VSS Warnings in the Application Event Log (Event ID 8230)


To totally unlock this section you need to Log-in


Login

On Small Business Server 2011 Standard or Windows Server 2008 R2, you may see warnings in the application event log similar to the following:

Log Name:      Application
Source:        VSS
Date:          4/11/2011 9:48:48 AM
Event ID:      8230
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      CONTOSOSERVER.contoso.local
Description:
Volume Shadow Copy Service error: Failed resolving account spsearch with status 1376. Check connection to domain controller and VssAccessControl registry key. 

The warnings may also reference the spfarm account.

Cause

SBS 2011 Standard Edition installs Sharepoint 2010 Foundation in SharePoint farm mode. The accounts SPfarm and SPsearch are used as service accounts for some of the Sharepoint services. In order to be able to utilize the VSS writers, the accounts must be granted access to VSS. The accounts are added by SBS to the VssAccessControl registry key but the VSS service fails to locate the accounts.

Resolution

You can use the following steps to workaround the issue.

  • In Active Directory Users and Computers, create a Domain Local Security Group named VSSRegistryGroup.
  • Add SPFARM and SPSEARCH accounts to the VSSRegistryGroup group
  • Run regedit.
  • Go to: HKLM\System\CurrentControlSet\services\vss\VssAccessControl
  • Add DWORD value of DOMAIN\vssregistrygroup where domain is the netbios domain name (example: CONTOSO\vssregistrygroup set the DWORD value to 1.

Note: the Domain name must be in all caps.

  • Remove values for domain\spsearch and domain\spfarm.
  • Go to HKLM\System\CurrentControlSet\Services\Vss\Diag.
  • Right click on Diag and go Permissions, click Advanced and add VSSRegistrygroup group with Full Control.
  • Remove spsearch and spfarm accounts from the list of permissions.
  • Reboot the server

VSSAccessControl

The registry hive VSSAccessControl could list more than the default account for VSS, NETWORK SERVICE, for example Network Service and account_name).

The adding of a domain user account added to this list could raise VSS warnings, as 8230: to solve this issue you have to remove account_name from the VSSAccessControl registry hive and reboot the server.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl

Enables or prevents a writer from using a specific user account

In order for any writer to use the VSS infrastructure, the writer must run under an account that is a member of the local Administrators or Backup Operators group on the local computer. For example, a writer running under the Local System account meets this requirement. This is true for the vast majority of writers.

You can, however, enable a writer to use a specific user account by adding the appropriate registry entry. You can also prevent a writer from using a specific user account.

To enable a writer to use a specific user account, add a REG_DWORD entry with the name equal with the user name. Set the value of the registry entry to 1 (one).

To prevent a writer from using a specific user account, add a REG_DWORD entry with the name equal with the user name. Set the value of the registry entry to 0 (zero).