Issue

VSS Backup failed with error code: 513; ‘Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied’

Applies to Windows Server Operating system on physical server and virtual machine

Observation

• Checkpoint failed for Hyper-v VMs with error “Production Checkpoint cannot be created”

• Checked “vssadmin list writers” output, VSS Writer state: Waiting for completion

• Failed to re-start “Volume Shadow Copy” service (unresponsive). Command “vssadmin list writers” does not gives any output, stays on blinking cursor

• Azure VM backup are failed with error: Snapshot operation failed due to VSS (Volume Shadow Copy) service in bad state

Error code is VSS_E_BAD_STATE(FailedRetryableVSSWriterBadState)

• In Azure Backup logs, multiple VSS Writers failed with “Timeout Error“; Operation: Gathering Writer Data

Writer Status Error {WriterName = System Writer}{WriterState = FailedAtFreeze}{WriterMessage = Timeout}

Error Message in Application Logs:

Log Name:      Application
Source:        Microsoft-Windows-CAPI2
Event ID:      513
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A

Description:
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

—

Log Name:      Application
Source:        VSS
Event ID:      12347
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A

Description:

Volume Shadow Copy Service error: An internal inconsistency was detected in trying to contact shadow copy service writers.  The Registry Writer failed to respond to a query from VSS. Check to see that the Event Service and Volume Shadow Copy Service are operating properly, and please check the Application event log for any other events.

Operation:
Gathering Writer
Executing Asynchronous

—

In Azure Backup logs:

Writer Status Error {WriterName = System Writer}{WriterState = FailedAtFreeze}{WriterMessage = Timeout}

Error code is VSS_E_BAD_STATE(FailedRetryableVSSWriterBadState)

Solution

Follow the action plan after following 3^rd party application are remover and affected servers are rebooted, make sure all the VSS Writer are stable as well

Fireye, CarbonBlack and Symantec

Step 1: Check vssadmin list writers.

• Run vssadmin list writer and check their status. All the VSS Writer must be stable. (If not, reset the server or corresponding services).

Step 2: Assign permissions to mslldp.

• Download the accesscheck.exe (https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk)

• From CMD as admin:

Run following commands in CMD:

Highlighted in yellow the expected output. 

accesschk.exe -c mup 

mup
RW NT AUTHORITY\SYSTEM
RW BUILTIN\Administrators
R NT AUTHORITY\INTERACTIVE
R NT AUTHORITY\SERVICETraining2018

sc sdshow msllDP 

D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BG)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SO)(A;;LCRPWP;;;S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453)

sc sdshow mup 

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

sc sdset MSLLDP D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BG)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;LCRPWP;;;S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

[SC] SetServiceObjectSecurity SUCCESS

accesschk.exe -c mslldp 

mslldp
RW NT AUTHORITY\SYSTEM
RW BUILTIN\Administrators
RW S-1-5-32-549
R NT SERVICE\NlaSvc
R NT AUTHORITY\SERVICE

Step 3: Once the commands are run, validate again vssadmin list writers and make sure all are stable.

Step 4: Re-try the backup