Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.%1.
|English: Request a translation of the event description in plain English.|
I tried the initial comments here but neither of them helped me out. Some more Technet research provided with this shell script:
Takeown /f * /a
icacls *.* /grant "NT AUTHORITY\SYSTEM:(RX)"
icacls *.* /grant "NT Service\trustedinstaller:(F)"
icacls *.* /grant BUILTIN\Users:(RX)
net stop cryptsvc
net start cryptsvc
vssadmin list writers | more
This did the job! Please note that this the second time I had this error, after the first time i fixed it via the above script, it returned. Apparently, this might be due to some infrequent but repetitive admin activity.
Check if "System Writer" is operating by running "vssadmin list writers" from CMD prompt.
If not type the following commands:
Takeown /f %windir%\winsxs\filemaps\* /a
icacls %windir%\winsxs\filemaps\*.* /grant "NT AUTHORITY\SYSTEM:(RX)"
icacls %windir%\winsxs\filemaps\*.* /grant "NT Service\trustedinstaller:(F)"
icacls %windir%\winsxs\filemaps\*.* /grant "BUILTIN\Users:(RX)"
As per T734021, the Component Object Model (COM) applications must be able to access the COM+ catalog files that are stored in the COM catalog folder. If the default access control list is changed on the COM catalog folder within the Windows folder, the Shadow Copy System Writer may not work properly. See the article on how to modify the access control list on the registration folder.
This error occurs at or shorly after the service "TrustedInstaller" on a German version of Windows Vista x64 was gone. After the service was gone the system was unable to install/remove any updates (error 0x80070424). This error code means also that a needed service is gone... Trying to start the service using "net start trustedinstaller" failed as expected with 1060.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated