Exchange VSS Cluster Errors
We are getting these event log alerts on our Exchange Clusters, Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. Found this post addressing the fix can someone tell me if this will infact resolve my problem, the third party apps are two well known Backup programs. Forum Post Wrote:Not saying the following hotifx will resolve the issue you're seeing, but may prevent other VSS issues you haven't encountered just yet. 887827 A Volume Shadow Copy Service (VSS) update-2 package is available http://support.microsoft.com/?id=887827 The error you're seeing in the Application Event log, are typically when using a 3rd party backup program that utilizes Windows 2003 VSS and has it's own requestor. If you run the vssadmin list writers command after a backup failure, one of the writers may show the last error as Non-Retryable Error as seen below: Writer name: 'Cluster Service Writer' Writer Id: {41e12264-35d8-479b-8e5c-9b23d1dad37e} Writer Instance Id: {a23970d8-f802-4e5d-92f5-db428a6c5613} State: [1] Stable Last error: Non-retryable error In the above case: It looks like the requestor (the backup application) does not allow the cluster writer to call back into their process. Most likely you call CoInitializeSecurity with wrong parameters or no call to CoInitializeSecurity at all. Technical details: The event message above is coming from the cluster service process, hosting the cluster writer. At this moment, this is the only writer that is running under an administrative account which is not Local System. But COM disables access by default to everybody except "SELF" (the current logon session) and Local SYSTEM. This is why you are getting the callback error event, and the failed cluster writer state. Please see the following link for more details. http://msdn.microsoft.com/library/en...iderations_for _requestors.asp Explicitly Controlling User Account Access to a Requestor There are cases where restricting access to a requestor to processes running as Local System, or under the local Administrators or local Backup Operators groups, may be too restrictive. For example, a given writer process (perhaps a third-party non-system writer) might not ordinarily need to be run under an Administrator or Backup Operator account. For security reasons, it would be best not to artificially promote the processes privileges to support VSS. In these cases, a secure registry location needs to be modified to instruct VSS that a given user is safe to run a VSS writer. The following example grants access to the "MyDomain\MyUser" account: HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services VSS VssAccessControl <--- ADD KEY MyDomain\MyUser = 1 <--- ADD VALUE However - Ultimetly the the OEM backup vendor will need to fix their requestor to adhere to the standards outlined in the above link.
September 19th, 2007 5:39pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics