Knowledgebase: RBS Client
Eliminating VSS Error 8194 from Event Log

Eliminating VSS Error 8194 from Event Log:

When you start the Remote Backup program you may experience multiple instances of VSS Error 8194 in the Application event log. These errors DO NOT generally impact the ability of the program to perform online backups, but often raise questions from system administrators or managed service providers due the error status indicated. This tech note explains how to make the adjustments required to eliminate these messages from occurring in the Application event log.

The 8194 events are typically generated by the following services: System Writer (Cryptographic) service, NPS VSS Writer service, TS Gateway Writer service and (Windows) SP Search VSS Writer service. There may be others. The error is similar to the following taken from an SBS 2008 R2 system:

----------------------------------------------
Log Name: Application
Source: VSS
Date: 7/20/2011 11:16:01 PM
Event ID: 8194
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MYSERVER.mydomain.local
Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {57af97e4-4a76-4ace-a756-d11e8f0294c7}
Writer Name: SPSearch VSS Writer
Writer Instance ID: {5c70a0f1-d237-4ae5-b9c3-a2bfce0f6517}

----------------------------------------------

Error code 8194 is an "Accessed Denied" error caused by the inability of one or more VSS system writers to communicate with the Remote Backup VSS requestor process via the "COM" calls exposed in the IVssWriterCallback interface (Microsoft programming interface to the Volume Shadow Service).

This is not a functional error in the Remote Backup program, but rather a security issue caused by select VSS writer(s) running as a service under the "Network Service" (or "Local Service") account(s) and not the Local System or Administrator account. By default, in order for a Windows service to perform a COM activation it must be running as Local System or as a member of the Administrators group.

In general, Remote Backup is not used to backup the files managed by these VSS system writers - so the errors have no impact on the success of the backup. However, Managed Service providers are typically concerned by these recurring error messages and often question whether the backups are actually running properly - since the event is listed as a serious error.

There are two ways to clear the problem.

The first is to locate the VSS writers (Start | Run | services.msc) that are erring out and change the account they are running under from Network Service to Local System. Then, restart the service process (or reboot the computer) and the VSS Writer will run with max privileges - thereby eliminating the IVssWriter callback errors.

The possible security issue with this method is that the service will be running with a higher level of access than Microsoft intended. Should the VSS Writer process be "hacked", this could be a security weakness. But, if you're not overly concerned about that, repeat this process for each VSS Writer that generates an 8194 error and you should not experience any more error events in normal operation.

The second (preferred) way to work around the issue is to make an adjustment to the default COM service activation permissions - allowing Network Service (and possibly Local Service) user account(s) to activate the IVssWriter callback interface. This method has the benefit of permanently fixing the issue in one place and allowing the VSS Writer service(s) to run at the privilege level that Microsoft intended. Any COM object accessed (by a process running as Network Service) still has the ability to enforce security restrictions it so chooses.

Make this fix by doing the follow: Start | Run | dcomcnfg. This brings up the Component Services application.

On the left pane navigate to Component Services | Computer | MyComputer.

Right click on MyComputer and select properties.

Select the COM Security tab and select the Edit Default button under Access Permissions.

Use the Add... button to add the "Network Service" account to the permission list.

Verify that ONLY the Local Access box is checked and click OK.

Close Component Services.

A reboot is then required to make the requested changes to COM Security.

(197 vote(s))
This article was helpful
This article was not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
Online Backup Software by Remote Backup Systems fusion