Challenge


Veeam Backup & Replication job using Application-Aware Processing to process a Domain Controller fails with one the following errors:

Unable to release guest. Details: Unfreeze error: [Backup job failed. Cannot create a shadow copy of the volumes containing writer's data. A VSS critical writer has failed. Writer name: [NTDS]. Class ID: [{b2014c9e-8711-4c5c-a5a9-3cf384484757}]. Instance ID: [{66fddc15-0e4c-4a2a-ad31-32eaf6dae8a3}]. Writer\'s state: [VSS_WS_FAILED_AT_POST_SNAPSHOT]. Error code: [0x800423f4].]
Error: VSSControl: 0 Backup job failed.
Cannot create a shadow copy of the volumes containing writer's data.
Cannot prepare the [NTDS] data to a subsequent restore operation.
Cannot process NTDS data.
Cannot create a backup copy of the BCD.
Error: VSSControl: -1 Backup job failed.
Cannot create a shadow copy of the volumes containing writer's data.
Cannot prepare the [NTDS] data to a subsequent restore operation.
Cannot process NTDS data.
Cannot create a backup copy of the BCD. Cannot get [BcdStore] object. COM error: Code: 0xffffffff


Solution

The actions listed in this section are to be performed within the Guest OS of the DC that is having these issues.

The cause is most likely one of the following. If a listed troubleshooting step requires attention, test the Veeam job after performing that troubleshooting task, before proceeding on to further troubleshooting steps.

 

Verify that the NTDS VSS writer is stable.

From an elevated command prompt run the following command:

vssadmin list writers


The results will appear as:

Writer name: 'NTDS'
Writer Id: {b2014c9e-8711-4c5c-a5a9-3cf384484757}
Writer Instance Id: {ee24b741-eaf7-4663-8f95-b92ae8c5e164}
State: [1] Stable
Last error: No error


If the NTDS writer is not listed as "State: [1]Stable", reboot the DC (Domain Controller).

Note: If the NTDS writer does not appear in the list, it is advisable to contact Microsoft support for their assistance in investigating why the writer is not present.

 

Verify that Automatic mounting of new volumes enabled.

From a Run prompt (Win+R) run the program 'diskpart'.

From within DiskPart run the following command.

automount


If the results do not show “Automatic mounting of new volumes enabled.” Run the following command:

automount enable

 

Verify that there are no .bak keys in the ProfileList within the Registry.

Open the Registry Editor (regedit.exe)

Within the registry navigate to:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList


There will be a list of Keys, you must remove any ending in .bak
User-added image