Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Environmental information:=====================================================================NW client version: 9.2.1.2.Build.204Operating system client version: Windows NT Server on IntelSave set: AllLogs snippets:==================================================================== +++ NetWorker's workflow logs:6684:save: Could not stat \\?\VOLUME{AECB5840-A0DF-11E0-A883-806E6F6E6963}\: No such file or directoryclient_name: C:\ level=incr, 246 MB 00:28:10 136 filesCompleted savetime=154352885290015:save: The backup of VSS emit save set 'C:\' succeeded.94694:save: The backup of save set 'C:\' succeeded.101087:save: Cleanup VSS MBS emitter thread: Received cancel signal. Terminating VSS emitter save set \\?\VOLUME{AECB5840-A0DF-11E0-A883-806E6F6E6963}\.74209:save: Quit signal received.99123:save: Handling an abort while processing Windows backup.90097:save: ASR Backup: aborting VSS volume save because Quit flag is set.99123:save: Handling an abort while processing Windows backup.90117:save: Unable to perform the ASR backup: cannot obtain the VSS MBS status.86024:save: Error occured while saving disaster recovery save sets.+++ Client's Application Event log: Log Name: ApplicationSource: Microsoft-Windows-CAPI2Date: 13/12/2018 9:42:39Event ID: 513Task Category: NoneLevel: ErrorKeywords: ClassicUser: N/AComputer: client_name.domain.comDescription:Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details:AddCoreCsiFiles : BeginFileEnumeration() failed. System Error:Access is denied..Event Xml:http://schemas.microsoft.com/win/2004/08/events/event" 513 0 2 0 0 0x80000000000000 8983257 Application client_name.domain.com Details:AddCoreCsiFiles : BeginFileEnumeration() failed. System Error:Access is denied.
This problem occurs because VSS System Writer does not have permission to read the NT AUTHORITY\SERVICE (service account).When System Writer runs as a cryptographic service and tries to read the Mslldp.sys information from a Microsoft Link-Layer Discovery Protocol driver, the "access denied" error is generated.
"Microsoft Link-Layer Discovery Protocol" binary is \Windows\system32\DRIVERS\mslldp.sysIts config registry key is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsLldpThe binary security descriptor for the record is located here:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsLldp\SecurityIt should be modified using SC.EXE and Sysinternals'ACCESSCHK.EXE to fix it.The original security descriptor looked like below:>accesschk.exe -c mslldpmslldp RW NT AUTHORITY\SYSTEM RW BUILTIN\Administrators RW S-1-5-32-549 R NT SERVICE\NlaSvcNo service account is allowed to access the MSLLDP driver.The security descriptor for the drivers that were processed successfully looked this way:>accesschk.exe -c mupmup RW NT AUTHORITY\SYSTEM RW BUILTIN\Administrators R NT AUTHORITY\INTERACTIVE R NT AUTHORITY\SERVICE How to add access rights for NT AUTHORITY\SERVICE to MSLLDP service:1. Run: SC sdshow MSLLDPYou get something like below (SDDL language is documented on MSDN):D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BG)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;LCRPWP;;;S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)2. Run: SC sdshow MUPYou get:D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)3. Take the NT AUTHORITY\ SERVICE entry, which is (A;;CCLCSWLOCRRC;;;SU) and add it to the original MSLLDP security descriptor properly, right before the last S:(AU... group.4. Apply the new security descriptor to the MSLLDP service:sc sdset MSLLDP D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BG)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;LCRPWP;;;S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)5. Check the result:>accesschk.exe -c mslldpmslldp RW NT AUTHORITY\SYSTEM RW BUILTIN\Administrators RW S-1-5-32-549 R NT SERVICE\NlaSvc R NT AUTHORITY\SERVICE6. Run NetWorker backup and check if it runs fine.!!! Do not forget to use your security descriptor for the MSLLDP driver because there can be some rare cases when it is different for your machine. Do not copy my SDDL descriptions and backup the old descriptor in case!!!