Category Archives: Windows Server

Windows cannot install required files error 0x80070570

Leave a reply

I recently encountered an issue where a server wouldn’t install any Windows Updates, whether directly from Microsoft, or if downloaded from the Windows Update Catalog.  The error message received was “Windows cannot install required files error 0x80070570” and this is how I resolved the error.

From an administrative command prompt I ran the System File Checker using sfc /scannow.  This stopped with an error at 36%.  The log for sfc is in the %windir%\Logs\CBS folder.

Next, I used the Deployment Image Servicing and Management (DISM) tool to perform a health scan of the Windows system files.  Again, I ran this from an administrative command prompt, Dism /Online /Cleanup-Image /ScanHealth, but it showed no errors.

WUError-1

Despite the fact no corruption was detected, I ran the following command to fix corruption, Dism /Online /Cleanup-Image /RestoreHealth.  In my case, rather than using Windows Update to retrieve fresh files, I used the /Source switch to point to a copy of the SXS folder from a Windows installation ISO.

WUError-2

Having fixed the corruption Windows Updates now installed.

The volume shadow copy provider is not registered in the system

1 Reply

On a Windows Server 2012 R2 VM protected by Veeam Backup & Replication, Veeam’s application aware processing was failing with the error below.

Retrying snapshot creation attempt (Could not create backup checkpoint for virtual machine ‘%VMNAME%’: The volume shadow copy provider is not registered in the system. (0x80042304). (Virtual machine ID 464FEFAA-0EF5-4E9F-98BF-D76EBE72717B))
Failed to create snapshot (Dell EqualLogic VSS HW Provider) (mode: Veeam application-aware processing with failover) Details: Writer ‘Microsoft Hyper-V VSS Writer’ is failed at ‘VSS_WS_FAILED_AT_PREPARE_SNAPSHOT’. The writer experienced a non-transient error. If the backup process is retried, the error is likely to reoccur. –tr:Failed to verify writers state. –tr:Failed to perform pre-backup tasks.
Retrying snapshot creation attempt (Writer ‘Microsoft Hyper-V VSS Writer’ is failed at ‘VSS_WS_FAILED_AT_PREPARE_SNAPSHOT’. The writer experienced a non-transient error. If the backup process is retried, the error is likely to reoccur. –tr:Failed to verify writers state. –tr:Failed to perform pre-backup tasks.)
Guest processing skipped (check guest OS VSS state and hypervisor integration components version)

The VM is also protected by Azure Site Recovery/Hyper-V Replica and the virtual host running the VM logged a “The volume shadow copy provider is not registered in the system” error each time an application consistent recovery point was attempted.

I checked the registry key HKLM\SYSTEM\CurrentControlSet\Services\VSS\Providers and noticed one of the providers ({74600e39-7dc5-4567-a03b-f091d6c7b092}) was missing a CLSID key.

Reg1

I found another VM running Windows Server 2012 R2 and navigated to the same registry key.  In this case the CLSID key was populated.  I copied the CLSID key from the working system and applied to the VM with the issue.

Reg2

Next I restarted the Hyper-V Volume Shadow Copy Requestor on the VM and found that the VSS error was resolved.

Server 2012 R2 – VSSAdmin Waiting for response & VSSAdmin List Writers is empty

2 Replies

On a Windows Server 2012 R2 Hyper-V cluster I had an issue whereby backups were failing with VSS errors.

When running VSSAdmin List Writers I received the response: “Waiting for responses. These may be delayed if a shadow copy is being prepared.”

VSS0

In order to resolve this I restarted the COM+ Event System service.  Following this VSSAdmin List Writers failed to return anything.

VSS1

When restarting the COM+ Event System service there are a number of dependant services.  I noticed that the COM+ System Application service hadn’t automatically restarted.  I started the service, then restarted the services below.  Following this VSSAdmin List Writers returned the expected list of writers.

  • EqualLogic VSS Requestor – Specific to my use of EqualLogic storage
  • EqualLogic VSS Service – Specific to my use of EqualLogic storage
  • Hyper-V Virtual Machine Management
  • Microsoft Software Shadow Copy Provider
  • Volume Shadow Copy

Disabling WPAD on Windows Server 2012 R2 for SCDPM, Azure Backup Server and Azure Site Recovery

Leave a reply

When using SCDPM 2016 with an Azure Recovery Services Vault I needed to bypass the web proxy for data transfer from SCDPM to the Azure Recovery Services Vault.  I also needed to bypass the proxy for Azure Site Recovery replication traffic on some Hyper-V hosts.

In the case of SCDPM I used the Configure option under Online Protection in the DPM Administration Console to disable the proxy.

I also checked the CBSettings.xml file for proxy information in the location scratch location, which can be found in the reg key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Azure Backup\Config.  As per this KB.

In the case of Azure Site Recovery I ran the Azure Site Recovery Configurator and selected to bypass the proxy server.

In the case of both SCDPM and Azure Site Recovery the replication traffic continued to flow via the web proxy. I removed the DNS suffix used to find the web proxy via WPAD and used the FindProxyForURL toolset to check that WPAD wouldn’t find the proxy.  However, the proxy continued to be used.  In the end I performed the following steps to prevent WPAD from working.

  • Remove the DNS suffix used to find WPAD from the network adapter
  • Ping WPAD to verify the host cannot be found
  • Delete the cached WPAD files from C:\Windows\ServiceProfiles\LocalService\winhttp
  • Delete DefaultConnectionSettings and SavedLegacySettings from HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  • Delete the sub key under HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
  • Restart the WinHTTP Web Proxy Auto-Discovery Service

These are some other useful links:

 

Remotely disable Network Level Authentication (NLA)

1 Reply

If you try to RDP to a machine, but can’t because you receive the error below, you can use PSExec to remotely disable the requirement for NLA.

“The remote computer that you are trying to connect to requires Network Level Authentication (NLA), but your Windows domain controller cannot be contacted to perform NLA.  If you are an administrator on the remote computer, you can disable NLA by using the options on the Remote tab of the System Properties dialog box.”

Download PSExec from TechNet.  Run the code below updating the following values.

\\VMNAME – The name of the machine on which you want to disable NLA

VMNAME\ADMIN_ACCOUNT – The username of a local administrator on the machine on which you want to disable NLA, e.g. pc1\admin

psexec \\VMNAME -u VMNAME\ADMIN_ACCOUNT -p PASSWORD reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp” /f /v SecurityLayer /t REG_DWORD /d 0

 

 

 

Hyper-V VM Stuck In Backing Up… State

24 Replies

In this post I’ll show how to resolve the issue of a VM that’s stuck in the “backing up…” state as shown by Hyper-V Manager, without having to reboot the virtual host.

BackingUp0

 

If a VM is stuck in the backing up… state it’s probably due to an error with the Microsoft Hyper-V VSS Writer.  Open an elevated command prompt and run “vssadmin list writers”.  The output should look like it does below, with no errors listed.

BackingUp1

 

The Microsoft Hyper-V VSS Writer runs within the Hyper-V Virtual Machine Management service, so in order to restart the VSS writer and clear the error, you have to restart the Hyper-V Virtual Machine Management service.  I’ve restarted this service without any issues, but please test this on a test server first.

BackingUp2

You can restart the service from the Services mmc, but if the Hyper-V VSS Writer is in an error state the service may hang on shutdown, in this case you’ll have to kill the vmms.exe process from Task Manager.

BackingUp3

When you do this VMs will disappear from Hyper-V Manager, but will reappear when you restart the Hyper-V Virtual Machine Management service.  Following the service restart the VM should no longer by in a backing up… state.

 

Create A Dedicated Account To Join Computers To A Domain

2 Replies

This is a quick post to describe the process of creating a dedicated account for joining machines to an Active Directory (AD) domain.  This is useful for things like System Center Configuration Manger task sequences and System Center Virtual Machine Manager templates.

First create a standard Windows user account.  Next, right-click on the Computers Organisation Unit (OU) within your AD domain.  From the menu choose Delegate Control…

DJA1

 

On the next screen (Users or Groups) choose Add and select the user account you just created.  Click Next.  Choose “Create a custom task to delegate” on the next screen.

DJA2

 

Next, choose to only delegate control to computer objects and tick Create and Delete selected objects in this folder.  Click Next.

DJA3

 

On the next screen choose to show general permissions and from the list select:

  • Reset password
  • Read and write account restrictions
  • Validated write to DNS host name
  • Validated write to service principal name

DJA4

Click Next and finish to complete the wizard.  Repeat this process for any other OUs where you’ll be joining computers to the domain.

Adding Domain Users To The Local Administrators Group Using Group Policy

15 Replies

Adding AD users to the local administrators group on multiple computers is simple using Group Policy.  In this post I’ll describe the process.

Create a fresh group policy object (GPO) and link it to a test Organisation Unit (OU).  Add a test server to the OU.

Open the GPO and navigate to Computer Configuration -> Policies -> Windows Settings   -> Security Settings -> Restricted Groups.

RestrictedGroups1

 

Right click and choose Add Group.  If you want to add users to the local administrators group enter Administrators.  In the next window under “Members of this group:” click Add and choose the users to add to the local administrators group.  Note that any users that are currently in the local administrators group will be removed and replaced with the users you select here.  If that is what you want click OK and close the GPO.

RestrictedGroups2

The second method allows you to add an AD security group to the local administrators group.  This process is additive and users and groups that are currently in the local administrators group are untouched.

Navigate to Restricted Groups as previous, right click and choose Add Group.  This time enter the name of the AD security group you wish to add to the local administrators group.  Click Ok and on the next screen in the “This group is a member of:” section click Add.  Enter Administrators to add the group to the local administrators group. Click OK and close the GPO to save changes.  You can add additional users to the domain group and they will automatically be part of the local administrators group on servers that apply the GPO.

In Place Upgrade Of Windows Server Standard To Enterprise Or Datacenter Edition

76 Replies

If you need to upgrade a server running Windows Server Standard to either the Enterprise, or Datacenter editions, it’s possible to do so online, without re-installing Windows.

Open an elevated command prompt and type DISM /Online /Get-CurrentEdition.  This will return the current Windows version.

Type DISM /Online /Get-TargetEditions to list the Windows editions to which this server can be upgraded.

If you type DISM /Online /Set-Edition:ServerDataCenter you’ll get the message in the screenshot below.  This is because even if you’re using a KMS server for internal activation, you have to provide a product key.  Fortunately, Microsoft have a page that lists the KMS client setup keys http://technet.microsoft.com/en-us/library/ff793421.aspx.  On this page you can find keys for multiple Windows Server versions.

Typing DISM /Online /Set-Edition:ServerDataCenter /ProductKey:xxxxxx will upgrade the operating system.  All that’s required to complete the upgrade is a reboot.