Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 13 Source: VSS

Source
Level
Description
Volume Shadow Copy Service information: The COM Server with CLSID <id> and name <name> cannot be started. [%3] %4
Comments
 
In my case (Windows 2008 SP2) the recommended checks were all ok and just the Microsoft Shadow Copy provider installed. Other symptomps: event was followed by VSS Event Ids 12292, 34 and 8193

Solved by recreating the entire shadow copy space:

Run

vssadmin list shadowstorage - This lists your current settings

vssadmin Delete ShadowStorage /For=C: /On=D: - Delete the current shadow copy storage space. You'll loose all snapshots! Modify the paramters to your needs.

vssadmin Add ShadowStorage /For=C: /On=D: /MaxSize=1024MB - recreate the shadow copy space
As per Microsoft:

Check that services are enabled and providers are operating properly
To resolve this issue, check that the COM+ Event System service is started and that the Volume Shadow Copy service (VSS service) and Microsoft Software Shadow Copy Provider service are both enabled. You should also make sure that third-party installed VSS providers are operating properly. If a VSS provider is not operating properly, you should try reinstalling it. If that does not work, you should contact the provider vendor.

To perform these procedures, you must have membership in Administrators, or you must have been delegated the appropriate authority.

Check that the COM+ Event System service is started
To check that the COM+ Event System service is started:

Click Start, click Administrative Tools, and then click Services.
In the results pane, double-click COM+ Event System.
In Service status, make sure that the status is Started. If the status is not Started, click Start.
Make sure Startup type is set to Automatic.
Click OK.
Check that the VSS service is enabled
To check that the VSS service is enabled:

Click Start, click Administrative Tools, and then click Services.
In the results pane, double-click Volume Shadow Copy.
Make sure Startup type is set to Manual.
Click OK.
Check that the Microsoft Software Shadow Copy Provider service is enabled
To check that the Microsoft Software Shadow Copy Provider service is enabled:

Click Start, click Administrative Tools, and then click Services.
In the results pane, double-click Microsoft Software Shadow Copy Provider.
Make sure Startup type is set to Manual.
Click OK.
Make sure that third-party installed VSS providers are operating properly
To make sure that third-party installed VSS providers are operating properly:

Open an elevated Command Prompt. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
Type vssadmin list providers at the command prompt.
For each provider in the list, use the vssadmin create shadow command to create a shadow copy of the volume for which the provider is responsible.

Verify
To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To verify that the Volume Shadow Copy Service is started:

Click Start, point to Administrative Tools, and then click Services.
In the results pane, double-click Volume Shadow Copy.
In Service status, make sure that the status is Started. If the status is not Started, click Start.
Make sure Startup type is set to Manual.
Click OK.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...