A;ID;KR;;;AC)(A;CIIOID;GR;;;AC)S:ARAI

In Windows Server 2008 R2, the command will look like this (according to Microsoft KB):

subinacl.exe /Subkeyreg System\CurrentControlSet\Services\VSS\Diag /sddl=O:SYG:SYD:PAI(A;;KA;;;BA)(A;;KA;;;SY)(A;;SDGRGW;;;BO)(A;;SDGRGW;;;LS)(A;;SDGRGW;;;NS)(A;CIIO;RC;;;S-1-3-4)(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;CIIO;GA;;;BA)(A;CIIO;GA;;;BO)(A;CIIO;GA;;;LS)(A;CIIO;GA;;;NS)(A;CIIO;GA;;;SY)(A;CI;CCDCLCSW;;;S-1-5-80-3273805168-4048181553-3172130058-210131473-390205191)

Then replace the permissions on the child (nested) objects in the Registry Editor. To do it, open the Diag reg key properties and click “Permissions” -> “Advanced” -> “Replace all child object permissions”.

replace permissions on child objects

Then just restart your Windows.

PS. When writing this article I found out that there was another VSS error with the same (!!!) EventID 8193 and the following description:

Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2470146651-3958396388-212345117-21232.bak).  hr = 0x80070539,The security ID structure is invalid.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {5e5d68e6-9c97-4af6-a09f-bb2db4c65058}.

To make the article comprehensive, I will describe the solution of this issue as well.

This error doesn’t allow you to create system state backup or backup your Hyper-V VMs (through the Windows Server Backup), which leads to the following error: “0x80042308: The specified object was not found”.

This problem is solved differently and related to the incorrect entry in the profile’s reg key HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList. The issue occurs due to VSS service (Shadow Copy Optimization Writer component) cannot find a user profile with the SID ending in .bak and returns an error. You need to delete the registry key shown in the description of the ConvertStringSidToSid event (S-1-5-21-2470146651-3958396388-212345117-21232.bak).

  1. Open the regedit.exe;
  2. Go to the HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList;
  3. Find and delete the registry key with the .bak suffix; delete registry bak key from CurrentVersion\ProfileList
  4. Restart your computer and try to run your backup task again.
4 comments
4
Facebook Twitter Google + Pinterest
Windows 10Windows Server 2016
previous post
Generating Strong Random Password with PowerShell
next post
How to Block a Domain or Website on Windows Defender Firewall with PowerShell?

Related Reading

Fixing “Winload.efi is Missing or Contains Errors” in...

March 16, 2024

USB Device Passthrough (Redirect) to Hyper-V Virtual Machine

March 15, 2024

How to Connect L2TP/IPSec VPN Server From Windows

September 22, 2023

Unable to Access SYSVOL and NETLOGON folders from...

May 10, 2023

Create & Manage DNS Zones and Records with...

April 3, 2023

Unable to Add/Remove Role: Windows Server Requires Restart

December 4, 2020

Fix RDP Connection Error ‘CredSSP Encryption Oracle Remediation’

July 23, 2024

Disks and Partitions Management with Windows PowerShell

March 11, 2024

4 comments

iamauser February 10, 2020 - 9:00 am

What monitoring system are you using on your servers? Especially for reading the event logs?
Thanks

Reply
admin February 11, 2020 - 7:28 am

Event logs from Windows servers are sent to Elasticsearch. There is also a Zabbix server with email alerts about critical events.

Reply
iamauser February 11, 2020 - 7:39 am

Thanks!
Do you have any blog post how you do that?
There are so many articles out there in the web about doing things but only a few about monitoring and topics like file/folder access monitoring etc.

Reply
Dardan February 19, 2023 - 5:46 pm

Hello,

I managed to solve this issue with the help of Microsoft support.
The issue seems to be with the VSS metadata max filesize which is limited to 16MB. This can be increased to 32, 64 or 128 according to your needs.
RegKey SYSTEM\CurrentControlSet\Services\VSS\Settings “MaxXmlDocumentSizeMB”.
A detailed exaplanation https://www.storcom.com/sql-vss-backup-unexpected-error-calling-routine-xml-document-is-too-long/

Regards,
Dardan

Reply

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Recent Posts

  • Map a Network Drive over SSH (SSHFS) in Windows

    May 13, 2025
  • Configure NTP Time Source for Active Directory Domain

    May 6, 2025
  • Cannot Install Network Adapter Drivers on Windows Server

    April 29, 2025
  • Change BIOS from Legacy to UEFI without Reinstalling Windows

    April 21, 2025
  • How to Prefer IPv4 over IPv6 in Windows Networks

    April 9, 2025
  • Load Drivers from WinPE or Recovery CMD

    March 26, 2025
  • How to Block Common (Weak) Passwords in Active Directory

    March 25, 2025
  • Fix: The referenced assembly could not be found error (0x80073701) on Windows

    March 17, 2025
  • Exclude a Specific User or Computer from Group Policy

    March 12, 2025
  • AD Domain Join: Computer Account Re-use Blocked

    March 11, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • How to Download Offline Installer (APPX/MSIX) for Microsoft Store App
  • Fix: Windows Cannot Connect to a Shared Printer
  • How to Disable UAC Prompt for Specific Applications in Windows
  • Fix: The Computer Restarted Unexpectedly or Encountered an Unexpected Error on Windows
  • How to Clean Up System Volume Information Folder on Windows
  • Fixing “Winload.efi is Missing or Contains Errors” in Windows 10
  • How to Enable Windows Auto Login without a Password
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top