none
System Writer missing RRS feed

  • Question

  • I have a backup that is failing to backup the System State on a 2016 server, we have identified that the System Writer is missing by running VSSADMIN LIST WRITERS. We have been through the articles that reregister the writers, set permissions on various folders:

    First

    cd /d %windir%\system32
    net stop vss
    net stop swprv
    regsvr32 /s ole32.dll
    regsvr32 /s oleaut32.dll
    regsvr32 /s vss_ps.dll
    vssvc /register
    regsvr32 /s /i swprv.dll
    regsvr32 /s /i eventcls.dll
    regsvr32 /s es.dll
    regsvr32 /s stdprov.dll
    regsvr32 /s vssui.dll
    regsvr32 /s msxml.dll
    regsvr32 /s msxml3.dll
    regsvr32 /s msxml4.dll
    vssvc /register
    net start swprv
    net start vss


    Second

    Takeown /f %windir%\winsxs\temp\PendingRenames /a
    icacls %windir%\winsxs\temp\PendingRenames /grant "NT AUTHORITY\SYSTEM:(RX)"
    icacls %windir%\winsxs\temp\PendingRenames /grant "NT Service\trustedinstaller:(F)"
    icacls %windir%\winsxs\temp\PendingRenames /grant BUILTIN\Users:(RX)
    Takeown /f %windir%\winsxs\filemaps\* /a
    icacls %windir%\winsxs\filemaps\*.* /grant "NT AUTHORITY\SYSTEM:(RX)"
    icacls %windir%\winsxs\filemaps\*.* /grant "NT Service\trustedinstaller:(F)"
    icacls %windir%\winsxs\filemaps\*.* /grant BUILTIN\Users:(RX)

    net stop cryptsvc
    net start cryptsvc

    Using procmon I believe that we have narrowed it down to rights on the folder "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files" as Procmon shows "Accessed Denied on "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\active". I have given "Network Service" full permissions on "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files" but still I get the access denied. Can anyone offer any suggestions on how to resolve this?

    Thursday, January 10, 2019 5:40 PM

Answers

  • Daniel,

    Sorry about the delay getting back to you. In parallel to this thread we logged a call with Microsoft support and after a number of days investigation, importing registry keys from known working servers and general stuff the final resolution was:

    Resolution – Gave full permission to everyone on C:\Windows\Microsoft.NET\assembly\Active
    folder

    Regards

    Jonathan

    • Marked as answer by JPK101 Friday, January 18, 2019 10:29 AM
    Friday, January 18, 2019 10:29 AM

All replies

  • Hi,

    Thanks for posting in our forum!

    Make sure the below services can be started normally without errors.

      • Cryptographic Services
      • VSS service
      • COM+ Event System service

    Here is a link may be can help you,  please visit:

    https://blogs.msdn.microsoft.com/ntdebugging/2013/08/27/missing-system-writer-case-explained/

    In addition, please check if there are any error from  Microsoft-Windows-CAPI2 in event log when we run “vssadmin list writers”.

    Hope this can help you, if you have any question, please feel free to let me know.

    Best Regards,

    Daniel


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, January 11, 2019 6:28 AM
    Moderator
  • Daniel,

    Thanks for getting back to me. The services are running OK, I get the following CAPI32 error (EventID 513):

    Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:

    TraverseDir : Unable to FindFirstFile.

    System Error:

    Access is denied.

    I have already used the steps in the attached article to (I believe) that the issue looks to be around permissions on "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files" Please see attached images. Hopefully this is as simple as assigning the correct permissions to the correct account.

    Thanks for your help

    Jonathan

    Friday, January 11, 2019 11:42 AM
  • Hi,

    Thanks for your reply!

    Please run the below command to grant the permissions and try list writers again.

    • Takeown /f %windir%\winsxs\temp\PendingRenames /a icacls %windir%\winsxs\temp\PendingRenames /grant "NT AUTHORITY\SYSTEM:(RX)"
    • icacls %windir%\winsxs\temp\PendingRenames /grant "NT Service\trustedinstaller:(F)"
    • icacls %windir%\winsxs\temp\PendingRenames /grant BUILTIN\Users:(RX)
    • Takeown /f %windir%\winsxs\filemaps\* /a icacls %windir%\winsxs\filemaps\*.* /grant "NT AUTHORITY\SYSTEM:(RX)"
    • icacls %windir%\winsxs\filemaps\*.* /grant "NT Service\trustedinstaller:(F)"
    • icacls %windir%\winsxs\filemaps\*.* /grant BUILTIN\Users:(RX)

    Here is a post for your reference:

    https://social.technet.microsoft.com/Forums/lync/en-US/5a637292-fca7-4b8b-94a3-cbceda96d58e/system-writer-is-not-found-in-backup?forum=windowsbackup

    Hope this can help you.

    Best Regards,

    Daniel


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Monday, January 14, 2019 2:16 AM
    Moderator
  • Daniel,

    Thanks again for your assistance but I need to point you at the original post, these commands have already been run. The link that you sent I have look at previously and it would appear that the files setupapi.ev# do not exit on Windows 2016.

    Regards

    Jonathan

    Monday, January 14, 2019 9:36 AM
  • Hi Jonathan,

    Thanks for your reply!

    I am sorry for my mistake.

    Please check if the number of files under this file exceeds 1000.("C:\Windows\Microsoft.NET\

    This link just for your reference.

    https://blogs.msdn.microsoft.com/ntdebugging/2013/08/27/missing-system-writer-case-explained/

    Hope this can help you.

    Best Regards,

    Daniel


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, January 15, 2019 6:01 AM
    Moderator
  • There are more items in the Microsoft.net than that, there are 4120 files and 2612 file in that folder. I have seen articles  referencing the maximum number of items in this folder but had read it as 10,000. However, I do not know what to do about this.

    Thanks again for your help.

    Regards,

    Jonathan

    Tuesday, January 15, 2019 5:28 PM
  • Hi,

    Thanks for your reply!

    As we can see from the screenshot of process monitor, the problem is caused by the permissions of C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files.

    1. Backup this folder first, then delete the Temporary files, run the command vssadmin list writers again.


    2. Please double check if the number of folders and files exceeds the limit.

    I am looking forward to hearing from you.

    Best Regards,

    Daniel


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, January 16, 2019 2:08 AM
    Moderator
  • Hi JPK101,

    Any update?

    Best Regards,

    Daniel


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, January 18, 2019 1:45 AM
    Moderator
  • Daniel,

    Sorry about the delay getting back to you. In parallel to this thread we logged a call with Microsoft support and after a number of days investigation, importing registry keys from known working servers and general stuff the final resolution was:

    Resolution – Gave full permission to everyone on C:\Windows\Microsoft.NET\assembly\Active
    folder

    Regards

    Jonathan

    • Marked as answer by JPK101 Friday, January 18, 2019 10:29 AM
    Friday, January 18, 2019 10:29 AM
  • Hi,

    I am happy to hear that!

    if you have any other concerns, please feel free to contact me/

    Thanks for your time and have a nice day!

    Best Regards,

    Daniel


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, January 21, 2019 1:41 AM
    Moderator
  • Good morning,

    I am having the same issue.  I have tried all of the steps in this post including the:

    • Takeown /f %windir%\winsxs\temp\PendingRenames /a icacls %windir%\winsxs\temp\PendingRenames /grant "NT AUTHORITY\SYSTEM:(RX)"
    • icacls %windir%\winsxs\temp\PendingRenames /grant "NT Service\trustedinstaller:(F)"
    • icacls %windir%\winsxs\temp\PendingRenames /grant BUILTIN\Users:(RX)
    • Takeown /f %windir%\winsxs\filemaps\* /a icacls %windir%\winsxs\filemaps\*.* /grant "NT AUTHORITY\SYSTEM:(RX)"
    • icacls %windir%\winsxs\filemaps\*.* /grant "NT Service\trustedinstaller:(F)"
    • icacls %windir%\winsxs\filemaps\*.* /grant BUILTIN\Users:(RX)

    I still don't have as system writer.  I can't clear out all of the folders in the temp Temporary ASP.NET Files location.  I do not have an Active folder in C:\Windows\Microsoft.NET\assembly

    I get error 513

    Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    TraverseDir : Unable to FindFirstFile.

    System Error:
    Access is denied.

    I did a sfc scan and come corrupt files were found and repaired.  The system writer is still not listed.  

    I"m going to try DISM /Online /Cleanup-Image /RestoreHealth next and install some updates that have had an issue then report back.


    Many Thanks, JP

    Friday, October 4, 2019 1:03 PM
  • JP,

    This thread goes back some months so the information I about to supply is going to be vague at best. This was ultimately resolved by a Microsoft engineer. He used process monitor to check for access denied messages when starting the VSS Service (I think it was the VSS service). Having eventually identified what access was being denied to the permissions were corrected allowing the system wrier to run.  At no point did any of the services not start it is just the system writer didn't appear in the list.

    Process monitor will give a mass of information back so it is about working out how to best filter the information

    Sorry no quick fix for this. Good luck.

    Friday, October 4, 2019 1:35 PM
  • Thanks so much for the reply.  I did go the the process of using the Process monitor based on the article.  Just before the (Leave) action, i found the access denied entry for C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\active.  So I will check the permissions again for that directory, and go through the fix for having to many files in the directory as mentioned above.  I'll report back when done.  Thanks very much for the reply!!!

    Many Thanks, JP

    Monday, October 7, 2019 7:29 PM
  • First I checked the permissions on the folder and they were quite empty.  I added full control for the Administrator, and then read permissions for Network Service.   Restarted the Crypto service and noticed the error was missing.  Crossed my fingers and did the vssadmin list writers, and it finally appeared!!!!!

    So the steps in  https://blogs.msdn.microsoft.com/ntdebugging/2013/08/27/missing-system-writer-case-explained/ on how to use the process monitor were gold.  I have not applied any of the fixes regarding too many files/folders in the Microsoft.net folder.  Hopefully I don't need to.  I'll let you know if the backup works!


    Many Thanks, JP

    Monday, October 7, 2019 7:36 PM
  • So far so good.  Instead of the failure error after 3 minutes, I got the following

    Backup started a fresh backup for volume '{c04342a9-1186-11e6-80b1-806e6f6e6963}' ('C:') : [Reason: 'Volume size changed']. This may cause loss of older backup versions when backup completes.

    Hey, backup is working, so I'm happy.  I didn't change the volume size, but as long as I have good backups going forward, it's  win.


    Many Thanks, JP

    Monday, October 7, 2019 7:44 PM
  • Good news, hope the backup completed.
    Tuesday, October 8, 2019 8:41 AM
  • The backups have been happily working for the most part.  Night before last, I had a complete with warnings message.  "Backup succeeded but some components backed up were inconsistent in the snapshot. The application this component belongs to might not function properly after this backup is used for recovery."  Various files related to different instances of SQL for the most part.  Last nights backup had no errors, so I think it is on track now.

    I love the process monitor.  I had another nagging issue that had SMB client calls everty 2 minutes to an old server.  I couldn't find any help in the forums as to how to trace SMB client calls.  The process monitor found it for me and I tracked down the culprit in HKCU with old remnants of the Server in the Print server section.  I had only searched HKLM before.  It was a bit of work to get to the exact time of the error, but I was worth it!!


    Many Thanks, JP

    Friday, October 11, 2019 11:31 AM