RCT implementation query

Question

RCT implementation query

balu T 41

Hi, we are trying to use the RCT . Few questions related to it:

the query WMI GetVirtualDiskChanges or VHD QueryChangesVirtualDisk returns access_denied error while getting the disk changes for full. Any idea on what is best to perform full backup ?

We tried the below procedure and found to get the corrupted disk.

Create production snapshot using WMI
then we manually copied the base read-only vhdx file to some other directory (say c:\temp\vm1)
Created reference point (say, RCT_id1).
Created snapshot again
Run in GetVirtualDiskChanges query to get changed blocks since RCT_id1
Read the blocks (offset/length) - (seek and read) to get the data to buffer.
Write the buffer to c:\temp\vm1\ (saved in step 2) - overwrite
Open/attach the c:\temp\vm1\vm1.vhdx =====> This is corrupted.

Any help here is appreciated

Rita Han - MSFT 2,171 Reputation points

2020-08-12T02:34:17.833+00:00

Have you tried opening VHD handle with VIRTUAL_DISK_ACCESS_ALL or running your application as Administrator?
balu T 41 Reputation points

2020-08-14T09:56:26.997+00:00

we tried with this option but still it fails with ACCESS_DENIED. Per MS document, the openVirtualDisk() should use VIRTUAL_DISK_ACCESS_GET_INFO (https://learn.microsoft.com/en-us/windows/win32/api/virtdisk/nf-virtdisk-querychangesvirtualdisk).
Rita Han - MSFT 2,171 Reputation points

2020-08-17T02:55:32.13+00:00

Could you show a mini and reproducible sample?
balu T 41 Reputation points

2020-08-24T05:25:35.28+00:00

Hi,

We used the code from below site and modified to add in the query* function after openVirtualDisk function...

https://github.com/microsoft/Windows-classic-samples/tree/master/Samples/Hyper-V/Storage/cpp
balu T 41 Reputation points

2020-08-24T05:26:39.967+00:00

We used the code from below site and modified to add in the query* function after openVirtualDisk()

https://github.com/microsoft/Windows-classic-samples/tree/master/Samples/Hyper-V/Storage/cpp
Rita Han - MSFT 2,171 Reputation points

2020-08-25T06:58:12.617+00:00
Thank you for code sample. QueryChangesVirtualDisk results in ERROR_ACCESS_DENIED when OpenVirtualDisk with VIRTUAL_DISK_ACCESS_GET_INFO. But changing to VIRTUAL_DISK_ACCESS_ALL resolves access denied error. The following is the code I used can you have a try? I test this code on a .vhdx file. Since you mentioned "read-only vhdx", have you tried on a .vhdx file with full control to see if it reproduces the same error?

storageType.DeviceId = VIRTUAL_STORAGE_TYPE_DEVICE_UNKNOWN; storageType.VendorId = VIRTUAL_STORAGE_TYPE_VENDOR_UNKNOWN; openParameters.Version = OPEN_VIRTUAL_DISK_VERSION_1; openParameters.Version2.GetInfoOnly = TRUE; opStatus = OpenVirtualDisk( &storageType, VirtualDiskPath, VIRTUAL_DISK_ACCESS_ALL, OPEN_VIRTUAL_DISK_FLAG_NO_PARENTS, &openParameters, &vhdHandle);
balu T 41 Reputation points

2020-08-25T12:01:21.327+00:00

Hi, we tried with VIRTUAL_DISK_ACCESS_ALL and still the same issue. Post the code below.

When the VMs are created, i dont think the vhdx files are created with FUll control. Does the VHD APIs requires the full control on the vhdx file ?

7 answers

Your answer

Rita Han - MSFT 2,171 Reputation points

2020-08-12T02:34:17.833+00:00

Have you tried opening VHD handle with VIRTUAL_DISK_ACCESS_ALL or running your application as Administrator?
balu T 41 Reputation points

2020-08-14T09:56:26.997+00:00

we tried with this option but still it fails with ACCESS_DENIED. Per MS document, the openVirtualDisk() should use VIRTUAL_DISK_ACCESS_GET_INFO (https://learn.microsoft.com/en-us/windows/win32/api/virtdisk/nf-virtdisk-querychangesvirtualdisk).
Rita Han - MSFT 2,171 Reputation points

2020-08-17T02:55:32.13+00:00

Could you show a mini and reproducible sample?
balu T 41 Reputation points

2020-08-24T05:25:35.28+00:00

Hi,

We used the code from below site and modified to add in the query* function after openVirtualDisk function...

https://github.com/microsoft/Windows-classic-samples/tree/master/Samples/Hyper-V/Storage/cpp
balu T 41 Reputation points

2020-08-24T05:26:39.967+00:00

We used the code from below site and modified to add in the query* function after openVirtualDisk()

https://github.com/microsoft/Windows-classic-samples/tree/master/Samples/Hyper-V/Storage/cpp
Rita Han - MSFT 2,171 Reputation points

2020-08-25T06:58:12.617+00:00

Thank you for code sample. QueryChangesVirtualDisk results in ERROR_ACCESS_DENIED when OpenVirtualDisk with VIRTUAL_DISK_ACCESS_GET_INFO. But changing to VIRTUAL_DISK_ACCESS_ALL resolves access denied error. The following is the code I used can you have a try? I test this code on a .vhdx file. Since you mentioned "read-only vhdx", have you tried on a .vhdx file with full control to see if it reproduces the same error?

storageType.DeviceId = VIRTUAL_STORAGE_TYPE_DEVICE_UNKNOWN; storageType.VendorId = VIRTUAL_STORAGE_TYPE_VENDOR_UNKNOWN; openParameters.Version = OPEN_VIRTUAL_DISK_VERSION_1; openParameters.Version2.GetInfoOnly = TRUE; opStatus = OpenVirtualDisk( &storageType, VirtualDiskPath, VIRTUAL_DISK_ACCESS_ALL, OPEN_VIRTUAL_DISK_FLAG_NO_PARENTS, &openParameters, &vhdHandle);
balu T 41 Reputation points

2020-08-25T12:01:21.327+00:00

Hi, we tried with VIRTUAL_DISK_ACCESS_ALL and still the same issue. Post the code below.

When the VMs are created, i dont think the vhdx files are created with FUll control. Does the VHD APIs requires the full control on the vhdx file ?

Answer 1

balu T 41

HANDLE vhdHandle;
_VIRTUAL_STORAGE_TYPE storageType;
storageType.DeviceId = VIRTUAL_STORAGE_TYPE_DEVICE_UNKNOWN;
storageType.VendorId = VIRTUAL_STORAGE_TYPE_VENDOR_UNKNOWN;
wchar_t path[] = L"C:\\Hyper-V\\Virtual Hard Disks\\L\\Windows2016.vhdx";
VIRTUAL_DISK_ACCESS_MASK mask = VIRTUAL_DISK_ACCESS_GET_INFO;

PGET_VIRTUAL_DISK_INFO diskInfo;
ULONG diskInfoSize = sizeof(GET_VIRTUAL_DISK_INFO) + sizeof(changeTrackingInfo);
std::wcout << "size of diskinfo structure " << diskInfoSize << std::endl;
diskInfo = (PGET_VIRTUAL_DISK_INFO)malloc(diskInfoSize);

...

OPEN_VIRTUAL_DISK_PARAMETERS *openParameters = NULL;

  DWORD res = OpenVirtualDisk(&storageType, path,
    VIRTUAL_DISK_ACCESS_GET_INFO | VIRTUAL_DISK_ACCESS_DETACH | VIRTUAL_DISK_ACCESS_ATTACH_RO,
    OPEN_VIRTUAL_DISK_FLAG_NONE,
    openParameters,
    &vhdHandle);

diskInfo->Version = GET_VIRTUAL_DISK_INFO_SIZE;

res = GetVirtualDiskInformation(vhdHandle, &diskInfoSize, diskInfo, &szUsed);

ULONGLONG physicalSize = diskInfo->Size.PhysicalSize;
ULONGLONG virtualSize = diskInfo->Size.VirtualSize;
ULONG sectorSize = diskInfo->Size.SectorSize;
ULONG blockSize = diskInfo->Size.BlockSize;


diskInfo->Version = (GET_VIRTUAL_DISK_INFO_VERSION)GET_VIRTUAL_DISK_INFO_CHANGE_TRACKING_STATE;
szUsed = NULL;
res = GetVirtualDiskInformation(vhdHandle, &diskInfoSize, diskInfo, &szUsed);
if (res != ERROR_SUCCESS)
{
    std::cout << "Failed to GET_VIRTUAL_DISK_INFO_CHANGE_TRACKING_STATE, ret=" << res << std::endl;
}
std::wcout << "\nrct id:" << diskInfo->ChangeTrackingState.MostRecentId << std::endl;
std::wcout << "\change tracking enabled: " << diskInfo->ChangeTrackingState.Enabled << std::endl;
WCHAR* rctId = diskInfo->ChangeTrackingState.MostRecentId;


//to get incr changes we used rct id like this L"rctX:c2eb01d9:ccb1:405d:acb6:f0e76d055906:00000001";
//to get allocated blocks for full backup we used rct is as "*", "0", etc.
std::wcout << "\nQuerying for changed disk areas..." << rctId << std::endl;

ULONG64   byteOffset = 0;
ULONG64   byteLength = 19327352832; //set disk max internal size.
QUERY_CHANGES_VIRTUAL_DISK_RANGE* changedAreas = NULL;
ULONG     rangeCount = 0;
ULONG64   processedLength = 0;
res = QueryChangesVirtualDisk(vhdHandle, rctId, byteOffset, byteLength,
    QUERY_CHANGES_VIRTUAL_DISK_FLAG_NONE,
    changedAreas, &rangeCount, &processedLength);

if (res != ERROR_SUCCESS)
{
    std::cout << "Failed to get changed areas, ret=" << res << std::endl;

;
}
....

balu T 41 Reputation points

2020-08-25T11:58:26.347+00:00

the above is not the solution.....with teh above code, we still get the access denied err.
Rita Han - MSFT 2,171 Reputation points

2020-08-26T06:55:30.757+00:00

Yes I also get access denied error using your code. But change
VIRTUAL_DISK_ACCESS_GET_INFO | VIRTUAL_DISK_ACCESS_DETACH | VIRTUAL_DISK_ACCESS_ATTACH_RO to VIRTUAL_DISK_ACCESS_ALL, error code turns to 0xc03a0029 (The specified change tracking identifier is not valid.) It seems there are some differences between my .vhdx file and yours. So I can't reproduce this issue. Can you show detailed information of steps 1-4 mentioned in your question? So I can try to create a similar target file as yours to reproduce this issue.
balu T 41 Reputation points

2020-08-27T06:23:38.75+00:00
thanks RitaHan for your response.

By changing to VIRTUAL_DISK_ACCESS_ALL, we are not getting the ACCESS_DENIED but the query output returns with ZERO range.

what is the value to provide for the rctId ? As for the first time query to vhdx, there is no recent ID. So what value we need to provide to get the disk blocks.

WCHAR* rctId = diskInfo->ChangeTrackingState.MostRecentId;

Create new VM with dynamic disks (a.vhdx)

Create a snapshot (this will create a.vhdx and a.avhdx)

now run the program with a.vhdx as input to OpenVirtualDisk()

Query will return with zero range which is strange and does not give in the allocated blocks.
Rita Han - MSFT 2,171 Reputation points

2020-08-28T03:09:14.3+00:00

Thanks for confirmation. So current issue is how to correctly set ChangeTrackingId of QueryChangesVirtualDisk. I'll consult related engineer for helping on this and keep you update here. And about getting access denied error with VIRTUAL_DISK_ACCESS_GET_INFO access mask I'll submit a document issue internally.
balu T 41 Reputation points

2020-09-01T18:16:26.64+00:00

Thanks. When can i get the info ?
Rita Han - MSFT 2,171 Reputation points

2020-09-02T01:12:36.06+00:00

My colleague is working on this issue and I'll update to you if there is any progress.
balu T 41 Reputation points

2020-09-02T19:33:42.2+00:00

Thank you. Awaiting your reply
Rita Han - MSFT 2,171 Reputation points

2020-09-09T02:08:46.277+00:00
@balu T Thank you for being patient! Can you help to provide some information about the issue and the error you are getting?

RCT was introduced in Server 2016, confirm you are using 2016?

Are you using a cluster? How many nodes do you have?

Can you provide the following logs:

ETW: %SystemRoot%\System32\Winevt\Logs\Application.evtx (server box)

%SystemRoot%\System32\Winevt\Logs\System.evtx (server box, if remote scenario)

%SystemRoot%\System32\Winevt\Logs\Security.evtx (server box, if remote scenario)

%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-WMI-Activity* (both boxes, if remote)

For more detailed tracing please refer to the instructions in my answer. (too long to put in a comment)
balu T 41 Reputation points

2020-09-30T10:31:36.793+00:00

sorry for replying to you late.

we are using win 2016 and win 2019. we tried on standalone as well as cluster setup. question is what limitID values to be passed to the QueryChangesVirtualDisk(*) when performing the full backup.
let me know if you still need the evtviewer logs etc..
Rita Han - MSFT 2,171 Reputation points

2020-10-09T06:07:38.613+00:00

Thanks for your information. I'll let you know later if the logs are still needed.
balu T 41 Reputation points

2020-10-14T17:46:41.097+00:00

Is there any info on the above query ? Thx.
Rita Han - MSFT 2,171 Reputation points

2020-10-28T03:07:43.49+00:00

Hello @balu T , sorry for the delay. Yes, logs are required for the further investigation. For submitting logs and further help you can contact the Windows developer support for assistance for this issue. Please refer to this page and submit an incident.
cwoljcq 1 Reputation point

2021-07-28T07:23:39.937+00:00

Same problems as you @balu T , has you solved the problem？

Answer 2

Hello @balu T ,

Sharing the instructions for getting the detailed tracing here:

In short these are the steps that need to be performed (More detailed information please refer to here.) :

Open Event Viewer. On the View menu, click Show Analytic and Debug Logs. Locate the Trace channel log for WMI under Applications and Service Logs | Microsoft | Windows | WMI Activity.
Right-click the Trace log and select Log Properties. Click the Enable Logging check box to start the WMI event tracing. For more information about channels, see Event Logs and Channels in Windows Event Log.
Save the log – Action -> Save all events as VMMS and vhdmp.sys.

Captures via batch file:

@echo off  
ECHO These commands will enable tracing:  
@echo on  
logman create trace "vm_manifests" -ow -o c:\vm_manifests.etl -p "Microsoft-Windows-Hyper-V-VMMS" 0xffffffffffffffff 0xff -nb 16 16 -bs 1024 -mode Circular -f bincirc -max 4096 -ets  
logman update trace "vm_manifests" -p {4DDF50D0-75DE-4FBE-8F08-F8936638E7A1} 0xffffffffffffffff 0xff -ets  
logman update trace "vm_manifests" -p "Microsoft-Windows-VHDMP" 0xffffffffffffffff 0xff -ets  
logman update trace "vm_manifests" -p "Microsoft-Windows-Hyper-V-VHDMP" 0xffffffffffffffff 0xff -ets  
@echo off  
echo  
ECHO Reproduce your issue and enter any key to stop tracing  
@echo on  
pause  
logman stop "vm_manifests" -ets  
@echo off  
echo Tracing has been captured and saved successfully at c:\vm_manifests.etl  
pause

Enable additional VMMS event logs via the Event Viewer:

A. Open EventVwr and in the main menu select View and ensure "Show Analytic and Debug logs" is checked

B. Under Applications and Services Logs -> Microsoft -> Windows -> Hyper-V-VMMS, select each item (Admin, etc.) and ensure that you "Enable Log" in the Actions pane on the right. Analytic is disabled by default.

So when you upload the vm_manifests.etl file, include the EventVwr log via Main Menu -> Action -> Save All Events as, and include everything.

This will help us in determining the reason for this behavior.

Thank you!

Answer 3

Neelabh Mam 1

Do we have a resolution here ? I am facing the exact same access denied and then (with VIRTUAL_DISK_ACCESS_ALL) the zero range count issue...

Answer 4

Neelabh Mam 1

Figured out the zero range count issue.. working sample here:

https://stackoverflow.com/questions/63358492/querychangesvirtualdisk-is-returning-error-invalid-handle6-even-though-openvir/65273895#65273895

The only blocker now is how to get this working with a live checkpointed VM...

also how do we query CBT data from WMI as the OP has done in the above post (image reproduced below)

Answer 5

Neelabh Mam 1

Both issues fixed. Please see the below git repo. Thanks to alexpilotti the dev for this repo

https://github.com/cloudbase/rct-service/issues/1

Maybe the docs should highlight the correct OpenVirtualDisk API usage.

Share via

RCT implementation query

7 answers

Your answer