none
Windows 7 System Restore does not work

    Question

  • I am running Windows 7 32-bit installation on a Seagate Momentus XT hybrid har drive.  Lately, any attempts to install or uninstall have been horribly slow (hours).  My disk was encrypted with PGP desktop, so I removed the encryption and software.  I also removed Norton Ghost.  I was going to run a system restore but discovered it was not running and there were no existing restore points.   When I go into the control panel, system, and system protection, the "System Restore" button is greyed out.  In the Protection Settings section below the available drives area states that it is "Searching" but no drives are ever identified.  I researched similar experiences on the web and found many recommendations to run sfc /scannow.  I have run it twice with no errors listed.  Another recommendation was to boot into "safe" mode and see if the settings appeared.  The "System Protection" tab does not even show up in "safe" mode.  One final suggestion is to perform a repair install of Windows.  I can do that but prefer to exhaust fix options first.  Any suggestions will be appreciated.
    Monday, October 10, 2011 1:23 PM

Answers

  • One last submission.  Today is the 16th.  My support incident has been open for 12 days and my support engineer has diligently maintained contact, passed along suggestions, and worked along with me on a regular basis to help resolve the issue.  None of her suggestions resolved my problem.  However, all was not lost.  The following is my report to her after I lucked into the solution:

    Bharati,

    Success!  It was none of your suggestions or any that were in the various posts.  I have felt all along that this issue was due to either Symantec’s PGP disk encryption or Norton Ghost product.  Symantec did not ever offer any acknowledgement that these products could be the origin of my failed System Protection.  Before I started this final corrective effort, I made sure that all Symantec products had been uninstalled to whatever extent necessary.  I then manually deleted every directory and subdirectory from my C: drive that was named either Symantec or Norton.  This included any files in those directories.  Finally, I opened regedit and search the registry for “Symantec” or “Norton” and manually deleted every top-level key found.  (Note, I had backed up the registry before this activity).  There were a few legacy keys that I could not delete because of permission issues.  However, they were few in number and I was able to delete numerous other entries.  Once complete, I restarted the computer, opened the System Protection tab under System Properties and the “System Restore”, “Configure” and “Create” buttons were no longer greyed out.  The “Available” drives box resolved and displays my C: drive now.  I created a manual restore point to test and the restore point was created in a matter of seconds.  I believe this issue is now resolved.  Please add these notes to your records.  I will post this information on the same thread that I started long ago for others to use.  I will also submit this information to Symantec to contradict their “blamelessness”.  Thank you for your persistent and diligent help.  Even though you did not find the solution, you did not give up and I appreciate that.  However, I feel Symantec should reimburse for the use of my Tech support incident as this was not a Microsoft issue, but a Symantec issue.

    The key to this issue was comparing registry entries between a functioning system and my problematic system.  The comparisons were made using a "systemrestore" search on both systems.  I noted that there were a number of entries of Symantec VSS related entries in my problematic machine.  Once those were deleted, that functionality returned.  Was that the only cause?  I have spent so much time and made so many changes, I cannot say for sure.  I also knew the risks associated with registry manipulation but felt the answer was in the registry.  The machine ran too well in all other respects.  So this analysis may work for some, and will not work for others.  Symantec will now receive my attention.

    Thursday, November 17, 2011 3:57 AM

All replies

  • Hi,

    When the issue occurs, please check the Volume Shadow Copy service in Service Manager. I assume it is caused by this service which is not running at that time. If so, you may try to manually start it and change the startup type to Automatic.

    Also, if the issue persists, please check whether it is blocked by GPO. The following thread is for your reference.

    http://social.technet.microsoft.com/Forums/et-EE/w7itproui/thread/9f49c051-e293-49f5-8a51-75162f0ddc64 

    Regards,
    Juke
    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact tnmff@microsoft.com.

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Tuesday, October 11, 2011 3:23 AM
  • Juke,

    Thank you for your response and suggestions.  I have already followed that thread.  My VSS is enabled and running.  In fact, I disabled it, restarted and when I rechecked the system protection status, I received an error prompt about VSS not running.  I re-enabled and restarted and checked the GPO settings and they are corrected set and there is no "System Restore" section in the registry.  I suspect there is another place in the registry that is preventing the display of the drives that are being "searched". 

    Further update on October 13th:  I have eliminated the hybrid drive as a contributing factor.  That drive had an image that was restored via Norton Ghost from a previous SATA drive that was in my notebook.  The removed drive had been setting on a shelf unused, and I reinstalled in my notebook.  After Windows 7 booted, I discovered that the same issue existed on the previous drive, i.e. drives being "searched" in the System Restore section.  I have no idea what is causing this and have yet to find anything on the web or Microsoft's reference material that correctly identifies my problem or presents a solution.

    • Edited by gmcfarlen Wednesday, October 12, 2011 8:05 PM
    Tuesday, October 11, 2011 10:53 AM
  • Hi,

    You may try decrypt the files which is encrypted by PGP, then disable PGP=>Reboot to use chkdsk command line to check the disk errors. Because the Protect Setting just says "Searching" at that time, so I assume the VSS service cannot gain information from Hard Drive. 

    http://technet.microsoft.com/en-us/magazine/ee872425.aspx

    Regards,
    Juke
    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact tnmff@microsoft.com.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Friday, October 14, 2011 2:59 AM
  • Hi,

    How's going?

    Please feel free to give us any update.

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Monday, October 17, 2011 9:49 AM
  • Please note my previous reference to the total removal of the PGP from the drive.  I ran the chkdsk command as recommended and as described in the link.  Remember this is a hybrid drive.  The utility ran in about 1/2 a second and flashed that the drive was clean, and then the machine booted into Windows.  Also note in my previous messages, that I checked the original drive and it had the same "searching" situation.  Obviously, the condition cloned when I cloned the drive.   I still suspect a registry issue as there must be some item that is not detected by these diagnostic tools that affects the resolution of the drives for setting System Protection parameters.
    Monday, October 17, 2011 1:12 PM
  • I have this same issue with a handful of users.  Easiest way to find out they have the problem is to go into System Protection and notice that the Available Drives will just say "Searching...".

    The main issue is that I cannot install or uninstall programs.  If you leave the install, it will take hours/overnight and it may finally complete.  My only exception to this so far is Flash and Shockwave Player updates from Adobe's website.  Acrobat Reader's install chokes at 96%.  Installs I've attempted are MS Access from ISO, MS updates from the update site (a 37KB file will take an hour), third party software from our network.

    We are running Windows 7 Pro 32-bit (some have SP1) on Dell Latitude 6420s and OptiPlex 380s.  Have Sophos anti-virus and Watchguard Firewall and IP over Ethernet switch.  (The IPoE seems to be intriguing as this one floor has been using it for a while with IP phone internet pass-through where the rest of the building is not.  I have had one desktop have this issue that is not on this one floor.)

    I've attempted turning on services: Microsoft Software Shadow Copy Provider, Windows Installer and Windows Backup.  I've run sfc /scannow and also sfc /offbootdir and /offwindir from System Recovery.  I've turned off the anti-virus, and even the USB and Floppy drive options in the BIOS.

    I've been able to fix this by running a Windows repair from the CD, but this is very time consuming and has its risks.  Ideally it would be nice to find out what is causing the problem or an easier solution.  I go to install software for someone and end up spending a day repairing their computer instead.

    -----------------

    VARIATION: Not sure if this is related.  On my computer (same IPoE floor), running Windows 7 Ultimate SP1, has the same "Searching" issue in System Protection but when I first open System Protection I get the error:
    "There was an unexpected error in the property page.  System Restore encountered an error. Please try to run System Restore again. (0x81000203)  Please close the property page and try again."
    I am able to install software still.  I've attempted solutions found online regarding starting the services above.  I also just installed SP1 with no change.

     

    Thanks much.

    Monday, October 17, 2011 5:42 PM
  • Lisa,

    Thanks for confirming this issue.  Your experience parallels mine to a great degree.  I first start noticing the problem when some installs took forever.  I can not prove it, but I suspect one of the numerous Microsoft updates that have been released in the last couple of months has caused this issue.  Everything was working excellently and suddenly installs became unbelievably slow.  I am sure this is happening as Windows 7 is trying to create a restore point which errors out.  Then the installs proceed.  I even found some articles that recommended re-registering various dll files with regsvr32.  That process failed midway through the recommended procedure.  I have run sfc and  chkdsk with no underlying problem being identified.  I believe that a subsequent Microsoft patch will resolve this problem.  I would not be surprised if this has something to do with .NET libraries.   I am tempted to use one of my Technet support instances for a Microsoft engineer to address.  I prefer not to do that as I don't necessarily wish to use that valuable resource on a Windows bug!  Thanks again.  I am sure this can be resolved.  Hopefully, an engineer will read the thread and provide a registry fix.


    • Edited by gmcfarlen Monday, October 17, 2011 7:33 PM
    Monday, October 17, 2011 7:32 PM
  • Can you try this

    regsvr32 spp.dll
    regsvr32 srcore.dll

    Also post the output of the following command:

    vssadmin listwriters

     


    Sumesh P - Microsoft Online Community Support
    Wednesday, October 19, 2011 9:54 AM
  • Sumesh,

    Thanks for joining.  I re-registered the two files without error.  I also ran the following:

    vssadmin list writers > listwriters.txt 

    The contents are posted below:

    vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
    (C) Copyright 2001-2005 Microsoft Corp.

    Writer name: 'Task Scheduler Writer'
       Writer Id: {d61d61c8-d73a-4eee-8cdd-f6f9786b7124}
       Writer Instance Id: {1bddd48e-5052-49db-9b07-b96f96727e6b}
       State: [1] Stable
       Last error: No error

    Writer name: 'VSS Metadata Store Writer'
       Writer Id: {75dfb225-e2e4-4d39-9ac9-ffaff65ddf06}
       Writer Instance Id: {088e7a7d-09a8-4cc6-a609-ad90e75ddc93}
       State: [1] Stable
       Last error: No error

    Writer name: 'Performance Counters Writer'
       Writer Id: {0bada1de-01a9-4625-8278-69e735f39dd2}
       Writer Instance Id: {f0086dda-9efc-47c5-8eb6-a944c3d09381}
       State: [1] Stable
       Last error: No error

    Writer name: 'System Writer'
       Writer Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Instance Id: {e9158e76-ed8f-49d9-9ff8-2da263952861}
       State: [1] Stable
       Last error: No error

    Writer name: 'ASR Writer'
       Writer Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
       Writer Instance Id: {d8b754ab-9faa-477c-a290-2f23d1631e59}
       State: [1] Stable
       Last error: No error

    Writer name: 'MSSearch Service Writer'
       Writer Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
       Writer Instance Id: {2f467c85-8bef-462e-b12f-d3e047880fb1}
       State: [1] Stable
       Last error: No error

    Writer name: 'WMI Writer'
       Writer Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
       Writer Instance Id: {4b1eec48-128e-4675-8d2d-b51ac1719a64}
       State: [1] Stable
       Last error: No error

    Writer name: 'BITS Writer'
       Writer Id: {4969d978-be47-48b0-b100-f328f07ac1e0}
       Writer Instance Id: {42cfd749-4c66-43ea-846e-b78b7f48b897}
       State: [1] Stable
       Last error: No error

    Writer name: 'Shadow Copy Optimization Writer'
       Writer Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
       Writer Instance Id: {f7fe4e59-0c9c-4f32-b5f5-9d465f985c62}
       State: [1] Stable
       Last error: No error

    Writer name: 'COM+ REGDB Writer'
       Writer Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
       Writer Instance Id: {f355c93c-c332-47f9-96f8-b5fea0ffc83c}
       State: [1] Stable
       Last error: No error

    Writer name: 'Registry Writer'
       Writer Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
       Writer Instance Id: {b93c04ea-f169-4ff8-966e-4f748d2d9a96}
       State: [1] Stable
       Last error: No error

    I restarted the machine and rechecked and there was no change and to repeat prior message the System Restore, Configure and Create buttons are all greyed out.

     


    • Edited by gmcfarlen Wednesday, October 19, 2011 12:44 PM
    Wednesday, October 19, 2011 12:36 PM
  • Good Morning.

    Registering the files on one of my problem computers succeeded.  No change as well.
    Below is the output from vssadmin listwriters.  I've also encountered two more computers in the past day that are having this issue.  They are not on my IPoE floor.  Thx

    --------------------------------------------------------

    vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
    (C) Copyright 2001-2005 Microsoft Corp.

    Writer name: 'Task Scheduler Writer'
       Writer Id: {d61d61c8-d73a-4eee-8cdd-f6f9786b7124}
       Writer Instance Id: {1bddd48e-5052-49db-9b07-b96f96727e6b}
       State: [1] Stable
       Last error: No error

    Writer name: 'VSS Metadata Store Writer'
       Writer Id: {75dfb225-e2e4-4d39-9ac9-ffaff65ddf06}
       Writer Instance Id: {088e7a7d-09a8-4cc6-a609-ad90e75ddc93}
       State: [1] Stable
       Last error: No error

    Writer name: 'Performance Counters Writer'
       Writer Id: {0bada1de-01a9-4625-8278-69e735f39dd2}
       Writer Instance Id: {f0086dda-9efc-47c5-8eb6-a944c3d09381}
       State: [1] Stable
       Last error: No error

    Writer name: 'System Writer'
       Writer Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Instance Id: {d66c8d41-9b77-40f8-8cd4-4857063dc37d}
       State: [1] Stable
       Last error: No error

    Writer name: 'ASR Writer'
       Writer Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
       Writer Instance Id: {bdb7c8a9-37c2-4dcf-9644-d26fcc41df23}
       State: [1] Stable
       Last error: No error

    Writer name: 'Registry Writer'
       Writer Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
       Writer Instance Id: {877b2cae-b807-4402-be56-3b261f183de0}
       State: [1] Stable
       Last error: No error

    Writer name: 'Shadow Copy Optimization Writer'
       Writer Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
       Writer Instance Id: {4c75644b-fd91-435c-b383-342380574223}
       State: [1] Stable
       Last error: No error

    Writer name: 'BITS Writer'
       Writer Id: {4969d978-be47-48b0-b100-f328f07ac1e0}
       Writer Instance Id: {f5172043-193a-4662-a833-c2fae4714b2a}
       State: [1] Stable
       Last error: No error

    Writer name: 'WMI Writer'
       Writer Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
       Writer Instance Id: {86373f8b-6e7e-4762-9578-c83fca77dc0b}
       State: [1] Stable
       Last error: No error

    Writer name: 'COM+ REGDB Writer'
       Writer Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
       Writer Instance Id: {7c9e4aa9-5ea0-439c-9ce3-2d396eed2be6}
       State: [1] Stable
       Last error: No error

    Writer name: 'MSSearch Service Writer'
       Writer Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
       Writer Instance Id: {78cb0cf0-45d5-4724-b2ce-e8fcb58b1947}
       State: [1] Stable
       Last error: No error

     

    Wednesday, October 19, 2011 1:21 PM
  • I performed the same vssadmin list on another computer with a functioning System Restore and it contains the same 11 Writers.  All of the Writer ID's are the same.  There is some variation in the Writer Instance ID's, if that is relevant.  All report No error under each Writer listing.

    Later in day:

    I attempted to repair the Windows 7 installation by booting from the Windows 7 installation DVD.  It detected the present Windows installation and advised I perform an upgrade install from inside Windows.  I restarted the machine and proceeded as suggested.  The installation failed as the installed Windows included SP1, and my installation disk did not.  I downloaded and created Window 7 SP1 32 bit via Technet and attempted another upgrade install and the compatibility checking ended with the following messages.  (I attempted this twice)

    The following issues are preventing Windows from upgrading. Cancel the upgrade, complete each task, and then restart the upgrade to continue.

    An error prevented a required compliance check from completing. Cancel the installation and try upgrading again.

    Upgrading Windows will affect the following devices and/or programs:

    These devices might not work properly after the upgrade. Before upgrading, we recommend updating the drivers for these devices. Cancel the upgrade, open Control Panel and search for "update device drivers", or go to the device manufacturer's website to search for updated drivers.

    I am not concerned with the second section and did not furnish the details.  However, since the compliance check failed, this is another indication that there is some corruption or missing registry of file information.   I do not know what additional tool or utility to attempt to remedy this.  If a upgrade / reinstall will not work, I must assume that it is time to wipe the drive and start over.  Since fellow subscriber Lisa_67 has detected this same issue on several machines, this drastic solution is not appealing for me and I suspect less so for her.  I am going to get Microsoft to use one of my support incidents and see if they can resolve.  I will then try to post the technique and results whether successful or not.  If I am lucky, maybe the use of the incident will be waived.

     

    • Edited by gmcfarlen Wednesday, October 19, 2011 9:37 PM
    Wednesday, October 19, 2011 1:34 PM
  • When booting through the DVD, there is an option to restore the computer using restore points created in 'system restore'

    What happens when you select that option? Does it identify the restore points?

    In normal windows mode, does the 'system Protection' page allow you to 'Create' a new restore point or does it throw an error/grayed out?

     

    what does vssadmin list shadows show?

    You can also check if VSS is working fine by creating a shadow copy using the following command: vssadmin create shadow /for=c:

     


    Sumesh P - Microsoft Online Community Support
    Thursday, October 20, 2011 12:22 PM
  • Thanks again for your suggestions. When booting from the DVD, no system restore points exist.  (Remember that I cloned from another drive and that drive exhibited the same problem.  I did not know the system protection was not working until I re-inserted that drive in machine and noted it).

    In normal windows mode the 'Create' button is greyed out.

    vssadmin list shadows produces no results.  In fact the windows seems to hang as if processing but nothing displays.  I had to ctrl-C to end the command.  I ran the command on another machine with functional System Protection and it listed results within a few seconds.  I went back to my problem machine and listed all of the supported commands with vssadmin /?.  The following options were listed.

    Delete Shadows, List Providers, List Shadows, List ShadowStorage, List Volumes, List Writers, Resize ShadowStorage.  I did not try Delete Shadows or Resize ShadowStorage.  However, only List Writers produced results of the other options.  Note, that create does not exist in the list.  So, when I tried your recommendation above, I received the response 'Error: Invalid command.

    Are there any other dll files that might need to be re-registered to enable this functionality?

    Thanks again.

    Thursday, October 20, 2011 1:29 PM
  •  

    What are the providers listed under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers ?

    By default there is only one - Microsoft Software Shadow Copy provider 1.0

     

    Also make sure that you are able to start the "Microsoft Software Shadow Copy Provider" service on the system. I think you already confirmed the status of the VSS service as working.

     


    Sumesh P - Microsoft Online Community Support
    Thursday, October 20, 2011 1:53 PM
  • I was able to reproduce the issue (searching...) at my end by disabling the "Microsoft Software Shadow Copy Provider" service on the system.

    Not sure if your issue is the same, so check the service status and let me know if it is able to start.

     

    It also throws the error 0x81000203 that Lisa reported.

     

     


    Sumesh P - Microsoft Online Community Support
    Thursday, October 20, 2011 2:05 PM
  • Sumesh, here are the answers to your previous two posts;

    Under the registry key, I have only one, the Microsoft Software Shadow Copy provider 1.0.

    I can turn Microsoft Software Shadow Copy Provider service off and on without incident.

    My System Protection status shows searching irregardless of whether the Microsoft Software Shadow Copy Provider service is running or not.

    What is the correct syntax of the vssadmin create shadow command you inquired about previously.  What happens if I chose the vssadmin delete shadows or vssadmin resize shadowstorage commands?

    I just researched vssadmin create shadow, and it is not available for Windows 7.
    • Edited by gmcfarlen Thursday, October 20, 2011 4:50 PM
    Thursday, October 20, 2011 4:28 PM
  • I ran all of the suggestions that Sumesh had with the same results as Gary:
    -No restore points
    -One VSS Provider in the registry, the Microsoft Software Shadow Copy provider 1.
    -VSSadmin list shadows produces no results
    -No option for vssadmin create shadow

    We started the thread with checking the Microsoft Software Shadow Copy Provider service, among others.  I have tried setting it to Automatic and even Delayed Start with no change.  This doesn't affect the error message I am receiving on my computer either.

    I did repair one of my problem computers last week using the OEM CD "upgrade" repair option since the user was out of the office.  But again, a good half day+  to do this and I'm finding other machines with the issue as I continue to work.

    Thanks for looking into this for us,

    Lisa

    Thursday, October 20, 2011 5:46 PM
  • Please get me a Process Monitor log file when you open the system protection tab.

    Open the my computer properties, then start process monitor, go back and now open "system protection". Let it run for few seconds and stop the log.

    Save it as a .pml file

     

     


    Sumesh P - Microsoft Online Community Support
    Monday, October 24, 2011 1:46 PM
  • Sumesh,

    I have the file you requested, but do not see an upload link option.  I will send as soon as I have a direct address or the option via this site.

    Tuesday, October 25, 2011 12:52 PM
  • Hi,

    Please send email to blrforum-at-microsoft-com (replace '-') I'll send an Secured FTP location.

     


    Ketan Thakkar | Microsoft Online Community Support
    Tuesday, October 25, 2011 3:38 PM
  • Hi,

    I looked at the logs and did not find any issues; however i dont belive that the logs were collected correctly as i cannot find the system restore function being called or related registry keys enumerated.

    Please get the log once again. Start process monitor first, then launch systempropertiesprotection.exe, let it search for drives for 5 seconds and stop the log.

     

     


    Sumesh P - Microsoft Online Community Support
    Thursday, October 27, 2011 8:18 AM
  • Sumesh,

    I am uploading another file.  I am not sure if you will see any system restore function.  As I noted previously, all of the buttons, including System Restore are greyed out.  I followed your instructions exactly, but the only thing I can do is click the "System Protection" tab and under drives it says "searching" and nothing else can be selected to yield different results.

    Thursday, October 27, 2011 7:50 PM
  • This time it did capture the required information, however i couldnt find what is causing the issue.

     

    I would suggest that you try

    Check if you are getting any errors in the eventlog regarding to system restore, WMI, DCOM etc

    Check if the issue continues in clean boot environment. http://support.microsoft.com/kb/929135

    Use Depends.exe to open systempropertiesprotection.exe, then profile it to look for any obvious failures: http://blogs.technet.com/b/askperf/archive/2010/06/25/analyze-application-failures-the-easier-way-with-dependency-walker.aspx

     

    If the issue persists, i'd suggest that you open a paid support incident to get more detailed logs and troubleshooting.

     

     


    Sumesh P - Microsoft Online Community Support
    Friday, October 28, 2011 6:07 AM
  • I do not see any event viewer entries pointing to WMI, but there are numerous VSS entries.  All of this appears to have started on or around September 2nd or 3rd.  I can send you the event logs for review if you wish.  With respect to the clean boot, I have been running the machine in that mode for several weeks as this discourse continued.  I tried the depends.exe program.  While very informative, the results did not appear to be different from those obtained on a machine with a functional system restore.  After spending several more hours researching this issue, I suspect I am left with few options.  I will see if a support incident yields any better results.

    Saturday, October 29, 2011 7:09 PM
  • I have not been able to run the logs or other processes since my last entry.  I have to interrupt a user every time to do so.  At this time I have run into at least 10 Windows 7 computers with this problem.  I've repaired a couple with running the Windows repair since the timing was good, but I need to resolve the others. 

    Gary, please let me know if your support incident results in anything useful.  Thanks.

    Monday, October 31, 2011 3:26 PM
  • I have experienced the same problem on a new PC running Windows 7 SP1 x64. When I first set the PC up system restore was working normally.

    Subsequently over the following weeks I had loaded all the software used the original XP Pro PC. When I had a Windows update error and tried to run the system restore, the system reported the restore error 0x810000203 and the system protection tab was greyed out.

    I scoured the internet for solutions, checked shadow copy was running, run the sfc scan etc etc etc without success.

    I just happenend to read an article that related to Tune up Utilities 2010/2011 that mentioned if you ran the "Turbo Mode" it disabled the sytem restore in Windows 7. I had Tune-Up 2010 on the previous XP Pro PC and had no problems.

    I removed Tune-Up 2010 that was on the PC without effect, then I re-ran all the system checks, registry checks again without success.

    As a last resort, I updated my Tune-Up 2010 to the 2012 version, voila!, sytem restore is working again! This not an advert for Tune-Up but a cautionary tale of being careful when installing this type of settings/registry editing software that may not be compatable with your operating system.

    • Proposed as answer by SunshineJohn Tuesday, November 01, 2011 5:34 PM
    • Unproposed as answer by Sumesh PModerator Thursday, November 17, 2011 4:50 AM
    Tuesday, November 01, 2011 5:30 PM
  • Unfortunately I don't use Tune-up or any other utility like that, so that is not my problem in this case.  Thanks for the suggestion.
    Tuesday, November 01, 2011 5:42 PM
  • Gary,

    Please share your event logs with the VSS errors.

    What Roxio softwares are you using?, I came across some issues with System Restore and some Roxio backup s/w conflict in their forums. Can you try uninstalling them?

     


    Sumesh P - Microsoft Online Community Support
    Wednesday, November 02, 2011 3:41 AM
  • Thanks for participating.  As part of the troubleshooting efforts, I had installed a program called Registry Booster on this machine after the problems began.  Even though it found numerous registry errors and "fixed" them, its presence or subsequent removal had no effect on my non-working System Restore function.  But thanks for the suggestion.
    Wednesday, November 02, 2011 10:13 AM
  • Sumesh,

    I have an two application event logs, one unfiltered, and one filtered for errors that I can send you.  Please advise how you would like them forwarded to you.  Via FTP as before?  I have Roxio Easy Media Creator 9 installed on this machine.  I will remove later today and report the effects of its removal.

     

    Wednesday, November 02, 2011 10:26 AM
  • We are also using Roxio Creator that comes with the Dell computers.  No specific Roxio backup software though.  To uninstall any program will take all day, which is part of the original issue.
    Wednesday, November 02, 2011 12:39 PM
  • I dont have much confidence for Roxio creator as its just a DVD burning app, its backup solution was the one with reported conflict with SR.

    But if you get the chance, do give it a try!

    I suggest one or all of you to open a support incident to resolve this issue as I have run out of options to troubleshoot through Forums.

    Do paste the VSS error events.

     

     


    Sumesh P - Microsoft Online Community Support
    Wednesday, November 02, 2011 2:33 PM
  • yes, use SFT as before.
    Sumesh P - Microsoft Online Community Support
    Wednesday, November 02, 2011 2:35 PM
  • I have uploaded two evtx log files.  One is very small and is filtered for VSS type events.  The other one is large contains all the events for a day or so.
    Wednesday, November 02, 2011 9:29 PM
  • I removed all of the Roxio items and this did not help.  It looks like I finally have to go the support incident route.  I will post the results of that endeavor.
    Wednesday, November 02, 2011 9:46 PM
  • Looking at the events there are multiple possible causes:

    Dcom, COM+ or VSS issue

    Open dcomcnfg expand nodes and see if it is shown as down (red arrow)

    Make sure "COM+ system application" and "Microsoft Distributed Transaction Coordinator" services are running

    Try replacing swprv.dll from a working machine

    Search the registry for {4db9c793-c48d-449c-9754-46027ee45c94} and {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and compare the permissions with a working machine.

     

    That is all I can suggest now, if issue persists as said earlier we will investigate indepth - DCOM,VSS. Hence you will need to go the support incident route.

     

     


    Sumesh P - Microsoft Online Community Support
    Thursday, November 03, 2011 8:15 AM
  • Sumesh,

    I opened the dcomcnfg as your recommended.  There are no functions that are listed as down (red arrow).  The "COM+ system application" is running.  There is no item for "Microsoft Distributed Transaction Coordinator" under the service item listings.  I checked another machine and it does not have that service either.  That item is listed in the dcomcnfg panel and does not appear to be down.

    tried to replaced the swprv.dll file but I was prevented from doing anything to that file, either renaming, deleting, etc.  Whether I am logged in as administrator, admin user, etc., safe mode or otherwise, I always receive, "Access is denied".  Finally, I was able to wrestle the ownership away from "Trusted Installer" and delete the file.  I replaced it with a copy from another machine.  

    I searched the two key references provided and the first one looked the same on both machines.  However, the second one appeared several more times on the problem machine with KEY references of VSSW.VSSoftwareProvider and VSSW.VSSoftwareProvider.1.  I exported those sections and deleted from registry. 

    After all of these efforts, I restarted the computer.  I rechecked the status of the System Protection tab under System Properties and there was no change!  If I was using a ball-peen hammer, my head would be quite lumpy by now!

    I am supposed to have a support incident in about an hour.  I am not particularly optimistic at this time.  Will update after session.

    Thursday, November 03, 2011 7:29 PM
  • Do let us know the outcome.

    You can also send me the case num via email if you wish.

     


    Sumesh P - Microsoft Online Community Support
    Friday, November 04, 2011 4:18 AM
  • My case, 111110301297145, initiated yesterday.  The support rep is very patient and is being very thorough.  However, we have each spent 6+ hours so far with no resolution.  I bet I have 20-30 additional hours that I have devoted to this during the course of this thread and previously.  I found another similar discussion that recommended using BartPE and mbrfix to address VSS related issues.  Following that procedure made the machine unbootable.  However, I was able to reverse the effects with the same tools and this returned me to my original state of the broken "System Restore" function.  This issue is so deeply entrenched that it is interfering with install/uninstall efforts.  I will provide more updates as they are available.
    Friday, November 04, 2011 7:50 PM
  • One last submission.  Today is the 16th.  My support incident has been open for 12 days and my support engineer has diligently maintained contact, passed along suggestions, and worked along with me on a regular basis to help resolve the issue.  None of her suggestions resolved my problem.  However, all was not lost.  The following is my report to her after I lucked into the solution:

    Bharati,

    Success!  It was none of your suggestions or any that were in the various posts.  I have felt all along that this issue was due to either Symantec’s PGP disk encryption or Norton Ghost product.  Symantec did not ever offer any acknowledgement that these products could be the origin of my failed System Protection.  Before I started this final corrective effort, I made sure that all Symantec products had been uninstalled to whatever extent necessary.  I then manually deleted every directory and subdirectory from my C: drive that was named either Symantec or Norton.  This included any files in those directories.  Finally, I opened regedit and search the registry for “Symantec” or “Norton” and manually deleted every top-level key found.  (Note, I had backed up the registry before this activity).  There were a few legacy keys that I could not delete because of permission issues.  However, they were few in number and I was able to delete numerous other entries.  Once complete, I restarted the computer, opened the System Protection tab under System Properties and the “System Restore”, “Configure” and “Create” buttons were no longer greyed out.  The “Available” drives box resolved and displays my C: drive now.  I created a manual restore point to test and the restore point was created in a matter of seconds.  I believe this issue is now resolved.  Please add these notes to your records.  I will post this information on the same thread that I started long ago for others to use.  I will also submit this information to Symantec to contradict their “blamelessness”.  Thank you for your persistent and diligent help.  Even though you did not find the solution, you did not give up and I appreciate that.  However, I feel Symantec should reimburse for the use of my Tech support incident as this was not a Microsoft issue, but a Symantec issue.

    The key to this issue was comparing registry entries between a functioning system and my problematic system.  The comparisons were made using a "systemrestore" search on both systems.  I noted that there were a number of entries of Symantec VSS related entries in my problematic machine.  Once those were deleted, that functionality returned.  Was that the only cause?  I have spent so much time and made so many changes, I cannot say for sure.  I also knew the risks associated with registry manipulation but felt the answer was in the registry.  The machine ran too well in all other respects.  So this analysis may work for some, and will not work for others.  Symantec will now receive my attention.

    Thursday, November 17, 2011 3:57 AM
  • Unfortunately I don't have any Symantec or Norton products installed on my computers.  Almost every one of them has been Windows 7, no SP1 installed.  There was one that was SP1 but I don't know if it was installed later or came with it installed.

    Unfortuntately Gary's "fix" does not work for me.  I searched the registry for Symantec and found nothing.  Norton only turns up one key: 
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\NortonSystemInfo

    I'm finding more of these systems daily and still the only repair is 4-5 hours to run a complete Win7 repair.  So the above solution is not universal.  Thanks.

    Thursday, November 17, 2011 5:18 PM
  • As a follow-up to my previous post, I have reinstalled my original drive that was suffering from the same "greyed out" issue that originated this thread. The following is a lengthy and detailed review of the steps that I took to confirm my issue was related to what appears to be a Symantec product. While this specific solution may not apply to Lisa_67 or others, it might provide some insight into the registry area that was at issue.

     

    1. Scanned registry for "systemrestore" looking for VSS provider references.

    2. Removed providers other than Microsoft (Symantec in my case) from the following registry keys: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}

    3. Reboot and check (no change)

    4. Remove Norton and Symantec files and directories.

    5. Reboot and check (no change)

    6. Referred to http://social.technet.microsoft.com/Forums/en-US/w7itprogeneral/thread/b46ab320-c7d9-45c6-a2cc-2fc9a7b275fb, specifically changing registry key setting as recommended by Kapil Oberoi on April 20, 2011

    7. Reboot and check (no change)

    8. Reopen registry and review Norton related keys. Remove keys a few at a time, reboot and check (no change until the following),

    9. Reopen registry and delete the following key; HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3

    10. Reboot and check; Success! The "System Protection", "Create restore points", etc is back. This once key appears to be my culprit. (Content of key is at the end of this post)

    11. To confirm my solution, reimport the deleted key and functions are greyed out again, and they are.

    12. Re-delete key, reboot and confirm System Protection functions are re-enabled.

    As I stated in my previous post, this registry change may not solve other's similar problem. However, you may wish to check this part of the registry to determine if some other conflicting key is preventing your System Protection function also. Be sure to export your entire registry before you start and also export the specific keys you suspect before you delete them. Also, please note the reference to the other Technet article above which has proved helpful to others.

     

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3]

    "BuildNumber"=dword:00001270

    "BuildType"="Free"

    "Com+Enabled"=dword:00000001

    "CurrentSchemaVersion"=dword:00000054

    "PartitionsEnabled"=dword:00000000

    "RegDBAutoBackUp"=dword:00000001

    "REGDBVersion"=hex:15,00,00,00,00,00,00,00

    "RemoteAccessEnabled"=dword:00000001

    "MaxLogFiles"=dword:0000000a

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Eventlog]

    "SuppressDuplicateDuration"=dword:00015180

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\AppID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\AppID\SymSnapProvider.DLL]

    "AppID"="{34B9A964-8798-4832-A8B4-57BE9138B643}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\AppID\{34B9A964-8798-4832-A8B4-57BE9138B643}]

    @="SymSnapProvider"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\CLSID\{1B7AE7E6-885A-4472-B569-030B943DE711}]

    @="SymVssEnumObjectImpl Class"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\CLSID\{1B7AE7E6-885A-4472-B569-030B943DE711}\InprocServer32]

    @="C:\\Program Files\\Norton Ghost\\Shared\\Drivers\\SymSnapProvider.dll"

    "ThreadingModel"="Both"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\CLSID\{1B7AE7E6-885A-4472-B569-030B943DE711}\ProgID]

    @="SymProvider.SymVssEnumObjectImpl.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\CLSID\{1B7AE7E6-885A-4472-B569-030B943DE711}\Programmable]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\CLSID\{1B7AE7E6-885A-4472-B569-030B943DE711}\TypeLib]

    @="(4D289D7C-3437-4ffe-9216-FB1AB1FF91C3)"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\CLSID\{1B7AE7E6-885A-4472-B569-030B943DE711}\VersionIndependentProgID]

    @="SymProvider.SymVssEnumObjectImpl"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\CLSID\{790F2886-9889-4C99-8EF5-531ADD05D044}]

    @="SymProviderImpl Class"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\CLSID\{790F2886-9889-4C99-8EF5-531ADD05D044}\InprocServer32]

    @="C:\\Program Files\\Norton Ghost\\Shared\\Drivers\\SymSnapProvider.dll"

    "ThreadingModel"="Both"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\CLSID\{790F2886-9889-4C99-8EF5-531ADD05D044}\ProgID]

    @="SymProvider.SymProviderImpl.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\CLSID\{790F2886-9889-4C99-8EF5-531ADD05D044}\Programmable]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\CLSID\{790F2886-9889-4C99-8EF5-531ADD05D044}\TypeLib]

    @="{8E32B073-A490-4153-ADF6-7E6CBF2C32A0}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\CLSID\{790F2886-9889-4C99-8EF5-531ADD05D044}\VersionIndependentProgID]

    @="SymProvider.SymProviderImpl"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\Interface]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\SymProvider.SymProviderImpl]

    @="SymProviderImpl Class"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\SymProvider.SymProviderImpl\CLSID]

    @="{790F2886-9889-4C99-8EF5-531ADD05D044}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\SymProvider.SymProviderImpl\CurVer]

    @="SymProvider.SymProviderImpl.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\SymProvider.SymProviderImpl.1]

    @="SymProviderImpl Class"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\SymProvider.SymProviderImpl.1\CLSID]

    @="{790F2886-9889-4C99-8EF5-531ADD05D044}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\SymProvider.SymVssEnumObjectImpl]

    @="SymVssEnumObjectImpl Class"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\SymProvider.SymVssEnumObjectImpl\CLSID]

    @="{1B7AE7E6-885A-4472-B569-030B943DE711}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\SymProvider.SymVssEnumObjectImpl\CurVer]

    @="SymProvider.SymVssEnumObjectImpl.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\SymProvider.SymVssEnumObjectImpl.1]

    @="SymVssEnumObjectImpl Class"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\SymProvider.SymVssEnumObjectImpl.1\CLSID]

    @="{1B7AE7E6-885A-4472-B569-030B943DE711}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\SelfReg\TypeLib]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Setup]

    "Install Mode"=dword:00000001

    "Install Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\

    00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,00,00

    "Major Version"=dword:00030000

    "Minor Version"=dword:00001270

    "Progman Folder"="Administrative Tools"

    "Source Drive Type"="CD-ROM"

    "Source Path"="D:\\"

     

    • Proposed as answer by christhepcguy Saturday, January 04, 2014 11:36 PM
    Friday, November 18, 2011 7:05 PM
  • I'm going to add my two cents worth here. I've tried to utilize System Restore on multiple client computers over the past year to try an back over acquired viruses and for other issues. On all of these Windows 7 computers, System Restore NEVER worked! Not once! And I've almost never had a failure of System Restore on an XP or Vista system!

    In my opinion, Microsoft totally screwed the pooch with Windows 7 System Restore.

    One other data point. When System Restore failed on my own Windows 7 computer, I uninstalled Avira Antivir (Version 12), and then after rebooting, lo and behold, System Restore worked! I strongly suspect that System Restore will fail on any Windows 7 computer that has avira antivir installed.

    As as an aside, as far as I'm concerned antivir and the rest are worse than useless. They do not stop viruses from being installed, but they do produce large numbers of false alarms and interminably interfere with legitimate operations. I've dropped antivirus programs asstotally from my system and run my daily work from a Standard/Limited account that has been further locked down by locking .exe (and other) file association hooks, as well as locking several other commonly invaded hooks that have no business being in a Standard/Limited account in the first place.

    Saturday, February 18, 2012 7:01 PM
  • In ny experience, System Restore invariably works when one can see the backup disk which I am having truble with now.

    Renee


    "MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me


    Sunday, February 19, 2012 12:33 PM
  • Hi Sumesh;

    I am having the same problem.  Long installs and uninstalls, cannot find or create restore points, VSS fine, scannow perfect.  However, I did try your VSSADMIN idea, and it runs fine, but then calling vssadmin list writers, I get nothing after 8 hours so I killed.  Then I called vssadmin list ShadowStorage, and got what you see below.  What does "(C:)\\?\Volume" indicate?

    --------------------------------------------------------------------------------

    C:\Windows\system32>vssadmin list writers
    vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
    (C) Copyright 2001-2005 Microsoft Corp.

    Waiting for responses.
    These may be delayed if a shadow copy is being prepared.

    ^C
    C:\Windows\system32>vssadmin list providers
    vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
    (C) Copyright 2001-2005 Microsoft Corp.

    Provider name: 'Microsoft Software Shadow Copy provider 1.0'
       Provider type: System
       Provider Id: {b5946137-7b9f-4925-af80-51abd60b20d5}
       Version: 1.0.0.7

    C:\Windows\system32>vssadmin list ShadowStorage
    vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
    (C) Copyright 2001-2005 Microsoft Corp.

    Shadow Copy Storage association
       For volume: (C:)\\?\Volume{a9ee2e36-fda8-4c7d-8470-f5084102ade6}\
       Shadow Copy Storage volume: (C:)\\?\Volume{a9ee2e36-fda8-4c7d-8470-f5084102ad
    e6}\
       Used Shadow Copy Storage space: 0 B (0%)
       Allocated Shadow Copy Storage space: 0 B (0%)
       Maximum Shadow Copy Storage space: 186.258 GB (20%)
    Tuesday, March 27, 2012 1:46 PM
  •   The "System Protection" tab does not even show up in "safe" mode. 

    Don't want to derail this too much, but who was the rocket scientist who came up with that brillinat idea?  Honestly, most users will be fiddling with system restore when their virus removal tool tells them to turn it off.  If they are trying to remove a virus, they're probably going to be in safe mode.  Who decided that it would be a good idea to remove access to this when it is likely to be neede most?
    Wednesday, October 10, 2012 1:27 PM
  • Hi gmcfarlen,

    I fixed this problem bey running the diagnostic memory check ; hope you find this helpful


    Bridget Kate

    Sunday, June 09, 2013 12:06 PM
  • Thanks for the input. Turning to standard mode from Turbo helped me.
    Tuesday, October 01, 2013 2:10 PM
  • You rock. I've had this problem for months. All started with my Home Server auto backups failing on my Windows 7 x64 machine. Uninstalled the Home Server Connector software and then still wasn't even getting restore points which I never notices for a few months. Removing that COM3 Key worked. Thank You, Thank You, Thank You.
    Saturday, January 04, 2014 11:39 PM