Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 8230 Source: VSS

Source
Level
Description
Volume Shadow Copy Service error: Failed resolving account account_name with status 1376. Check connection to domain controller and VssAccessControl registry key.

Error-specific details:
   Error: NetLocalGroupGetMemebers(account_name) 0x80070560 The specified local group does not exist.
Comments
 
If this is happening on SBS 2011 Standard, here is the fix: ME2537096.
Problem was resolved by reconfiguring Sharepoint 2010. Go to start, Sharepoint 2010 and launch the Sharepoint 2010 Products Configuration. Follow the steps and all works fine again.
In the case of SBS 2011, don't make any changes, this is a normal event and should be ignored. See ME2483007.
In my case I had two identical domain controllers running Windows Server 2008 R2. Each time a Windows Server Backup starts I received VSS event 8230.

I've found a registry hive VSSAccessControl, where two accounts were listed (NetworkService, account_name). To solve this issue I had to remove account_name from the VSSAccessControl registry hive and reboot the server.

\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl

As per Microsoft: Enables or prevents a writer from using a specific user account.

In order for any writer to use the VSS infrastructure, the writer must run under an account that is a member of the local Administrators or Backup Operators group on the local computer. For example, a writer running under the Local System account meets this requirement. This is true for the vast majority of writers.

You can, however, enable a writer to use a specific user account by adding the appropriate registry entry. You can also prevent a writer from using a specific user account.

To enable a writer to use a specific user account, add a REG_DWORD entry with the name equal with the user name. Set the value of the registry entry to 1 (one).

To prevent a writer from using a specific user account, add a REG_DWORD entry with the name equal with the user name. Set the value of the registry entry to 0 (zero).

See T787108 for information about Volume Shadow Copy Service Tools and Settings.
Navigate to the registry key  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl export the file just in case then remove the offending account domainname\username. Just leave the NT Authority\Network Service account.


The information about the registry key (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl) described in T734335 helped me solve this error.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...