Windows Server 2016 – Event ID 7000 & 7009

November 8, 2017

More Event ID Errors, it does not seem to stop … ?

Event ID 7000 and 7009 relating to a Service not starting at reboot.

image

The WseMgmtSvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

SOLUTION :

Go to Services and find Windows Server Essentials Management Service

image

Change the startup to Automatic – Delayed Start

image

Advertisements

Windows Server 2016 – Event ID 7023 Error

November 8, 2017

Every reboot you will see this error 3 times popping up … ?

Service Control Manager Event ID 7023

image

Message :

Data Sharing Service
%%3239247874

SOLUTION :

1. Run this command :

– sc config DsSvc type=own

image

2. Next start the service Data Sharing Service and check it runs OK

image

No errors in the Event Log anymore Smile

Enjoy !


Windows Server 2016 – Event ID 8193 / 8194 Error

November 8, 2017

OK while we are on track solving all critical Event log Errors we just might also tackle this one… Winking smile

Like Event ID 8193 / 8194 and 12291 VSS …

SOLUTION :

1. Event ID 8193 – Check Registry Key Security Settings for the NETWORK SERVICE Account.

MESSAGE : VSS error ID 8193 (Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW…)

Add the NETWORKS SERVICE account to the VSS Service RegKey Diag :

– HKLM\System\CurrentControlSet\Services\VSS\Diag

image

2. Event ID 8194 – Check DCOM Security Settings for the NETWORK SERVICE Account.

MESSAGE : Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.

Open the DCOMCNFG check if the NETWORK SERVICE is present if not add the LOCAL ACCESS.

image


Windows Server 2016 – Event ID 3 Filter Manager Error After Backup starts

November 8, 2017

More Event Error to tackle Sad smile 

image

Message is a follows :

Filter Manager failed to attach to volume ‘\Device\HarddiskVolume64’. 

This volume will be unavailable for filtering until a reboot.  The final status was 0xC03A001C.

According to this blogpost the reason is simple :

https://www.mcbsys.com/blog/2012/12/filtermanager-event-id-3-during-backups/

When using the native Backup solution from Windows, and the backup destination is an External Drive.

You can get this error when the Windows Search Service is running ?

SOLUTION :

Stop the Windows Search Service before the backup starts and start again afterwards.

– net stop wsearch

– net start wsearch

image

You can incorporate this is the existing Backup Scheduled Tasks like this :

Add one command BEFORE and 1 command AFTER the backup job.

image

image

Check the errors afterwards again to see that they are gone.

Enjoy !


Windows Server 2016 – Event ID 82 / 13 / 6 Errors Certificate enrollment for Local system failed

November 7, 2017

image

SOLUTION :

If you have a Certificate Authority Server running in your domain.

Check using the CERTUTIL cmdline tool to see if there are errors.

image

Also use the Certificates MMC to review the active Certificates.

image

Best check if the Domain Controllers are added to the “CERTSVC_DCOM_ACCESS” Domain Local Security Group.

image

image

In the worst case if you don’t need the Certificate Authority Service anymore, follow these steps to stop it and clean up.

1. Open the Certification Authority mmc

image

2. Set the CRL Publication interval according to the instructions below, and Publish

image

image

image

3. Many Steps to Follow  …

https://support.microsoft.com/en-gb/help/889250/how-to-decommission-a-windows-enterprise-certification-authority-and-r

More TroubleShoot info see here :

https://blogs.technet.microsoft.com/instan/2009/12/07/troubleshooting-autoenrollment/

Success !


Windows Server 2016 – Event ID 513 CAPI2 Error

November 7, 2017

Again Recurring errors in the event viewer relating to the Backup process

image

The message clearly identifies a security related Issue…

Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.


System Error:

Access is denied.

SOLUTION :

1. Use the accesschk Utility from MS SysInternals to check the Security Access on MSLLDP & MUP :

– accesschk64 -c mslldp

– accesschk64 -c mup

image

You will notice the difference is the SERVICE account that has no access.

2. Use the SC utility to show the Security Descriptors

– SC sdshow MSLLDP

– SC sdshow MUP

image

3.  Add the missing SERVICE Access Descriptor to the MSLLDP

– (A;;CCLCSWLOCRRC;;;SU)

Copy from the above MSLLDP String, and add the SERVICE Access Descriptor

4. Update the security settings using this command using the SC SDSET command

– sc sdset MSLLDP + string

image

5. Check the result of the update and as well Event Log next time after the backup has run.

image

Success !


Windows Server 2016 – Event ID 304 and 307 Error

November 6, 2017

When logging into the server you can see these Errors Appearing

 

image

The message says

image

SOLUTION :

1. Go the the Tasks Scheduler and look for \Microsoft\Windows\Workplace Join

image

2.  DISABLE the tasks Automatic-Device-Join

 

image

Log out and back in and check the Event Log again.

Enjoy !