none
Windows 7 VSS problems - inexplicable shadows and shadow storage that I am unable to delete

    Question

  • I have a lot of VSS errors in event viewer, and my system regularly freezes and takes forever to boot. I've notices a few things that are obviously wrong about VSS, but I can't seem to fix them using Windows 7 tools. Here are the basics:

    First, I have three physical hard drives:

    1. Disk 0 - system disk (WD VelociRaptor) - three partitions: C: drive for OS, F: for data; 100 MB system partition created by Win 7 on install, no drive letter
    2. Disk 1 - data (1.5 TB WD Caviar Black) - one partition: D:
    3. Disk 2 - data (1.5 TB Hitachi, brand new) - one partition: E:. This drive replaces an older E: drive that had a few bad sectors but never outright failed.

    Second, "System Protection" is ON for C: and OFF for every other drive, and I believe this has always been so. Thus, there should not be any shadow copies of anything except C:.

    Third, I've run various diagnostics on these hard drives, and they seem to be error-free even under intensive testing.

    Fourth, in Event Viewer I have a lot of these errors:

    Source: VSS
    Event ID: 12294
    Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG. Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000020D200).
    Operation:
       Get Shadow Copy Properties
    Context:
       Execution Context: Coordinator

    Two things are noteworthy about this:

    1. It's similar to Event ID 12293, here: http://technet.microsoft.com/en-us/library/cc734302(WS.10).aspx
    2. But (a) it's a different event ID number, and I can't find a listing for 12294, and (b) I can't follow the steps at the page for Event ID 12293 because Windows 7 vssadmin command doesn't allow you to execute the commands called for in that page.

    Fifth, according to the output of vssadmin, I have various shadow copies for an E: drive, even though VSS shouldn't be creating copies of the E: drive, and I can't delete them. Also, I have a shadow copy for a previous system, and I can't delete that. 

    My main goal right now would be to delete the shadow copies for the E: drive and to effectively turn off shadow copying for that drive, which appears to be on according to vssadmin, even though the GUI "System Properties" tab shows system protection is OFF for the E: drive, as shown here: 

    Here's the output of vssadmin commands, with my comments about what is suspicious:

    vssadmin list shadows

    Contents of shadow copy set ID: {feea0752-fd8f-4051-9b94-b16f7792f124}

       Contained 1 shadow copies at creation time: 7/22/2010 8:29:08 PM

          Shadow Copy ID: {2c7f246e-2257-42fc-8811-e915d6bb7c1b}

             Original Volume: (E:)\\?\Volume{863f1f5b-9614-11df-85cc-806e6f6e6963}\

             Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy15

             Originating Machine: main-pc-2010

             Service Machine: main-pc-2010

             Provider: 'Microsoft Software Shadow Copy provider 1.0'

             Type: DataVolumeRollback

             Attributes: Persistent, No auto release, No writers, Differential

    NOTE: The above originating machine - "main-pc-2010" - is no longer this computer's name. Also, I don't have any idea why the volume backed up here was E:. I don't want this copy around.

    Contents of shadow copy set ID: {43a1e1b9-ca15-4c07-8936-f34317fb29e4}

       Contained 1 shadow copies at creation time: 12/27/2010 11:14:21 PM

          Shadow Copy ID: {6ee74930-5088-494e-b97c-12e7f8d91b74}

             Original Volume: (E:)\\?\Volume{863f1f5b-9614-11df-85cc-806e6f6e6963}\

             Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy16

             Originating Machine: win7-main-2010

             Service Machine: win7-main-2010

             Provider: 'Microsoft Software Shadow Copy provider 1.0'

             Type: DataVolumeRollback

             Attributes: Persistent, No auto release, No writers, Differential

    NOTE: Above is the correct machine name (win7-main-2010), but I have no idea why the volume backed up is E:. Again, I don't want any copies of E:.

    Contents of shadow copy set ID: {5ba96ae3-2c40-4ce4-8cd5-b66b892768bc}

       Contained 1 shadow copies at creation time: 2/25/2011 9:09:49 PM

          Shadow Copy ID: {507255a1-7f21-418a-a7eb-fca4c8abf07e}

             Original Volume: (E:)\\?\Volume{863f1f5b-9614-11df-85cc-806e6f6e6963}\

             Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy17

             Originating Machine: win7-main-2010

             Service Machine: win7-main-2010

             Provider: 'Microsoft Software Shadow Copy provider 1.0'

             Type: DataVolumeRollback

             Attributes: Persistent, No auto release, No writers, Differential

    Same comment

    Contents of shadow copy set ID: {1910eb8f-c04a-402f-89e0-87201bbd5372}

       Contained 1 shadow copies at creation time: 9/7/2011 8:51:45 PM

          Shadow Copy ID: {ba5d12b6-00bc-426d-9b9a-8727f60e893b}

             Original Volume: (C:)\\?\Volume{863f1f58-9614-11df-85cc-806e6f6e6963}\

             Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1

             Originating Machine: win7-main-2010

             Service Machine: win7-main-2010

             Provider: 'Microsoft Software Shadow Copy provider 1.0'

             Type: ClientAccessibleWriters

             Attributes: Persistent, Client-accessible, No auto release, Differential, Auto recovered

    Above is the first shadow copy that I think is correct.

    Contents of shadow copy set ID: {e07fe4f5-4fce-485c-b886-5995fa4ea232}

       Contained 1 shadow copies at creation time: 9/7/2011 10:53:52 PM

          Shadow Copy ID: {f87a6c24-09e3-462d-95b5-2de53f4effd1}

             Original Volume: (C:)\\?\Volume{863f1f58-9614-11df-85cc-806e6f6e6963}\

             Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4

             Originating Machine: win7-main-2010

             Service Machine: win7-main-2010

             Provider: 'Microsoft Software Shadow Copy provider 1.0'

             Type: ClientAccessibleWriters

             Attributes: Persistent, Client-accessible, No auto release, Differential, Auto recovered

     

    Contents of shadow copy set ID: {6bc8f908-1916-4b5a-8267-4e93cb807bba}

       Contained 1 shadow copies at creation time: 9/9/2011 8:05:00 PM

          Shadow Copy ID: {9c47f2a6-9a2f-4490-b090-cd288c93643c}

             Original Volume: (C:)\\?\Volume{863f1f58-9614-11df-85cc-806e6f6e6963}\

             Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7

             Originating Machine: win7-main-2010

             Service Machine: win7-main-2010

             Provider: 'Microsoft Software Shadow Copy provider 1.0'

             Type: ClientAccessibleWriters

             Attributes: Persistent, Client-accessible, No auto release, Differential, Auto recovered

     

    Contents of shadow copy set ID: {7f085dba-6056-4b42-9331-ae694711f7e4}

       Contained 1 shadow copies at creation time: 9/9/2011 8:07:18 PM

          Shadow Copy ID: {fabfeec3-1f5f-4ee4-b11f-2d4390333e76}

             Original Volume: (C:)\\?\Volume{863f1f58-9614-11df-85cc-806e6f6e6963}\

             Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8

             Originating Machine: win7-main-2010

             Service Machine: win7-main-2010

             Provider: 'Microsoft Software Shadow Copy provider 1.0'

             Type: ClientAccessibleWriters

             Attributes: Persistent, Client-accessible, No auto release, Differential, Auto recovered

     

    Contents of shadow copy set ID: {a02206df-b3c5-4db4-bf21-73ade7cca353}

       Contained 1 shadow copies at creation time: 9/11/2011 8:52:33 PM

          Shadow Copy ID: {36c13527-e95c-4c00-80c2-cdafb2183df1}

             Original Volume: (C:)\\?\Volume{863f1f58-9614-11df-85cc-806e6f6e6963}\

             Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy9

             Originating Machine: win7-main-2010

             Service Machine: win7-main-2010

             Provider: 'Microsoft Software Shadow Copy provider 1.0'

             Type: ClientAccessibleWriters

             Attributes: Persistent, Client-accessible, No auto release, Differential, Auto recovered

     

    vssadmin list shadowstorage

    Shadow Copy Storage association

       For volume: (E:)\\?\Volume{863f1f5b-9614-11df-85cc-806e6f6e6963}\

       Shadow Copy Storage volume: (E:)\\?\Volume{863f1f5b-9614-11df-85cc-806e6f6e6963}\

       Used Shadow Copy Storage space: 39.347 GB (2%)

       Allocated Shadow Copy Storage space: 42.265 GB (3%)

       Maximum Shadow Copy Storage space: 209.591 GB (15%)

    NOTE: I don't think that the preceding storage association should exist. I have not selected E: for system protection.

    Shadow Copy Storage association

       For volume: (C:)\\?\Volume{863f1f58-9614-11df-85cc-806e6f6e6963}\

       Shadow Copy Storage volume: (C:)\\?\Volume{863f1f58-9614-11df-85cc-806e6f6e6963}\

       Used Shadow Copy Storage space: 2.666 GB (3%)

       Allocated Shadow Copy Storage space: 2.965 GB (3%)

       Maximum Shadow Copy Storage space: 3.479 GB (4%)

    The above entry is fine.

    vssadmin list volumes

    Volume path: \\?\Volume{863f1f57-9614-11df-85cc-806e6f6e6963}\

        Volume name: \\?\Volume{863f1f57-9614-11df-85cc-806e6f6e6963}\

    Volume path: D:\

        Volume name: \\?\Volume{863f1f5a-9614-11df-85cc-806e6f6e6963}\

    Volume path: E:\

        Volume name: \\?\Volume{863f1f5b-9614-11df-85cc-806e6f6e6963}\

    Volume path: C:\

        Volume name: \\?\Volume{863f1f58-9614-11df-85cc-806e6f6e6963}\

    Volume path: F:\

        Volume name: \\?\Volume{e01b47ba-90a8-11e0-8b71-485b39638154}\

    NOTE: I don't understand the first entry, which has no drive letter.

    Finally, if I try to delete the snapshots for E: here's what happens:

    • I execute: vssadmin delete shadows /for=e: /all
    • I get this error message:
    Snapshots were found, but they were outside of your allowed context. Try removing them with the backup application which created them.

    So: Anyone have any thoughts about what is wrong with VSS and how I can fix it? (I suspect from this post that Diskshadow.exe might work, but that only ships with Windows Server 2008, which I don't have.)


    bhagerty
    Monday, September 12, 2011 5:41 AM

Answers

  • Hi,

     

    I suspect this is related to the operations on previous E:\ drive. I suggest you try to use Disk cleanup tool to check if you could fix this issue:

     

    1.    Log in as a Windows Administrator and click Start.

    2.    Type "cleanmgr" into the search box.

    3.    Right click "Cleanmgr.exe" and select "Run as Administrator."

    4.    Select the system drive you would like to clean the shadow copies and other files off of from the drop-down menu. Click "OK."

    5.    Click on the "More options" tab and click "Clean up..." under the "System restore and shadow copies" section

     

    This would delete the ShadowCopy of specific drive.

     

    Meanwhile, for the slow boot issue, you could also perform Clean Boot to determine the root cause.

     

    Alex Zhao


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, September 13, 2011 7:55 AM
    Moderator