Workstation Volume Shadow Copy and WHS-2011 Backup

[BonzaiDuck]

I've been tracing down Event Viewer "red-bang" errors in my logs, diagnosing and correcting them.

This one seems to have been logged -- maybe daily -- for the last couple years after I replaced my old WHS v.1 box with a WHS-2011 server. Since I wasn't using the backup feature on the WHS v.1, I wouldn't have noticed it before.

But here is a screenie that likely explains it:

The backup record for my workstation or "client" is shown in the WHS backup record as occurring about 5 minutes after the Volume Shadow Copy service is stopped because it suddenly doesn't have the security privileges that allow it to run. And I could see a very good reason why it shouldn't run -- during a daily WHS backup.

The server backup record perfectly tracks the workstation Event Log trail for Event ID 8194 for the most recent week. Apparently I had set up the server to then keep weekly backups for only so long, and monthly backups for only so long. This explains the gaps in the comparison older than a week.

I'm wondering how it might be possible to schedule the VSS service to shut down before the WHS backup-window (of time), and start up after that window. Otherwise, this must be a benign error message that will always appear in my Event logs.

Any thoughts?

 

[Elixer]

See if that 'fix' works for you...

http://social.microsoft.com/Forums/...vss-error-8194-on-client-backup?forum=whs2011

 

[imagoon]

Look at Elixer's post. VSS is utilized to actually back up the system.

 

[BonzaiDuck]

Thanks for all comment thus far.

I hurriedly reviewed the MS link, and conclude I need to study it and then follow it.

The screenie I posted before suggests this scenario, or I think it does.

-- The server reports that the morning backups are successful, so I should assume that this is true.

-- The morning backups may likely shut down the VSS.

-- Whenever I reboot, the VSS service is again started, until the next morning backup.

It seems that this might be another misconfigured security setting. I'll need to read further, and thanks again.

 

[BonzaiDuck]

Well, that solves it.

It required adding a "Network Service" account privilege to the shadow copy service -- something more or less fitting that description.

That left me with another error -- "unable to start SuperFetch service, cannot find file." I this latter case, a registry entry sets both the Prefetcher and SuperFetch items to enabled. Voila'! The problem appearing in the event logs disappears.

This is the kind of question I might have asked generally -- of myself, Microsoft, other knowledgeable colleagues -- years ago. "How is it that these things end up misconfigured? What causes that to happen?"

That leaves one red-bang error that occurs upon every system boot: "Session '' failed to start with the following error: 0xC000000D"

This seems to be a common error reported in forums around the web, and likely derives from some startup program which misbehaves. Least suspect would be Intel and other driver programs that appear in the system tray, possibly mobo software and antivirus.

If I need to find out what it is, there's a "process" for doing it through selective startup in msconfig. I'm just not sure it is an urgent matter.