Event ID 513 — Shadow Copy System Writer Functionality

Updated: November 30, 2007

Applies To: Windows Server 2008

yellow

Shadow Copy automatically creates shadow copies of files and folders to restore a previous version of the file. The Shadow Copy System Writer is used by the cryptographic services provided by the operating system to enumerate and replace system files when the signature of a system file is different from the signature stored in the security catalog database.

Event Details

Product: Windows Operating System
ID: 513
Source: Microsoft-Windows-CAPI2
Version: 6.0
Symbolic Name: MSG_SYSTEMWRITER_ONIDENTITY_FAILURE
Message: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.%1.

Resolve

Modify the access control list on the registration folder

Component Object Model (COM) applications must be able to access the COM+ catalog files that are stored in the COM catalog folder. If the default access control list is changed on the COM catalog folder within the Windows folder, the Shadow Copy System Writer may not work properly.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To modify the access control list on the COM catalog folder:

  1. Click Start, and then click Computer.
  2. Navigate to %systemdrive%\Windows.

    By default, %systemdrive% is located at C:\.

  3. Right-click Registration, click Properties, and then click the Security tab.
  4. Click Advanced, and then click Edit.
  5. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  6. Click Edit to view the special permissions assigned to this folder.
  7. Ensure that the access control list matches the following criteria:
    • The local Administrators group has Full Control permissions applied to This folder and files.
    • The Everyone group has List folder/read data, Read attributes, Read extended attributes, and Read permissions applied to This folder and files.
    • The local SYSTEM account has Full Control permissions applied to This folder and files.
  8. If the permissions on this folder do not match what is listed in this procedure, make the appropriate changes, and then click OK.

Verify

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To verify that the Shadow Copy System Writer is working properly:

  1. Click Start, point to All Programs, and then click Accessories.
  2. Right-click Command Prompt, and then click Run as administrator.
  3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  4. In the command prompt window, type vssadmin list writers.
  5. Ensure that Writer Name: 'System Writer' is displayed in the list.

Related Management Information

Shadow Copy System Writer Functionality

Core Security

Tags : shadowcopy


Community Content

KKrisztian
Neither of the solutions working
<p>I experienced this issue on a Windows 2008 R2 SP1 Hyper-V guest. I also googled and tried every solutions, system writer is still not working (missing from vssadmin list writers). I can't perform a system state backup. Because this machine acting as a file server, it's not easy to reboot it. Event logs don't contain any error. Except if I try wbadmin start systemstatebackup -backuptarget:w:, then Error logged into system log: Unexpected failure. Error code: <mtps:InstrumentedLink NavigateUrl="mailto:490@01010004" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps">490@01010004</mtps:InstrumentedLink>.</p>
Tags :

Peggie74
What about: System Error: Reached the end of the file ?
The provided solution to restore the VSS system writer only works if you receive an "Access Denied" message in the CAPI2 513 error. <br />We don't, and Microsoft hasn't documented the alternatives anywhere.<br />How about the one below, Microsoft?<br /><br /><br />Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.<br />Details:<br />AddCoreCsiFiles : GetNextFileMapContent() failed.<br /><strong>System Error:<br />Reached the end of the file.<br /><br /></strong>This, on Windows 2008 server, R1, sp2, x64.<br /><br />Cryptic, and ultimately useless in helping to determine what the problem is.<br />We haven't had system state backups in a month. <br /><br />Now, I figue the issue has something to do with corruption in the c:\window\winsxs folder somewhere... but I've dug, copied files out, modified permissions, stood on my head, used sfc /scannow, update readiness tool, process monitor, etc. and nothing has been of particular assistance. <br />We don't have any other servers with the same combination of updates, so it's not like I can just copy everything from somewhere else.

MichaelJoBillyJimBob
So what if Writer Name: 'System Writer' is NOT displayed in the list???
4 12 11<br /><br />So what if Writer Name: 'System Writer' is NOT displayed in the list??? 'SqlServerWriter' 'ASR Writer' 'BITS Writer' 'WMI Writer' 'COM+ REGDB Writer 'Registry Writer' 'Shadow Copy Optimization Writer' 'MSSearch Service Writer'<br />Where is the technical reference for Vista ?? <br />Why can't I just read some where how eveything works so I can fix it myself???
Tags :

NetworkGuy84
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object
I continue to receive this message even after I have seemingly tried everything that Google can throw at me. <br />In the eventvwr it has<br />Details:<br />TraverseDir : Unable to push subdirectory<br /><br />This sounded like these icacls lines would fix it but it hasn't. I have done a clean reboot of this server. It is also housing our Sharepoint sites so I hate rebooting it. SQL backups are working fine but our TSM backups are not. No local or System State backups without an error.
Tags :

Thomas Lee
SYSTEM WRITERS kkeps going away.
<p>Our ARCSERVE client x64 V12.5 keeps failing on the W2008 server when trying to perform a backup stating: "7/22/2009 4:02:18 AM AE0436 Failed to create system state shadow copy.". This is due to this BUG. SYSTEM WRITERS keeps disappearing from the list produced by: vssadmin list writers.<br /> When this error occurs (several times per week), I have to go to the cmd window, and enter the following:<br /> Takeown /f c:\windows\winsxs\filemaps\* /a<br /> icacls c:\windows\winsxs\filemaps\*.* /grant "NT Service\trustedinstaller:(F)"<br /> Then doing another vssadmin list writers will show SYSTEM WRITERS and the backup will run ok until the next time it goes away..<br /> Isn't there a more permanent solution?<br /><br /><b>[tfl - 24 07 09] Hi - and thanks for your post.You should post questions like this to the Technet Forums at </b><mtps:InstrumentedLink NavigateUrl="http://forums.microsoft.com/technet" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps"><b>http://forums.microsoft.com/technet</b></mtps:InstrumentedLink><b> or the MS Newsgroups at </b></p> <p> <mtps:InstrumentedLink NavigateUrl="http://www.microsoft.com/communities/newsgroups/en-us/" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps"> <b>http://www.microsoft.com/communities/newsgroups/en-us/</b> </mtps:InstrumentedLink> <b>. You are much more likely get a quick response using the forums than through the Community Content. For specific help about:<br /> Exchange : </b> <mtps:InstrumentedLink NavigateUrl="http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.exchange%2C" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps"> <b>http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.exchange%2C</b> </mtps:InstrumentedLink> <b>&amp;<br /> SQL Server : </b> <mtps:InstrumentedLink NavigateUrl="http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.sqlserver%2C" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps"> <b>http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.sqlserver%2C</b> </mtps:InstrumentedLink> <b>&amp;<br /> Windows : </b> <mtps:InstrumentedLink NavigateUrl="http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.windows%2C" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps"> <b>http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.windows%2C</b> </mtps:InstrumentedLink> <b>&amp;<br /> Windows Server : </b> <mtps:InstrumentedLink NavigateUrl="http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.windows.server%2C" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps"> <b>http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.windows.server%2C</b> </mtps:InstrumentedLink> <b>&amp;<br /> Virtual Server : </b> <mtps:InstrumentedLink NavigateUrl="http://groups.google.com/group/microsoft.public.virtualserver/topics?lnk" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps"> <b>http://groups.google.com/group/microsoft.public.virtualserver/topics?lnk</b> </mtps:InstrumentedLink> <br /> <b>Full Public : </b> <mtps:InstrumentedLink NavigateUrl="http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public%2C" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps"> <b>http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public%2C</b> </mtps:InstrumentedLink> <b>&amp;<br /></b> </p>

Thomas Lee
SOLUTION DO NOT WORK
<p>Windows 2008 x64 with exchange 2007.<br /> MS solutin do not work !!!<br /><br /> cmd method :</p> <pre>Takeown /f %windir%\winsxs\filemaps\* /a<br />icacls %windir%\winsxs\filemaps\*.* /grant "NT AUTHORITY\SYSTEM:(RX)"<br />icacls %windir%\winsxs\filemaps\*.* /grant "NT Service\trustedinstaller:(F)"<br />icacls %windir%\winsxs\filemaps\*.* /grant BUILTIN\Users:(RX)</pre> <p>works for a few days only.<br /> After that system.writer disappears<br /><br /> We got problems with standard backup every few days. Please FIX THIS BUG or give a reasonable solution !!!!<br /></p> <p> <br /> </p> <p> <br /> </p> <pre>[tfl - 13 06 10] Hi - and thanks for your post.You should post questions like this to the Technet Forums at http://forums.microsoft.com/technet or the MS Newsgroups at http://www.microsoft.com/communities/newsgroups/en-us/. You are much more likely get a quick response using the forums than through the Community Content. For specific help about:<br />Exchange : http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.exchange%2C&amp;<br />SQL Server : http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.sqlserver%2C&amp;<br />Windows : http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.windows%2C&amp;<br />Windows Server : http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.windows.server%2C&amp;<br />Virtual Server : http://groups.google.com/group/microsoft.public.virtualserver/topics?lnk<br />Full Public : http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public%2C&amp;<br /></pre> <p />

Thomas Lee
System Writer doesn't show up...
Ensure that <b>Writer Name: 'System Writer'</b> is displayed in the list.<br /><br /> AND IF IT DOESN'T??? What do I do then?<br /><br /><pre>[tfl - 13 06 10] Hi - and thanks for your post.You should post questions like this to the Technet Forums at http://forums.microsoft.com/technet or the MS Newsgroups at http://www.microsoft.com/communities/newsgroups/en-us/. You are much more likely get a quick response using the forums than through the Community Content. For specific help about:<br />Exchange : http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.exchange%2C&amp;<br />SQL Server : http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.sqlserver%2C&amp;<br />Windows : http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.windows%2C&amp;<br />Windows Server : http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.windows.server%2C&amp;<br />Virtual Server : http://groups.google.com/group/microsoft.public.virtualserver/topics?lnk<br />Full Public : http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public%2C&amp;<br /></pre><br />

Music Admin
Simple Solution
I was able to resolve this error by applying the inheritable permissions from the Windows folder to both the registration, and winsxs folders. This may be temporary, but I;ll check it periodically for changes.

mcrom901
vista services
check services<br /><br />application information<br /><br />it should be on automatic<br /><br />C:\Windows\system32\svchost.exe -k netsvcs<br /><br />also check its properties....<br /><br />dependencies tab shows....<br /><br />remote procedure call<br />--dcom server process launcher<br /><br />user profile services<br />--remote procedure call<br /><br />all should be on automatic... <br /><br />also check this file about visa services<br /><br />http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/Vista_Services.doc<br /><br />
Tags :

Malraux1
Permission Problem
<p>My experience:<br />I'd already followed the steps by Maderbacher with SP1.<br />There was a recurrence of the problem with SP2 (and probably earlier).<br />Just changing the permissions for trustedinstaller seems to have worked.<br /></p> <pre>icacls %windir%\winsxs\filemaps\*.* /grant "NT Service\trustedinstaller:(F)"</pre> <p> <br />System Writer showed up again.<br /><br />I think you should also check if the DCOM and Com+ services are on automatic start.<br /><br />Final note:<br /><br />Because I'd followed the earlier steps, trustedinstaller had full permissions on the directory.<br />However, the permissions were not inherited by the newer files I checked.<br /><br />Could it be a language issue? (I'm running French versions)<br /><br /></p>
Tags :

Cathy C
Permission problem
Thanks, Maderbacher. This also worked for me.<br />
Tags : system writer

Maderbacher
Permission problem
<p>In my case it was a permission problem at folder %windir%\winsxs\filemaps.<br />The problem was solved after executing at command prompt:</p> <pre>Takeown /f %windir%\winsxs\filemaps\* /a icacls %windir%\winsxs\filemaps\*.* /grant "NT AUTHORITY\SYSTEM:(RX)" icacls %windir%\winsxs\filemaps\*.* /grant "NT Service\trustedinstaller:(F)" icacls %windir%\winsxs\filemaps\*.* /grant BUILTIN\Users:(RX) </pre> <p>Reference: <mtps:InstrumentedLink NavigateUrl="http://social.technet.microsoft.com/Forums/en-US/windowsbackup/thread/bb760434-de80-4cb6-ae9e-bd253e4b037c/" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps">http://social.technet.microsoft.com/Forums/en-US/windowsbackup/thread/bb760434-de80-4cb6-ae9e-bd253e4b037c/</mtps:InstrumentedLink></p>
Tags : contentbug

Page view tracker