Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 513 Source: CAPI2

Source
Level
Description
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Comments
 
In some cases the problem is that for the system state backup there is a maximum limit for folders and files for %windir% directory. In case the number is exceeded system state backup will fail, System Writers will disappear from vssadmin writers. This may happen in consequence of an installation of Visual Studio or SharePoint Server.

Microsoft has provided a hotfix:
You cannot back up the system state on a computer that is running Windows Server 2008 R2 or Windows Server 2012 (ME2807849).

See Social Technet Discussion for further information: EV100581 (Missing VSS System Writer and CAPI2 error in Event Log)

A workaround may be to move the "Temporary ASP.NET Files" directory. Here you find a step-by-step instruction: EV100582 (Disappearing VSS System Writer and ASP.NET).
The following sequence of commands resets the permissions and restores the System Writer, at least until some update corrupts the permissions again:

   cd c:\windows\system32
   Takeown /f %windir%\winsxs\filemaps\* /a
   icacls %windir%\winsxs\filemaps\*.*  /grant "NT AUTHORITY\SYSTEM:(RX)"
   icacls %windir%\winsxs\filemaps\*.*  /grant "NT Service\trustedinstaller:(F)"
   icacls %windir%\winsxs\filemaps\*.*  /grant "BUILTIN\Users:(RX)"

Try listing permissions before you try this, since your situation could be different than ours.  The following command will save the listed permissions to a file, but will fail if your permissions are also corrupt:

cd /d c:\windows\system32
icacls %windir%\winsxs\filemaps\* > C:\acls.txt

Since you obviously may not get a good backup of this before proceeding, be aware that there is no guarantee this won't make things worse!
See the link to T734021 for information on solving this problem.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...