Monday, May 13, 2013

Windows Event ID 513, CAPI 2

Symptoms
System State Backups were failing via the backup software, but the regular flat files were still backing up OK. VSS was also displaying some errors in the event logs. Main error was:

Windows Event ID 513, CAPI 2

Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Hardware/Software
(2) Servers. Both had Windows 2008 Server as an OS. One was a VM and the other was a Physical.

Verification Test
CMD vssadmin list writers

You are looking for a Writer Name: 'System Writer'

If you see it in the list then this solution may not apply to your box. If you don't see it then please proceed.

Main Attempt
Go to: C:\Windows\Registration
Change permissions to:
  • SYSTEM = Full
  • Everyone = RO
  • Administrators = Full
Online searches didn't mention to propagate down but when these changes didn't work, I tried to do a propagation and that also didn't work. Bunk solution in my case.

Real Solution
Run these under a CMD. No restart necessary. Run another vssadmin list writers to verify.

Takeown /f %windir%\winsxs\filemaps\* /a
icacls %windir%\winsxs\filemaps\*.* /grant "NT AUTHORITY\SYSTEM:(RX)"
icacls %windir%\winsxs\filemaps\*.* /grant "NT Service\trustedinstaller:(F)"
icacls %windir%\winsxs\filemaps\*.* /grant BUILTIN\Users:(RX)

Sources
All over the place but these 2 locations were the primaries.
Link1
Link2