While trying to diagnose some other unrelated issues on my PC I noticed my windows error log is being written to every second (I am not exaggerating, there are 60 entries per minute every minute) with an error message about the Volume Shadow Copy Service. I have tried all sorts of combinations of terms in Google but cannot find an answer to fix this problem. Any insight as to why this error is occurring and how I can fix it would be appreciated. If this service is not necessary maybe there is something I can do to uninstall it or disable it from trying to start.
Looking in the event log this started yesterday after a required reboot for installing windows updates. In the log I found these 2 updates were installed:
Log Info
Location: Event Viewer -> Windows Logs -> System
Source: DistributedCOM
Event ID: 10016
Level: Error
Message:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
and APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
to the user domain\username SID (my user id here) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Component Services Info
Component Services -> Computers -> My Computer -> DCOM Config -> Volume Shadow Copy Service
In the Properties dialog all of properties are disabled on every tab.
System Specs
This is a private PC so I have full admin access. I am running Windows 10 x64 with all the latest patches/service packs. Other software that might be relevant:
- Norton Security
- CrashPlan
- MalwareBytes Pro
Other than that I have no backup software installed that should conflict.
Update 1
I uninstalled KB3147458, the issue persists.
Update 2
It is being caused by CrashPlan although I do not know why or why it just now started happening. CrashPlan runs every 5 minutes, during this time the errors occur in the Event Log. I can stop the event log error messages by pausing CrashPlan. After reading through some CrashPlan documentation it appears that CrashPlan uses this service to backup files that are in use. So I do not think that CrashPlan causes the error but running it does produce the error. The root cause is still not known, the question remains why is this error happening and how can I solve it.
Update 3
Progress! By taking ownership of the application registry key I can now alter the Properties on the Volume Shadow Copy Service in the Component Services management screen.
Answer
The fix is to update the Launch and Activation Permissions for the Volume Shadow Copy Service. I saw that CrashPlan is using a VBScript file to start an executable. After finding out what user the executable is running under using a list of processes running on my PC in the Task Manager I added that user to the Launch and Activation Permissions with all 4 permissions checked. This solved the problem.
Steps to add the user to the permissions:
- Open DCOMCNFG as an Administrator
- WinKey + X >> Command Prompt (Admin) >> Type in DCOMCNFG
- Navigate to Component Services >> Computers >> My Computer >> DCOM Config
- Find the Volume Shadow Copy Service >> Right Click >> Properties >> Security Tab
- Launch and Activation Permissions >> Edit >> Add user or group and give it full control
This was only possible after taking ownership (security setting) of the registry key. To do that follow these steps I found on this blog:
- Run Regedit.exe and browse to
HKEY_CLASSES_ROOT\AppID\{56BE716B-2F76-4DFA-8702-67AE10044F0B}key - Secondary-mouse click on the
{56BE716B-2F76-4DFA-8702-67AE10044F0B}key and select Permissions - Click the Advanced button in the Permissions window and select the Owner tab. Under Change owner to select the local Administrators group and click on Apply, then OK.
- Then under Permissions window, select the local Administrators group and under Permissions for Administrators select Full Control and click on Apply, then OK.
No comments:
Post a Comment