After installing DHCP on Windows Server 2008 R2, you may start to see the following error message in the event logs :
Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,…). hr = 0x80070005, Access is denied.
Inspection of the detailed tab of the event log entry will show information about the process that generated the error. Take note of the user mentioned after the “- User: Name:” portion of the bytes. To resolve this error, simply give that user full permission to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS registry key.
Nice tip. But does it have to be full permission or will read suffice?
The volume shadow copy service reads and writes to that key. The read error is simply the first one that occurs.
What if the User shows N/A?
I’m not sure why it would show N/A, you can try NETWORK SERVICE or SYSTEM. In my case, it was NETWORK SERVICE that was the issue.
I got the same error post install of DHCP on win 2008 r2
I added the service account with full permission to the following key and the error went
Funnily enough I worked this out from a thread of someone who was having a similair error with his sharepoint office search service.
When the DHCP role is installed on s Sever 2008 machine the VSS writer “DHCP Jet Writer” is added. The error in question can be cause when the account running the DHCP service does not have access to the aforementioned registry key. I believe that DHCP is set to run under the NETWORK SERVICE account by default so as Jean-Sebastien said, giving the NETWORK SERVICE account permissions to the registry key should fix it.
Nice hint, that helps. Good job men.
The VSS starts with a certain permission… in my example as NetworkService… You just have to give this NetworkService the right to write in this registry-key. This will solve any problems.
By the way: no user is able to log in as NetworkService, so no user can manipulate it with these rights.
Worked for me thanks! the SharePoint 2010 blog on this same thing is here:
Worked like a charm..
I mean worked when giving full permission for the Network services account
Had the same problem with a WINS server installed on Windows 2008 R2.
The WINS service start with “local service” which didn’t have permission on VSS DIAG key.
After adding permission, I restarted WINS, and no error. Aditionnaly under the DIAG key a new key called “WINS Jet Writer” has been created.
However I would be interested to know what are the minimum permission that should be set on the diag key.
Not a big security breach maybe, but it’s always better to set only required permessions.
cheers for this advice
i had the same problem, with the “WINS Jet Writer”.
after giving the local service the permission to the registry key, the message disappears and
the key for the WINS jet writer will be created….
Thanks for the enlightment, it fixed my TermServLicensing VSS issue. 🙂 the account used for authentication, it can be found in the details Tab -> Friendly View -> Binary Data. Not the General tab.
I got the same error and just as the other user it was on my Wins “local account”…I gave it full perms and just as “Sascha”…said above: I restarted the service and waited to check and see if the Wins Jet key got created and it did!
Great help everyone and especially to you Sascha!!!!
Thanks – Worked for me.
Just to reiterate what most here have already said… thanks! This is exactly what I needed.
Thanks for the advice, fixed my VSS errors!
In my case the user was the Acronis account which makes sense as it is calling this service to run the backup
Great!! it resolved my problems.
Just adding my gratitude for this solution. I had this same problem arise on my Server 2012 R2 guest machine in Hyper-V. Replication was failing until I had granted these permissions. Thank you!
Thank you for the tip.
I can confirm that giving ‘Network Service’ full control on the VSS folder in the registry also works for Windows Server 2012 R2 where the DHCP server role was added and later removed. After removing and restart of the server the VSS error would popup every time, but after the ‘workaround’ mentioned above the Error did not return after a reboot.
Congratulations Jean-Sebastien. This web page is referenced by numerous web sites as having the solution for this problem.
As Glen has indicated above, even Server 2012 R2 has this problem. WAKE UP Microsoft!
For future readers searching for the solution, here is the one command that solved it for me.
subinacl /keyreg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag /grant=s-1-5-20=F
The SID corresponds to NT AUTHORITY\Network Service which is the user that the event log said was having the permission issue.
Likewise, many thanks for this solution. I used it to resolve Backup Exec VSS error trying to backup 2012 Hyper-V guest server.
Thank you for the post. I have applied the permissions for the network service. You would think that after all this time Microsoft would fix this……
How can I force the issue to reappear so I can test that my change fixed it?
Remember VSS is working with Task manager on Windows server. Check permissions on C:\windows\task folder and give “System” & “Administrators” full permission to this folder. It works for me.
+1 although I needed to add perms to ‘diag’ key as well.
Leave a comment