Nomen Posted July 8, 2018 Share Posted July 8, 2018 (edited) Win-7 ultimate, 32-bit. I'm seeing many instances of these two events in pairs in Application event log: ------------ Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Event ID 12292 ----------- Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Event id 13 ------------ Volume shadow copy service is set to manual startup. Control Panel\All Control Panel Items\Backup and Restore says "Windows backup has not been set up" If something is trying to happen based on system scheduler, how do I check (and disable) said item? Otherwise, what is causing these events? Edit: I also notice this event ID happens in conjunction with the above 2: --------------- The VSS service is shutting down due to idle timeout. event ID 8224 ---------------- Edited July 8, 2018 by Nomen Link to comment Share on other sites More sharing options...
Nomen Posted July 8, 2018 Author Share Posted July 8, 2018 To add more info: I have "Microsoft Software Shadow Copy Provider" service set to Disabled, Volume Shadow Copy service set to Manual, and Windows Backup service set to Manual - I see that it's current status is "Started" and Volume Shadow Copy is not started. Does anyone know, or can give an explanation, as to the inter-relationship between those 3 services - in terms of what am I really missing if I disable all 3? I have never initiated a Windows Backup on this system nor have I knowingly configured Windows Backup to do anything on a schedule nor do I intend to. BlackViper has one or more of those services disabled under a bare-bones configuration, but for a Tweaked config they are set to manual. Is there an explanation as to what a "volume shadow copy" is or why I would want/need it, and why are there 2 different "shadow copy" services anyways? What do they do / what uses them / do I really need them? Link to comment Share on other sites More sharing options...
HarryTri Posted July 10, 2018 Share Posted July 10, 2018 (edited) These services are used by System Restore to create system restore points and by Windows Backup or other software to make images of the Windows partition while it is in operation. They are very useful in this way and I don't see why you should disable them (even if you don't use them, they may be useful for other things too). Also, because they are related to each other, I don't find it a good idea to have other of them enabled and other disabled, perhaps this is the cause of the errors you get. Disable Windows Backup if you want but not the other two. On Κυριακή, 8 Ιουλίου 2018 at 5:01 AM, Nomen said: The VSS service is shutting down due to idle timeout. event ID 8224 This is absolutely normal, just ignore it. Edited July 10, 2018 by HarryTri Link to comment Share on other sites More sharing options...
Nomen Posted July 11, 2018 Author Share Posted July 11, 2018 I have disabled windows updates and have not installed any new software recently, so I don't know why the system would be trying to create restore points so frequently. I have now disabled all 3 of these services for a couple of days and this is now what I'm seeing in event log: --------------------- Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Instantiating VSS server Event ID 8193 ----------------- Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Instantiating VSS server Event ID 13 ----------------- What keeps trying to use or activate the VSS server, and how can I disable this? If I want to create a backup or restore point, I'll do it myself, manually. If the purpose of this VSS crap is something else, then what is it? Link to comment Share on other sites More sharing options...
HarryTri Posted July 11, 2018 Share Posted July 11, 2018 4 hours ago, Nomen said: If I want to create a backup or restore point, I'll do it myself, manually. Even in this case you still need VSS. Link to comment Share on other sites More sharing options...
Nomen Posted July 12, 2018 Author Share Posted July 12, 2018 > > If I want to create a backup or restore point, I'll do it myself, manually. > Even in this case you still need VSS. I should have said "I don't really intend to perform backups or create restore points" so I don't want this vss crap running or taking up system resources. I had to temporarily turn on the two shadow-copy services in order to run the command line "vssadmin list shadowstorage" - and that gave me "No items found that satisfy the query". Ok, fine. Control-panel / System / System protection has Protection Settings - Protection (off). Configure restore settings has Restore Settings -> Turn off system protection. Disk space usage - current usage 0 bytes. So I'm still stumped, wondering why the system is throwing VSS / Volume shadow copy events in the event log when I'm doing my best to tell the system to not use or enable any such service. Link to comment Share on other sites More sharing options...
Tripredacus Posted July 12, 2018 Share Posted July 12, 2018 There may be a scheduled task present that is trying to run something. Run schtasks on elevated CMD and see if anything shows up there. Link to comment Share on other sites More sharing options...
Nomen Posted July 12, 2018 Author Share Posted July 12, 2018 (edited) Schtasks seems to search for tasks by looking through system folders? Odd. I would have thought that scheduled tasks were stored in the registry or a centralized file, not helter-skelter like this. I take it that for the following list, the root-level folder is c:\windows... For these folders: Folder: \ Folder: \Microsoft Folder: \Microsoft\Windows Folder: \Microsoft\Windows\Media Center Folder: \Microsoft\Windows\PLA the response is: INFO: There are no scheduled tasks presently available at your access level. Given that I'm running this at admin level, and given that that this is a windows-NT-based operating system, I am therefore not confident that I am getting a list of tasks that I would think should be "presently available at my access level". But taken at face value, I'm being told that there are "no" scheduled tasks located in those folders. (why tasks should be organized by folder is beyond me). For the following folders, the "next run time" is either disabled or N/A and the status is either Ready or Unknown: Folder: \Microsoft\Windows\Active Directory Rights Management Services Client Folder: \Microsoft\Windows\AppID Folder: \Microsoft\Windows\Autochk Folder: \Microsoft\Windows\Bluetooth Folder: \Microsoft\Windows\CertificateServicesClient Folder: \Microsoft\Windows\Location Folder: \Microsoft\Windows\MemoryDiagnostic Folder: \Microsoft\Windows\MUI Folder: \Microsoft\Windows\Multimedia Folder: \Microsoft\Windows\NetTrace Folder: \Microsoft\Windows\PerfTrack Folder: \Microsoft\Windows\Ras Folder: \Microsoft\Windows\RemoteAssistance Folder: \Microsoft\Windows\Shell Folder: \Microsoft\Windows\SoftwareProtectionPlatform Folder: \Microsoft\Windows\Task Manager Folder: \Microsoft\Windows\Tcpip Folder: \Microsoft\Windows\TextServicesFramework Folder: \Microsoft\Windows\UPnP Folder: \Microsoft\Windows\User Profile Service Folder: \Microsoft\Windows\WDI Folder: \Microsoft\Windows\Windows Error Reporting Folder: \Microsoft\Windows\Windows Filtering Platform Folder: \Microsoft\Windows\Windows Media Sharing Folder: \Microsoft\Windows\WindowsColorSystem Folder: \Microsoft\Windows\Wininet For the following, they are showing a specific next-run-time. I am showing the taskname, next run time, and Status: Folder: \Microsoft\Windows\Application Experience AitAgent 7/13/2018 2:30:00 AM Unknown ProgramDataUpdater 7/13/2018 12:30:00 AM Unknown Folder: \Microsoft\Windows\Customer Experience Improvement Program Consolidator 7/12/2018 6:00:00 PM Could not start KernelCeipTask 7/19/2018 3:30:00 AM Unknown UsbCeip 7/14/2018 1:30:00 AM Ready Folder: \Microsoft\Windows\Defrag ScheduledDefrag 7/18/2018 1:46:48 AM Ready Folder: \Microsoft\Windows\Diagnosis Scheduled 7/15/2018 1:00:00 AM Ready Folder: \Microsoft\Windows\Maintenance WinSAT 7/15/2018 1:00:00 AM Ready Folder: \Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem 7/17/2018 8:33:11 AM Ready Folder: \Microsoft\Windows\RAC RacTask 7/12/2018 11:14:00 AM Ready Folder: \Microsoft\Windows\Registry RegIdleBackup 7/17/2018 12:29:18 AM Ready Folder: \Microsoft\Windows\SystemRestore SR 7/13/2018 12:00:00 AM Unknown Folder: \Microsoft\Windows\Time Synchronization SynchronizeTime 7/15/2018 1:00:00 AM Ready Folder: \Microsoft\Windows\WindowsBackup ConfigNotification 7/13/2018 10:00:00 AM Ready Folder: \Microsoft\Windows Defender MP Scheduled Scan 7/13/2018 5:33:06 AM Unknown I am seeing defrag events in the event logs, and they are indicating that defrag ran fine, no problems. But I think it's running too often and it's probably something that I'd like to run manually instead of automatically. Other than that, I see one item above (Consolidator) that could not start. And I see that system restore and windows backup are set to run on July 13 even though the control panel settings have them disabled (I just love NT-based Windows!). Other than that, it's not intutive for me to see if any of these other various tasks would involve shadow copy service. Edited July 12, 2018 by Nomen Link to comment Share on other sites More sharing options...
Tripredacus Posted July 13, 2018 Share Posted July 13, 2018 22 hours ago, Nomen said: INFO: There are no scheduled tasks presently available at your access level Yeah, there are tasks for each of those, but you cannot see them. You would need to impersonate our favorite security context, Trusted Installer, to even see them. But seeing the output like this, all in one place, is better than dealing with the Task Scheduler, which buried everything in a bunch of folders... Which is the "folders" you are seeing being referenced, not folders on your hard drive. Start first with disabling tasks that you know are relating to services or options you have disabled. Even if something is disabled, a task may exist to attempt something, and when it cannot (or a child process cannot) then you can get a log in event viewer. The Task Scheduler in Windows Vista and newer OS is one thing I never cared for. It seems like everything got way more complicated for some reason. Link to comment Share on other sites More sharing options...
HarryTri Posted July 13, 2018 Share Posted July 13, 2018 On Πέμπτη, 12 Ιουλίου 2018 at 6:21 PM, Nomen said: Folder: \Microsoft\Windows\SystemRestore SR 7/13/2018 12:00:00 AM Unknown On Πέμπτη, 12 Ιουλίου 2018 at 6:21 PM, Nomen said: Folder: \Microsoft\Windows\WindowsBackup ConfigNotification 7/13/2018 10:00:00 AM Ready Try to disable these tasks as Tripredacus suggested. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now