- Veeam Support Knowledge Base
- VSS errors related to NTDS writer failures
VSS errors related to NTDS writer failures
Cheers for trusting us with the spot in your mailbox!
Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest
Challenge
Unable to release guest. Details: Unfreeze error: [Backup job failed. Cannot create a shadow copy of the volumes containing writer's data. A VSS critical writer has failed. Writer name: [NTDS]. Class ID: [{b2014c9e-8711-4c5c-a5a9-3cf384484757}]. Instance ID: [{66fddc15-0e4c-4a2a-ad31-32eaf6dae8a3}]. Writer\'s state: [VSS_WS_FAILED_AT_POST_SNAPSHOT]. Error code: [0x800423f4].]
Error: VSSControl: 0 Backup job failed.
Cannot create a shadow copy of the volumes containing writer's data.
Cannot prepare the [NTDS] data to a subsequent restore operation.
Cannot process NTDS data.
Cannot create a backup copy of the BCD.Error: VSSControl: -1 Backup job failed.
Cannot create a shadow copy of the volumes containing writer's data.
Cannot prepare the [NTDS] data to a subsequent restore operation.
Cannot process NTDS data.
Cannot create a backup copy of the BCD. Cannot get [BcdStore] object. COM error: Code: 0xffffffffSolution
Attempt each of the following troubleshooting angles individually, testing the job after each.
Reboot the Domain Controller
Isolate Anti-Virus Interference
Disabling the anti-virus temporarily can help isolate whether the issue is related to interference from the anti-virus. Disable\uninstall the anti-virus fully and run the Veeam job. If the job works, reenable\reinstall the antivirus, and if the job begins to fail again, the anti-virus needs to be investigated.
Many anti-virus solutions have developed modules that monitor and prevent access to the boot configuration data (BCD). These "boot protection modules" have been observed to prevent Veeam's Application-Aware Processing processing from working with Domain Controllers. During the backup job's Application-Aware Processing step, for Domain Controllers only, the BCD is temporarily modified to enable SafeBoot.
For more information about anti-virus exclusions recommended for Veeam Backup & Replication review: https://www.veeam.com/kb1999
Verify that the NTDS VSS writer is stable
vssadmin list writersWriter name: 'NTDS'
Writer Id: {b2014c9e-8711-4c5c-a5a9-3cf384484757}
Writer Instance Id: {ee24b741-eaf7-4663-8f95-b92ae8c5e164}
State: [1] Stable
Last error: No errorIf the NTDS writer is not listed as "State: [1]Stable", reboot the Domain Controller.
If the NTDS VSS writer fails to remain stable and job failures persist, further investigation using VSS Trace may be necessary.
Note: If the NTDS writer does not appear in the list, it is advisable to contact Microsoft support to investigate why the writer is not present.
More Information
Isolating VSS issue using Windows Server Backup
As an isolation step, enable the Windows Server Backup feature within Server Manager. Then perform a full backup, including the system state.
If this fails with a similar VSS error, there is likely an OS-level issue that will require deeper investigation. Veeam Support will do its best to assist with investigating and will be available to work with you and Microsoft Support.
Rarer Solutions
Verify that there are no .bak keys in the ProfileList within the Registry.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Spelling error in text
Thank you!
Your feedback has been received and will be reviewed.
Oops! Something went wrong.
Please try again later.
You have selected too large block!
Please try select less.
KB Feedback/Suggestion
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
Thank you!
Your feedback has been received and will be reviewed.