Backup job fails with “VIX Error Code: 13” or “Access is denied. Code: 5”

Veeam Backup & Replication
Last Modified:
KB Languages:
ES | FR | IT


The backup or replication job fails with the following error message:
VIX Error: You do not have access rights to this file Code: 13
RPC function call failed. Function name: [IsSnapshotInProgress].RPC error: Access is denied. Code: 5


The issue occurs when Veeam is unable to start the agent that triggers Microsoft VSS on the guest machine because of insufficient privileges. It may also be related to VMware Tools malfunction.


To resolve:

1. Ensure that the account being used by Veeam is a member of the Local Administrators group on the VM that is to be backed up.
2. If the account being used is not named “Administrator”, you must disable UAC on the Guest OS of the VM to be backed up.

a.  For 2008/2008 R2, in the “Change User Account Control Settings”, move slider to Never Notify
b.  For 2012/2012 R2/2016, you must change the “EnableLUA” DWORD to 0 in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system

3.  Uninstall VMware Tools, and Reinstall VMware Tools. (Please see for more information). If you are unable to upgrade existing VMware tools see


More Information

For more information regarding disabling UAC under 2012 and 2012 R2, please review the following:

While most service accounts created have the ability to manage files, folders, and services, many may not have the rights to execute VSS tasks. This is why a user that is in the Administrator group should be specified for application-aware image processing and guest filesystem indexing.
By default in a VMware vSphere environment if Veeam Backup & Replication is not able to reach the <ip>\Admin$ share of the Guest VM, it will failover to a network-less protocol called VIX.
In situations where UAC must remain enabled, named Administrator accounts must be used for this process. Only administrative accounts with SID-500 access will be able to execute remote administration commands with this Windows feature enabled. These will be the local “Administrator” account made locally when installing windows, or the “Administrator” account used with the domain. Created domain administrator accounts have a default SID-512 and may not be sufficient for remote administration.


Please be aware that we’re making changes which will restrict access to product updates for users without an active contract.


Rate the quality of this KB article: 
3.5 out of 5 based on 169 ratings

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.

Report a typo on this page:

Please select a spelling error or a typo on this page with your mouse and press CTRL + Enter to report this mistake to us. Thank you!

Spelling error in text: