System State Backups using NTbackup fail with error 0x800423f4 (relating to volume shadow copy)

backup windows-event-log ntbackup system-state
13,358

Solution 1

The issue was resolved by fixing the Event Viewer error when opening the "File Replication Service" log:

"Unable to complete the operation on 'File Replication Service'. The security descriptor structure is invalid."

The registry value for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\File Replication Service\CustomSD was blank. I entered the value from another domain controller:

O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)

This resolved the error when opening that log file, and resolved the issue with System State Backups failing.

Solution 2

Microsoft seems to have issued a hotfix for this problem and error code. I would test it well, though.

Share:
13,358
Paul Zimmerman
Author by

Paul Zimmerman

Manage an IT service and support group which works with local small- and medium-sized organizations in the Puget Sound region.

Updated on September 17, 2022

Comments

  • Paul Zimmerman
    Paul Zimmerman almost 2 years

    We have a Windows Server 2003 R2 running Service Pack 2. It is a domain controller (Global Catalog) and our main internal DNS server. We run a System State backup of the machine to back up Active Directory information and save the backup to a different server.

    This server has a single drive (C:), and we do have Shadow Copies enabled for the volume (which are completing successfully).

    The System State Backup is now failing with the following listed in the backup logs:

    Volume shadow copy creation: Attempt 1. "Event Log Writer" has reported an error 0x800423f4. This is part of System State. The backup cannot continue.

    Error returned while creating the volume shadow copy:800423f4 Aborting Backup.

    The operation did not successfully complete.

    When doing a vssadmin list writers, we sometimes get the following reported for the Event Log Writer (other times it says that it is in the state of "[1] Stable" with "No error"):

    Writer name: 'Event Log Writer' Writer Id: {eee8c692-67ed-4250-8d86-390603070d00} Writer Instance Id: {c7194e96-868a-49e5-ba99-89b61977753c} State: [8] Failed Last error: Retryable error

    We have tried disabling the event log service via the registry, rebooting, deleting the event log files from the drive, then re-enabling the service via the registry and rebooting, but this didn't seem to solve the issue.

    We also get an error message when in the event viewer when trying to open the log for the "File Replication Service" of "Unable to complete the operation on 'File Replication Service'. The security descriptor structure is invalid."

    I have searched the error via Google and tried a number of different things, but nothing has seemed to help.

    Any suggestions on what we might try to get the Event Log Writer to behave would be greatly appreciated!

  • Paul Zimmerman
    Paul Zimmerman almost 15 years
    Unfortunately, even if we disable the Shadow Copies on that volume, we still get the same behavior when running the backup. I included that info to at least show that some part of the VSS subsystem was functional.
  • Paul Zimmerman
    Paul Zimmerman over 14 years
    I checked the registry on this machine, and the path is set correctly.
  • Saeed Rahmatolahi
    Saeed Rahmatolahi over 6 years
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlo‌​g\File Replication Service\CustomSD is of type REG_EXPAND_SZ.
  • Saeed Rahmatolahi
    Saeed Rahmatolahi over 6 years
    @Pawan Our HKLM\System\CurrentControlSet\Services\Eventlog\Security\Fil‌​e is set to %SystemRoot%\System32\winevt\Logs\Security.evtx.
  • Saeed Rahmatolahi
    Saeed Rahmatolahi about 5 years
    @Pawan After changing "File" to %SystemRoot%\System32\winevt\Logs\Security.evtx the error changes to 0x80042301.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How do I erase a tape with NTBackup on Windows Server 2003?
How can I get ntbackup to show items in the Backup\LTO Ultrium media pool so they can be restored
Flutter: How to backup user data on Google drive like WhatsApp does?
Best way to keep SQFlite data after app is uninstalled/reinstalled on Android?
How to backup user data on Google drive and Dropbox for flutter apps?
Why can Déjà Dup not complete the backup of .cache/dconf and .gvfs?
mySQL database password change now crashes Joomla
mysqldump or mysqlhotcopy to backup large MySQL database?
How do you use force adb to backup without user confirmation?
Taking backup of Database in Oracle 10g Express edition