Guest Sejong Posted October 24, 2008 Posted October 24, 2008 After the Active Directory Domain Services (AD DS) role is added to a Windows Server 2008 server, running vssadmin list writers generates output that does not include System Writer and generates Event ID 513 from CAPi2 in the Application log. Text of this event: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Prior to adding the AD DS role, running vssadmin list writers generates output that does include System Writer and does not generate Event ID 513. Permissions on the Registration folder in the Windows folder (%windir%) are as shown below. In all cases the permission are shown under Special permissions, are <not inherited>, and apply to This folder and files Everyone: List folder / read data, Read attributes, Read extended attributes, and Read permissions Administrators (DomainName\Administrators): Full Control SYSTEM: Full control I think this is a permissions issue. Event ID 513 is generated by the Cryptographic Services service (CryptSvc), which runs under the Network Service Account. I believe the Network Service Account runs with the permissions of the Authenticated Users group. However, adding the Authenticated Users group with Full control permissions to the Registration folder doesn't eliminate the error.
Recommended Posts