Share via

VSS Subsystem is broken

Anonymous
2022-09-02T12:31:17+00:00

The VSS Subsystem seems to be broken for me on my PC. Things which are fine:

  1. The filesystem aka CHKDSK, SFC and DSIM. Everything is good.
  2. VSSADMIN LIST PROVIDERS shows only 'Microsoft Software Shadow Copy provider 1.0'
  3. VSSADMIN LIST WRITERS shows around 12 providers all 'Stable' and 'No error'
  4. VSSADMIN LIST VOLUMES shows 4 volumes, one for each of my drives, as expected
  5. The associated services (Microsoft Shadow Copy Provider) are running fine.

6 The System Volume Information folders are present, but well-hidden in Windows 11. If I try and create this folder, Windows complains as expected.

Things which are not fine:

  1. VSSADMIN LIST SHADOWS results in 'Error: The shadow copy provider had an error. Please see the system and application event logs for more information'
  2. Many many errors in the Application Event Log: Volume Shadow Copy Service error: Unexpected error IOCTL Unpack overflow.  hr = 0x8000ffff, Catastrophic failure

also

Volume Shadow Copy Service error: Unexpected error calling routine Output buffer overflow. Reading bad arguments. dwSize = 8.  hr = 0x8000ffff, Catastrophic failure

  1. Any attempt to create a restore point: 'The shadow copy provider had an error. Check the system and application event logs for more information (0x80042306)

So, VSS is broken and non-functional somehow and I have no idea how to correct this. Anyone got a smarter idea than 'reinstall windows'? The IOCTL Unpack Overflow sounds very much like a driver versioning mismatch problem but I suspect only the dev who wrote it knows....

Windows for home | Windows 11 | Performance and system failures

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

11 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2022-09-04T10:28:54+00:00

    Hi Saltgrass,

    I should point out that VSS has worked in the past, but no longer does. I noticed when my monthly creation of restore points stopped working. Between the filesystem and the registry this fragile subsystem has recently become inconsistent.

    The drive is a Force MP600 Gen 4 PCI.e.

    In general I have only had a restore point for C: but VSS seems to keep a shadow ready even if the feature is turned off.

    The event viewer IOCTL event correlates directly with LIST SHADOWS i.e. every time I try it, a new event pops up. Same if I try to create a restore point. So I'm pretty sure the IOCTL catastrophic failure is the key.

    AndyH

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments
  2. Anonymous
    2022-09-02T13:09:28+00:00

    Could you let us know what types of drives you are using and what controller? Are you seeing these errors in the Event Viewer also that may not be related to VSS?

    Do you have restore points being created for more partitions than the C: partition?

    I have seen Input/output control errors in other types of logs from other individuals, but I never found out what was causing them.

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments
  3. Anonymous
    2022-09-04T13:20:34+00:00

    I may have made some limited progress...

    I have 4 drives and each appears to have an associated shadow.

    BUT there is a fifth rogue volume which turns up in the system logs or when I run diagnostics:

    Name: \\?\Volume{0c9fb83c-0414-11ed-a6ef-44af283101ae}\ 

SystemHasAccess: False 

SystemSid: S-1-5-18 

IsOk: False 
IsMounted: False

Description: "SYSTEM" account has no "Full Control" access

    Also, by amazing coincidence, this rogue shadow has exactly the same size parameters as my C: shadow. The rogue is also showing up as 'not mounted'.

    SO it appears I have a rogue copy shadow volume of my C: drive which is inaccessible to SYSTEM. This is probably causing VSS LIST SHADOWS to bomb out.

    I wonder how I can remove it. Anyone know where this volume list is maintained, basically where Volume{0c9fb83c-0414-11ed-a6ef-44af283101ae} is coming from?

    AndyH

    Was this answer helpful?

    0 comments
  4. Anonymous
    2022-09-04T10:39:22+00:00

    Hi Jose,

    I've already run a Windows-11 equivalent of the above - essentially to re-register all the dlls with regsvr32 - and everything registers just fine. BUT it makes no difference and does not fix the problem. Thanks for your suggestion. I suspect only the devs who wrote 'Unexpected error IOCTL Unpack overflow.  hr = 0x8000ffff, Catastrophic failure' will understand the issue but they probably don't read forums like this one.

    AndyH

    Was this answer helpful?

    0 comments
  5. Anonymous
    2022-09-02T13:24:30+00:00

    Hi, my name is Jose, a Windows user like you. I'll be happy to assist you with this issue.

    Sorry to hear you're experiencing this issue.

    In the past, I was able to fix VSS issues by registering their components again. Please, run CMD as administrator, then paste the following commands:

    net stop Winmgmt

    net stop "Background Intelligent Transfer Service"

    net stop "COM+ Event System"

    net stop "Microsoft Software Shadow Copy Provider"

    net stop "Volume Shadow Copy"

    net stop WSearch

    cd %windir%\system32\wbem

    dir /b *.dll > dlllist.txt

    for /f %f in (dlllist.txt) do regsvr32 /s %f

    wmiprvse /regserver

    winmgmt /regserver

    net start "Background Intelligent Transfer Service"

    net start "COM+ Event System"

    net start "Microsoft Software Shadow Copy Provider"

    net start "Volume Shadow Copy"

    net start Winmgmt

    net start WSearch

    del dllist.txt /Q

    Please let me know if you need any further assistance.

    Was this answer helpful?

    0 comments