none
'vssadmin list shadows' creates shadow copies

    Domanda

  •  

    I queried our servers for a list of Shadow Copies using the commands listed below and there were errors reported as a result of me querying. Is this normal behavior as a result of the query, am I doing something wrong or is there an issue on the server ?

    vssadmin list shadows

    and 

    vssadmin list writers



    It appears that when I do that it creates Shadow Copies...

    CreationTime ShadowCopyID OriginalVolume ShadowCopyVolume Machine 4/20/2018 7:00:00 AM {6174bb9d-9fb4-4273-853a-4b99dec84169} (C:)\\?\Volume{a8f85e33-2207-11e6-80b5-806e6f6e6963}\ \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy10 server.xxxi.corp 4/20/2018 12:00:00 PM {7e165b09-04bf-47ba-b00e-59a7163022c6} (C:)\\?\Volume{a8f85e33-2207-11e6-80b5-806e6f6e6963}\ \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11 server.xxxi.corp

     

    and also these error events are logged:

    May 15th 2018, 07:00:09.000    servername.domain.com   Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1601737501-2236276997-3000204151-6444.bak).  hr = 0x80070539, The security ID structure is invalid.

    .

    Operation:    OnIdentify event    Gathering Writer Data

    Context:    Execution Context: Shadow Copy Optimization Writer    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}    Writer Name: Shadow Copy Optimization Writer    Writer Instance ID: {d04e9c8d-0084-48ec-ba49-1d3e9c2812db}


    • Modificato Firmbyte martedì 15 maggio 2018 16:08
    martedì 15 maggio 2018 16:06

Tutte le risposte

  • Hi Firmbyte,
    You mean you see event 8193? This event indicates that an unexpected Volume Shadow Copy Service (VSS) error has occurred.

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee264196(v=ws.10)

    According to the results, it seems that Volume Shadow Service (VSS) 'Shadow Copy Optimization Writer' is not fuctioning correctly

    May I ask if you run vssadmin list writers, anything wrong? If all your VSS writers are in stable state?

     Please also follow the guide to do a check.

    https://blogs.technet.microsoft.com/jonjor/2010/02/18/scvmm-p2v-fails-with-at-40-percent-with-0x809933bb-or-0x80070539/

    https://social.technet.microsoft.com/Forums/ie/en-US/7b52f7c1-a783-409e-9af3-da64567676df/vss-error-8193?forum=winserverfiles

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    mercoledì 16 maggio 2018 02:34
    Moderatore
  • Yes event 8193, "Volume Shadow Copy Service (VSS) error has occurred".

    Yes in the registry there are profiles with .bak.

    I'm trying to figure out why....is the vssadmin causing it ?

    mercoledì 16 maggio 2018 11:19
  • I used this PS query to loop through the severs and find the registry entries with .bak suffixes

    ($RegENtries = Invoke-Command -ComputerName  $servers {(dir 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList' ) }) | `
        ?{$_ -match "bak"}  | `
        Select PSComputerName, Name, PSChildName, @{N='SID'; E={$_.PSChildName -replace('.bak','') }} |  Format-List 

    I'm still not sure if running the vssadmin, perhaps as someone logs on/off, is causing the profiles to be backed up. I've seen articles that suggest it's just a WinOS issue, was hoping for a "it's xyz" and the fix is.....


    • Modificato Firmbyte mercoledì 16 maggio 2018 14:25
    mercoledì 16 maggio 2018 14:24
  • Hi Firmbyte,

    Thanks for your feedback. May I ask  if  removing that subkey, does it work?  In case of something wrong, please backup the registry key first, and then delete that entry with the extra ".bak"

    https://blogs.technet.microsoft.com/jonjor/2010/02/18/scvmm-p2v-fails-with-at-40-percent-with-0x809933bb-or-0x80070539/

    According to the Microsoft, it mentions that "Beginning with Windows Vista and Windows Server 2008, this writer deletes certain files from volume shadow copies. This is done to minimize the impact of Copy-on-Write I/O during regular I/O on these files on the shadow-copied volume. The files that are deleted are typically temporary files or files that do not contain user or system state."

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    giovedì 17 maggio 2018 01:36
    Moderatore
  • I've removed the registry entries with .bak suffixes from all the servers. The process that highlighted this, using vssadmin doesn't run again till morning, but with the the .bak entries gone I expect the issue to be gone. But what caused it is still not clear to me as we don't use Snapshots. From what I understand there is some process when someone logs onto the server that causes these .bak profiles to be created, be great to know how to avoid or prevent it.

    To delete the .bak entries:

    $InvalidEntries = ($RegENtries = Invoke-Command -ComputerName $servers {(dir 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList' ) }) | `
        ?{$_ -match "bak"}  | `
        Select PSComputerName, Name, PSChildName, @{N='SID'; E={$_.PSChildName -replace('.bak','') }}
          
    foreach($InvalidEntry in $InvalidEntries) 
    {
        $Leaf = $(Split-Path $($InvalidEntry.Name) -Leaf)
        Invoke-Command -ComputerName $($InvalidEntry.PSComputerName) -ScriptBlock { pushd;sl 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList';if(test-path $using:Leaf){Remove-Item $using:Leaf}ELSE{"$using:leaf does not exist"} ;popd  }
    
    }

    giovedì 17 maggio 2018 02:14
  • Hi Firmbyte,

    You could also check the blog and KB below, it mentioned in KB947215

    Occasionally, Windows might not read your user profile correctly, such as if your antivirus software is scanning your computer while you try to log on

    https://blogs.technet.microsoft.com/askpfeplat/2017/07/31/windows-backups-failing-with-associated-vss-8193-errors/

    https://support.microsoft.com/en-us/help/947215/you-receive-a-the-user-profile-service-failed-the-logon-error-message

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    giovedì 17 maggio 2018 08:01
    Moderatore