To totally unlock this section you need to Log-in
Login
On Small Business Server 2011 Standard or Windows Server 2008 R2, you may see warnings in the application event log similar to the following:
Log Name: Application Source: VSS Date: 4/11/2011 9:48:48 AM Event ID: 8230 Task Category: None Level: Warning Keywords: Classic User: N/A Computer: CONTOSOSERVER.contoso.local Description: Volume Shadow Copy Service error: Failed resolving account spsearch with status 1376. Check connection to domain controller and VssAccessControl registry key.
The warnings may also reference the spfarm account.
Cause
SBS 2011 Standard Edition installs Sharepoint 2010 Foundation in SharePoint farm mode. The accounts SPfarm and SPsearch are used as service accounts for some of the Sharepoint services. In order to be able to utilize the VSS writers, the accounts must be granted access to VSS. The accounts are added by SBS to the VssAccessControl registry key but the VSS service fails to locate the accounts.
Resolution
You can use the following steps to workaround the issue.
- In Active Directory Users and Computers, create a Domain Local Security Group named VSSRegistryGroup.
- Add SPFARM and SPSEARCH accounts to the VSSRegistryGroup group
- Run regedit.
- Go to: HKLM\System\CurrentControlSet\services\vss\VssAccessControl
- Add DWORD value of DOMAIN\vssregistrygroup where domain is the netbios domain name (example: CONTOSO\vssregistrygroup set the DWORD value to 1.
Note: the Domain name must be in all caps.
- Remove values for domain\spsearch and domain\spfarm.
- Go to HKLM\System\CurrentControlSet\Services\Vss\Diag.
- Right click on Diag and go Permissions, click Advanced and add VSSRegistrygroup group with Full Control.
- Remove spsearch and spfarm accounts from the list of permissions.
- Reboot the server
VSSAccessControl
The registry hive VSSAccessControl could list more than the default account for VSS, NETWORK SERVICE, for example Network Service and account_name).
The adding of a domain user account added to this list could raise VSS warnings, as 8230: to solve this issue you have to remove account_name from the VSSAccessControl registry hive and reboot the server.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl
Enables or prevents a writer from using a specific user account
In order for any writer to use the VSS infrastructure, the writer must run under an account that is a member of the local Administrators or Backup Operators group on the local computer. For example, a writer running under the Local System account meets this requirement. This is true for the vast majority of writers.
You can, however, enable a writer to use a specific user account by adding the appropriate registry entry. You can also prevent a writer from using a specific user account.
To enable a writer to use a specific user account, add a REG_DWORD entry with the name equal with the user name. Set the value of the registry entry to 1 (one).
To prevent a writer from using a specific user account, add a REG_DWORD entry with the name equal with the user name. Set the value of the registry entry to 0 (zero).