none
ESENT Event ID 482 followed by 408 - Backup of NTDS fails followed by VSS warning ID 8229

    Question

  • Hi all.

    I have a Windows Server 2008 R2 SP1 Domain Controller on which backup of the AD database fails. I've tried both rebooting, re-registering the components as listed in various articles (like this one ) etc. No luck so far.

    Any input is appreciated.

    Background Information:

    Log Name:      Application
    Source:        ESENT
    Date:          19.04.2012 23:17:18
    Event ID:      482
    Task Category: General
    Level:         Error
    Description:
    lsass (484) An attempt to write to the file "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy22\Windows\NTDS\edb.log" at offset 6628864 (0x0000000000652600) for 512 (0x00000200) bytes failed after 0 seconds with system error 19 (0x00000013): "The media is write protected. ".  The write operation will fail with error -1032 (0xfffffbf8).  If this error persists then the file may be damaged and may need to be restored from a previous backup.

    And then:

    Log Name:      Application
    Source:        ESENT
    Date:          19.04.2012 23:17:18
    Event ID:      408
    Level:         Error
    Description:
    lsass (484) Unable to write to logfile \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy22\Windows\NTDS\edb.log. Error -1032 (0xfffffbf8).

    This is immediately followed by

    Log Name:      Application
    Source:        VSS
    Date:          19.04.2012 23:17:18
    Event ID:      8229
    Level:         Warning
    Description:
    A VSS writer has rejected an event with error 0x800423f4, The writer experienced a non-transient error.  If the backup process is retried,
    the error is likely to reoccur.
    . Changes that the writer made to the writer components while handling the event will not be available to the requester. Check the event log for related events from the application hosting the VSS writer.

    Operation:
       PostSnapshot Event

    Context:
       Execution Context: Writer
       Writer Class Id: {b2014c9e-8711-4c5c-a5a9-3cf384484757}
       Writer Name: NTDS
       Writer Instance ID: {1e5e9e4a-3b92-4a38-b0f9-6053cfec5867}
       Command Line: C:\Windows\system32\lsass.exe
       Process ID: 484
    Event Xml:
      <System>
        <Provider Name="VSS" />
        <EventID Qualifiers="0">8229</EventID>
        <Level>3</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2012-04-19T21:17:18.000000000Z" />
        <EventRecordID>112070</EventRecordID>
        <Security />
      </System>
      <EventData>
        <Data>0x800423f4, The writer experienced a non-transient error.  If the backup process is retried,
    the error is likely to reoccur.
    </Data>
        <Data>

    Operation:
       PostSnapshot Event

    Context:
       Execution Context: Writer
       Writer Class Id: {b2014c9e-8711-4c5c-a5a9-3cf384484757}
       Writer Name: NTDS
       Writer Instance ID: {1e5e9e4a-3b92-4a38-b0f9-6053cfec5867}
       Command Line: C:\Windows\system32\lsass.exe
       Process ID: 484</Data>
        <Binary>2D20436F64653A20575254575254494330303030353239392D2043616C6C3A20575254575254494330303030333336352D205049443A202030303030303438342D205449443A202030303030303534302D20434D443A2020433A5C57696E646F77735C73797374656D33325C6C736173732E6578652020202D20557365723A204E616D653A204E5420415554484F524954595C53595354454D2C205349443A532D312D352D313820</Binary>
      </EventData>
    </Event>

    ##########################

    VSSADMIN LIST WRITERS:

    vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
    (C) Copyright 2001-2005 Microsoft Corp.

    Writer name: 'Task Scheduler Writer'
       Writer Id: {d61d61c8-d73a-4eee-8cdd-f6f9786b7124}
       Writer Instance Id: {1bddd48e-5052-49db-9b07-b96f96727e6b}
       State: [1] Stable
       Last error: No error

    Writer name: 'VSS Metadata Store Writer'
       Writer Id: {75dfb225-e2e4-4d39-9ac9-ffaff65ddf06}
       Writer Instance Id: {088e7a7d-09a8-4cc6-a609-ad90e75ddc93}
       State: [1] Stable
       Last error: No error

    Writer name: 'Performance Counters Writer'
       Writer Id: {0bada1de-01a9-4625-8278-69e735f39dd2}
       Writer Instance Id: {f0086dda-9efc-47c5-8eb6-a944c3d09381}
       State: [1] Stable
       Last error: No error

    Writer name: 'System Writer'
       Writer Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Instance Id: {9acf5909-4638-403b-b9b3-1dec07b8f354}
       State: [1] Stable
       Last error: No error

    Writer name: 'ASR Writer'
       Writer Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
       Writer Instance Id: {c1b05be0-d49f-4ea4-8729-21823a68636b}
       State: [1] Stable
       Last error: No error

    Writer name: 'Registry Writer'
       Writer Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
       Writer Instance Id: {e2bb1829-d4fa-475b-9904-5fc340dd1be3}
       State: [1] Stable
       Last error: No error

    Writer name: 'COM+ REGDB Writer'
       Writer Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
       Writer Instance Id: {b6a1ef8c-50f6-45f1-8631-caa74871514c}
       State: [1] Stable
       Last error: No error

    Writer name: 'FRS Writer'
       Writer Id: {d76f5a28-3092-4589-ba48-2958fb88ce29}
       Writer Instance Id: {431d0055-86e7-4687-92e4-17a62ed79dcf}
       State: [5] Waiting for completion
       Last error: No error

    Writer name: 'WMI Writer'
       Writer Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
       Writer Instance Id: {1230f882-60ca-44d8-baf7-997a6d5d8405}
       State: [5] Waiting for completion
       Last error: No error

    Writer name: 'BITS Writer'
       Writer Id: {4969d978-be47-48b0-b100-f328f07ac1e0}
       Writer Instance Id: {3b697de8-989f-4bb9-a7e3-21f753ec8f20}
       State: [1] Stable
       Last error: No error

    Writer name: 'NTDS'
       Writer Id: {b2014c9e-8711-4c5c-a5a9-3cf384484757}
       Writer Instance Id: {1e5e9e4a-3b92-4a38-b0f9-6053cfec5867}
       State: [11] Failed
       Last error: Non-retryable error

     

    I've noticed that the "'Shadow Copy Optimization Writer" is missing and I have not been able to get it back by running the re-registering commands as mentioned above.

    Thursday, April 19, 2012 9:58 PM

All replies

  • First of all. execute the chkdsk /f c:\ and restart the server and execute the vssadmin list writer to see the problem status.

    Execute diskshadow -l C:\log.txt and then execute list writers command. After that, email me the log.txt at a.alikhani@hotmail.com. Beside that, please look at the following article and see it applies to your problem:

    http://support.microsoft.com/kb/2019392

    Please feel free to let us know if you have any question or concern.


    Please VOTE as HELPFUL if the post helps you and remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.



    • Edited by R.Alikhani Friday, April 20, 2012 5:57 AM
    Friday, April 20, 2012 4:55 AM
  • Alikhani, thank you for your response.

    CHKDSK is executed, no errors detected and thus none fixed.

    diskshadow - I've uploaded the log file here.

    KB 2019392 - Doesn't seem relevant, none of the listed problems/solution suggestions seem to apply.

    Thanks again for your time.

    Monday, April 23, 2012 8:34 PM
  • Perform a clean boot, rerun your scenario and then report back the result.

    1. Click "Start", go to "Run", and type "msconfig" in the open box to start the System Configuration Utility.

    2. Click the "Services" tab, check the "Hide All Microsoft Services" box and click Disable All (if it is not gray).

    3. Click the "Startup" tab, click "Disable All" and click "OK".

    4.  Restart your computer. When the "System Configuration Utility" window appears, please check the box and click "OK".

    Please VOTE as HELPFUL if the post helps you and remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, April 24, 2012 3:02 AM
  • Hi,

    Did you use Windows Server Backup shipped with Windows Server 2008 to back up your server, or some other third-party backup applications? If you are using some third party applications, please try the build-in Windows Server Backup program to see whether it works.

    When you perform a system state backup on a domain controller that is running Windows Server 2003 with Service Pack 1 or Windows Server 2003 with Service Pack 2, Backup may fail

    http://support.microsoft.com/kb/909265

    BTW, please refer to the following thread.

    http://social.technet.microsoft.com/Forums/en-US/windowsbackup/thread/9a4005de-ef65-4482-bb4a-069b9d085aa7


    Jeff Ren TechNet Community Support beneficial to other community members reading the thread.

    Wednesday, April 25, 2012 7:08 AM
  • Guys, thank you for your response.

    Alikhani:

    I've uploaded the diskshadow logfile here.

    Ren:

    The server has got an backup agent from Symantec (ver. 13.0.5204) but neither Windows native backup nor BE succeedes.

    Veeam is used for snapshots (but no agents are installed) and Veeam-backup does not work either.The MS KB does not apply to my environment.



    • Edited by RobertPA Wednesday, April 25, 2012 10:07 PM Clarification
    Wednesday, April 25, 2012 9:37 PM
  • Hi,

    According to your description, it seems that your server had installed Veeam backup software and Symantec, this problem is likely related to third-party backup software.

    Based on previous experience, I suggest you uninstall the other backup software and retry operation, as the windows  server backup is not compatible with the veeam and Symantec.

    BTW, you may try to ask veeam forum for help, perhaps there can help you.

    http://forums.veeam.com/viewforum.php?f=2



    Thursday, April 26, 2012 2:54 AM
  • Ren,

    I had a feeling I'd get that answer... According to my logs, the errors occur when the ESENT engine attempts to write to the file "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy[XXX]\Windows\NTDS\edb.log" - Are you saying that the third party backup SW might be messing with the basics of VSS and thus causing the problems? I have a DC that's identically confgured, no problems whatsoever there.

    SFC /VERIFYONLY reports a lot of errors, so there's more than one issue with this server. I will probably end up reinstalling it.

    I will try by running SFC /SCANNOW and removing all third party backup SW at earliest and post an update :)

    Apart from that, does anyone know how to get the "Shadow Copy Optimization Writer" back (re-registered)?

    Thank you for your input.

    Thursday, April 26, 2012 7:04 PM
  • Please do the following actions:

    1. Clear events in backup section of the Event Viewer.

    2. Go to C:\Windows\Logs\WindowsServerBackup and delete everything from there.

    3. Please download the Wbdiag diagnostic tool from the following link.

    https://skydrive.live.com/?cid=26139043773c1011&id=26139043773C1011!214

    4. Execute the version that best matches the architecture of your server's operating system.

    5. To begin collecting the required log files, execute %SystemDrive%\wbdiag\StartWbdiag.cmd from an elevated Command Prompt.

    6. Reproduce your scenario.

    7. After the problem appeared, press <Enter> in the Command prompt to stop the tracing.

    8. The data collected is saved in the WBDiag-yyyy-mm-dd-hh-mm-ss directory. Zip this folder and upload it somewhere and then provide us the link of the upoloaded zip file to analyze your problem thoroughly.


    Please VOTE as HELPFUL if the post helps you and remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, April 26, 2012 8:44 PM
  • Hi,

    Please look into the following thread, I think it is similar to your current issue, Perhaps it is caused by third-party software.

    http://social.technet.microsoft.com/Forums/en-US/windowsbackup/thread/b131b961-3f5a-45e6-803e-634a5ff5b603


    Jeff Ren TechNet Community Support beneficial to other community members reading the thread.


    Friday, May 04, 2012 2:32 AM
  • Update: I reached the point where setting up a new DC took less time&effort than researching a probable lost cause. The problem server is demoted but not deleted so if I find the time I'll be doing some more research.

    Thanks for all input.

    Tuesday, October 09, 2012 2:56 PM