Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
Volume Shadow Copy Service error: Failed resolving account account_name with status 1376. Check connection to domain controller and VssAccessControl registry key.
Error: NetLocalGroupGetMemebers(account_name) 0x80070560 The specified local group does not exist.
|English: Request a translation of the event description in plain English.|
If this is happening on SBS 2011 Standard, here is the fix: ME2537096.
Problem was resolved by reconfiguring Sharepoint 2010. Go to start, Sharepoint 2010 and launch the Sharepoint 2010 Products Configuration. Follow the steps and all works fine again.
In the case of SBS 2011, don't make any changes, this is a normal event and should be ignored. See ME2483007.
In my case I had two identical domain controllers running Windows Server 2008 R2. Each time a Windows Server Backup starts I received VSS event 8230.
I've found a registry hive VSSAccessControl, where two accounts were listed (NetworkService, account_name). To solve this issue I had to remove account_name from the VSSAccessControl registry hive and reboot the server.
As per Microsoft: Enables or prevents a writer from using a specific user account.
In order for any writer to use the VSS infrastructure, the writer must run under an account that is a member of the local Administrators or Backup Operators group on the local computer. For example, a writer running under the Local System account meets this requirement. This is true for the vast majority of writers.
You can, however, enable a writer to use a specific user account by adding the appropriate registry entry. You can also prevent a writer from using a specific user account.
To enable a writer to use a specific user account, add a REG_DWORD entry with the name equal with the user name. Set the value of the registry entry to 1 (one).
To prevent a writer from using a specific user account, add a REG_DWORD entry with the name equal with the user name. Set the value of the registry entry to 0 (zero).
See T787108 for information about Volume Shadow Copy Service Tools and Settings.
Navigate to the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl export the file just in case then remove the offending account domainname\username. Just leave the NT Authority\Network Service account.
The information about the registry key (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl) described in T734335 helped me solve this error.
|Private comment: Subscribers only. See example of private comment|
|Links: Error code 1376|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated