A customer using Altaro Hyper-V Backup on a Windows 2008 R2 Standard SP1 contacted us to report that his attempts to back up a Virtual Machine failed due to a VSS error. Here’s how we helped him to resolve the issue.
We began troubleshooting by collecting the Altaro Error Logs, Windows Application and System Event Logs, and dumps of the VSS Writers and Providers from the Hyper-V host and from the Guest VM. From the Altaro Error logs we saw that the VSS request was failing with the error VSS_E_WRITERERROR_RETRYABLE (0x800423F3L). With this verification that we were dealing with VSS errors, we searched for specific details in the Windows Event Logs. Upon opening the customer’s Application Event Log we immediately saw a VSS error.
The error event in the Application Log was Event ID 8193 and source: VSS.
|Event ID: 22||Source: VSS||Level: Error|
|Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2260117687-676807078-2219218452-500.bak). hr = 0x80070539, The security ID structure is invalid.
Gathering Writer Data
In this case we found the issue was that the SID being referenced in the event could not be resolved. This was due to a “.bak” entry inside the following registry sub tree:Beginning with Windows Vista and Windows Server 2008, the Shadow Copy Optimization Writer deletes certain files from volume shadow copies. This is done to minimize the impact of Copy-on-Write I/O during regular I/O on these files on the shadow-copied volume. The files that are deleted are typically temporary files or files that do not contain user or system state.
Removing the invalid entry from the registry solved the issue and VSS was successful.
- On the problematic machine, open the Registry Editor
- Browse to HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
- Check for any entries that have a “.bak” value appended. If so, this may be cause the failure when trying to resolve the SID of the writer.
- Please backup the registry key first, and then delete the entry with the extra “.bak”
- Reboot the problematic machine
- Re-try the backup