Sunday, October 6, 2013

Error 8193: Unexpected error calling routine RegOpenKeyExW


Installed fresh instance of SharePoint Server 2010 onto Windows Server 2008 R2 SP1.  Have not yet installed SharePoint 2010 service packs.  After performing the installation, checked the Windows server application log and saw the following error:

Log Name:      Application
Source:            VSS
Date:                [Date]
Event ID:         8193
Task Category: None
Level:              Error
Keywords:       Classic
User:                N/A
Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...).  hr = 0x80070005, Access is denied.
   Initializing Writer
   Writer Class Id: {0ff1ce14-0201-0000-0000-000000000000}
   Writer Name: OSearch14 VSS Writer
   Writer Instance ID: {e2b82974-8831-4ff5-befc-8fa49fee3da7}


The error involves the account under which SharePoint Server Search is running, contoso\sp_app,  having sufficient permissions to launch the VSS Writer service.  Here are the abridged resolution steps:
  1. Go: Start > Run > enter Regedit.
  2. Navigated to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl.
  3. Verified that the search service account is listed:
  4. Navigated to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag:
  5. Right-clicked Diag to view account access permissions
  6. The search service account, contoso\sp_app, was not listed there, so, added it and granted it Full Control:
  7. Opened the Services snap-in.
  8. Reviewed status of Volume Shadow Copy service:
  9. The service wasn't started, so, started it.
  10. Reviewed server Application log.
  11. No Error 8193 was found associated with start of this service.
  12. As final check, rebooted server: still no error.
  13. Success.
  • The user is not specifically identified in the error text.  It has to be inferred from later discussion in the error message.  Key to resolving this error was the TechNet article: VssAccessControl lists specific accounts having permissions to this service, and the specific account listed here must also be reflected in the permissions granted to access Diag.

No comments: