513 ошибка microsoft windows capi2
Описание и причины ошибки ID 513
Делая ревизию серверов на базе Windows Server 2019, я обнаружил ошибку, ее содержимое было вот таким:
Найти все это можно в журнале «Приложения (Application)».
Если обратиться по данной ошибке на Microsoft, то там дано вот такое пояснение причины:
Во время резервного копирования процесс VSS, запущенный под учетной записью NETWORK\SERVICE, вызывает cryptcatsvc!CSystemWriter::AddLegacyDriverFiles(), который перечисляет все записи драйверов в базе данных Service Control Manager и пытается открыть каждую из них. Функция не имеет прав на запись драйвера Microsoft Link-Layer Discovery Protocol (Mslldp.dll) и падает с ошибкой «Доступ запрещен». Оказалось, что разрешения безопасности драйвера MSLLDP не позволяют NETWORK\SERVICE получить доступ к записи драйвера.
Как устранить ошибку ID 513 CAPI2
Логично предположить, что нам нужно добавить прав, в этом нам с вами помогут две утилиты sc и accesschk64. Для начала давайте проверим. что не хватает прав у учетной записи NT AUTHORITY\SERVICE, для этого вам нужно скачать утилиту accesschk64, которая входит в состав пакета Sysinternals. Для начала мы с помощью данной утилиты посмотрим текущие разрешения для двух библиотек и сравним их:
Для этого нам потребуется запустить командную строку из папки, где у вас лежит утилита accesschk64 и выполнить вот такие команды:
Следующим шагом нам нужно внести изменения в список доступа на библиотеке mslldp. Для этого нам нужно воспользоваться утилитой SC и посмотреть правильное значение. Находясь в командной строке введите команду:
Я выделил желтым значение (A;;CCLCSWLOCRRC;;;SU) именно оно и дает права чтения для NT AUTHORITY\SERVICE. Убедитесь, что в библиотеке mslldp, данное значение отсутствует:
Далее нам нужно добавить значение (A;;CCLCSWLOCRRC;;;SU) в список доступа, для этого скопируйте всю строчку с выводом для библиотеки mslldp и добавьте в самом конце недостающее значение. После чего выполните команду:
Теперь снова проверим права на доступ к библиотекеmslldp.dll
513 ошибка microsoft windows capi2
This forum is closed. Thank you for your contributions.
Answered by:
Question
I obtain this error situation just after boot-up. I have read and carefully followed the advice and information contained on the ‘Technet’ information page concerning this. All the required permissions are in place for the Registration folder. vssadmin list writers does not have ‘system writer’ included in the list. I presume this error will continue if this is not the case and although there seems to be no problem with my system restore and system repair functions, I would prefer to remove this error. What must I do to place ‘system writer’ back onto the approved list. Any help would be much appreciated.
Answers
First make sure you have the same error. CAPI2 513 with the Details Section stating
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
Steps
1. Take Ownership of FileMaps located at c:\windows\winsxs\Filemaps.
2. Grant yourself full access permisions to the Filemaps folder. (When you do this you will get an error when it tries to apply this change to the files in the folder. this is ok. just cancel this error message.
3. Make an empty dir somewhere to hold this files while finding the offending file. Lets say c:\test
4. Move all of the files from c:\windows\winsxs\Filemaps to c:\test
(
If you do a «vssadmin list writers» at this point you will get a CAPI2 513 error with a details that says
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
There are no more files.
)
5. Start by putting half of the files from c:\test back into c:\windows\winsxs\filemaps.
6. Test with vssadmin list writers. If you get the original CAPI2 513 error then the bad file was part of the group that you just move in.
If there is no error then that group was clean.
Repeat this process until you narrow down which file or files is causing the error. Once found remove it from the filemaps directory. (I would keep a copy of it somehwere for now)
(I am curious to find out which file was bad for you)
7. After determing the bad file, make sure you put the permissions back the way they were on the filemaps directory just to be safe.
All replies
Is this the TN article you followed?
Same issues here. There are many suggestions, but no resolution.
2008 Ent x64 running SQL Server 2008
Get the CAPI2 Errors after every backup. Also logs the error when running vssadmin list writers.
System Writer is not listed.
Tried rolling back Windows Installer 4.5 Hotfix. Did not resolve the issue.
Does anyone have any insight as to what is the root cause?
Sorry that you are seeing this issue. Can you let me know following information which will help us debug this issue :-
I’m on a computer with Vista Home Premium SP1.
I see the Capi2 error in the application events log whenever a restore point is created, sometimes even 2 times in very short time. The Error is also logged if I use «vvsadmin list writers», the «system writer» is not listed with this command.
I’m running Server 2008 x64 enterprise edition. Running Exchange 2007 SP1. This error is preventing me from getting a complete system backup.
Same thing with me, «System Writer» is not listed with the vssadmin list writers command. Also, my Exchange VSS writer always has «retryable error» listed.
It seems this error is difficult to track down a solution for. After following the suggested articles on adjusting user permissions, it still wasn’t showing the System Writers using vssadmin. The solution is to adjust the permissions for the winsxs folder. I made a batch file so I could cookie cutter the solution across my domain and it worked well.
| Takeown /f %windir%\winsxs\filemaps\* /a |
| pause |
| icacls %windir%\winsxs\filemaps\*.* /grant «NT AUTHORITY\SYSTEM:(RX)» |
| pause |
| icacls %windir%\winsxs\filemaps\*.* /grant «NT Service\trustedinstaller:(F)» |
| pause |
| icacls %windir%\winsxs\filemaps\*.* /grant BUILTIN\Users:(RX) |
| pause |
| net stop cryptsvc |
| pause |
| net start cryptsvc |
| pause |
Rob When in doubt defenstrate it
dsar, the original post was about EventID 513 for CAPI2, not 512. The 512 looks to be something service related. Would you verify that your Volume Shadow Copy in Services is set to manual running or Automatic and then start it? Then try the net stop cryptsvc and then net start cryptsvc from an administrative command prompt and see if it still doesn’t list the System Writer?
Rob When in doubt defenstrate it
Your help i highly appreciated.
After three days I finally got this fixed.
I ran process monitor to see what was being access during vssadmin list writers.
I noticed it was going through all of the files in windows\winsxs\Filemaps. So I setup a test system in virtual pc and in the test system I cleared out the Filemaps directory and copied in all the entries from the production box that was having this problem. Bingo. same error was now on the test system. After a process of elimination I was left with only 1 file that caused the error.
I then removed this file from the production box’s FileMaps directory and the error is now gone.
Question. Does anyone know if there is going to be any further issues from having to remove this apparently corrupted file from the FileMaps directory? For now all seems to be well as there are no more CAPI2 513 errors and the «System Writer» now shows up under vssadmin list writers.
One Last Update.
I took the file programdata_microsoft_windows_defender_definition_updates_default_44e57bb5c1e3d0e8.cdf-ms from two other systems and compared them with diff and they were both identical. So I placed this known good copy into the FileMaps directory on box that originally had this error and all is still well.
Looking at the original bad file and the known good copy in a hex editor revealed one notable difference. The bad one had a path including the drive letter «\??\D:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default» while the good copies just had the path with no drive letter «ProgramData\Microsoft\Windows Defender\Definition Updates\Default». There were also several differences in the binary data of the files besides the path string.
unluckily for me it doesn’t work on my system, still getting this sh.. CAPi2 error and still the system writer is missing.
First make sure you have the same error. CAPI2 513 with the Details Section stating
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
Steps
1. Take Ownership of FileMaps located at c:\windows\winsxs\Filemaps.
2. Grant yourself full access permisions to the Filemaps folder. (When you do this you will get an error when it tries to apply this change to the files in the folder. this is ok. just cancel this error message.
3. Make an empty dir somewhere to hold this files while finding the offending file. Lets say c:\test
4. Move all of the files from c:\windows\winsxs\Filemaps to c:\test
(
If you do a «vssadmin list writers» at this point you will get a CAPI2 513 error with a details that says
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
There are no more files.
)
5. Start by putting half of the files from c:\test back into c:\windows\winsxs\filemaps.
6. Test with vssadmin list writers. If you get the original CAPI2 513 error then the bad file was part of the group that you just move in.
If there is no error then that group was clean.
Repeat this process until you narrow down which file or files is causing the error. Once found remove it from the filemaps directory. (I would keep a copy of it somehwere for now)
(I am curious to find out which file was bad for you)
7. After determing the bad file, make sure you put the permissions back the way they were on the filemaps directory just to be safe.
I did as you described and found 40 (!) files which resulted in the CAPI2 error. All files start with «program_files_*.cdf-ms». A check with a HEX editor showed that all these files had a path including \??\P:\Program.
By copying thes files from another computer everything seems to be fine now. No more CAPI2 errors and the «System Writer» is present.
Thank you again for your great work.
Wow, what a strange bug this one is.
Glad this now appears to be a universal solution to this error condition. In three days I went from not even knowing the system writer existed to knowing way more about it then I really care to know 🙂
so again the same problem and nearly the same files corrupted (at least 20 out of the original 40)
copying these files from an other computer with SP2 helped again.
This is about the same problem. Even thought they opened it with DPM 2007 it excatly the same problem. System Writer missing.
I posted there before and just found a second server having the same error. Still no resolution found.
EDIT: OK I’m confused. On one server it looks like the security settings get reset. On the other system they seem to stay the way I want them. need to check that.
Now the second server also reverted it’s security settings inside filebase. Looks like this one set severell updates into status «installed» a few minutes before the error reapeared.
So there’s a chance that the other server had some updates too, which caused him to revert the settings.
We are opening a case with Microsoft. Hope to get some answers. Coming back as soon as there is more to tell.
I had almost 75,000 files in my \winxs directory.
Finding the culprit just wasn’t feasible.
Here how i fixed it on my Windows Vista Ultimate x64 SP2 laptop:
1. Take ownership of the \winxs directory
2. Ensure that the parent folder permissions are applied to all files and subfolders. Easiest way is to right-click \winxs folder, click properties > Security Tab > Advanced > Edit > Replace all existing inheritable permissions.
No more CAPI2 errors.
For us it looks like the cause was lying in this two foldes and files / subfolders:
winsxs\filempas
winsxs\temp
The wrong NTFS rights inside winsxs\temp seem to somehow overwrite the rights inside winsxs\filemaps. So as long as the error exists inside the temp folder it will reset the right on the filemaps folder.
Did the following inside command shell
Takeown /f %windir%\winsxs\filemaps /a
icacls %windir%\winsxs\filemaps /grant «NT AUTHORITY\SYSTEM:(RX)»
icacls %windir%\winsxs\filemaps /grant «NT Service\trustedinstaller:(F)»
icacls %windir%\winsxs\filemaps /grant «BUILTIN\Users:(RX)»
icacls %windir%\winsxs\filemaps /grant «Administratoren:(RX)»
Takeown /f %windir%\winsxs\filemaps\* /a
icacls %windir%\winsxs\filemaps\*.* /grant «NT AUTHORITY\SYSTEM:(RX)»
icacls %windir%\winsxs\filemaps\*.* /grant «NT Service\trustedinstaller:(F)»
icacls %windir%\winsxs\filemaps\*.* /grant «BUILTIN\Users:(RX)»
icacls %windir%\winsxs\filemaps\*.* /grant «Administrators:(RX)»
Takeown /f %windir%\winsxs\temp\PendingRenames /a
icacls %windir%\winsxs\temp\PendingRenames /grant «Administrators:(RX)»
icacls %windir%\winsxs\temp\PendingRenames /grant «NT AUTHORITY\SYSTEM:(RX)»
icacls %windir%\winsxs\temp\PendingRenames /grant «NT Service\trustedinstaller:(F)»
icacls %windir%\winsxs\temp\PendingRenames /grant «BUILTIN\Users:(RX)»
Takeown /f %windir%\winsxs\temp\PendingRenames\*.* /a
icacls %windir%\winsxs\temp\PendingRenames\*.* /grant «Administrators:(RX)»
icacls %windir%\winsxs\temp\PendingRenames\*.* /grant «NT AUTHORITY\SYSTEM:(RX)»
icacls %windir%\winsxs\temp\PendingRenames\*.* /grant «NT Service\trustedinstaller:(F)»
icacls %windir%\winsxs\temp\PendingRenames\*.* /grant «BUILTIN\Users:(RX)»
As a side note:
I think this can also cause severe problems in case you want to upgrade a system with this error.
winsxs\temp had no NTFS right. There was just no account inside the ntfs rights register. So no access for local system, trusted installer or anything at all.
Tried to install SP2 on that machine.. totaly fucked it up. Now it even tells me to install SP1! on a windows server 2008.
Not sure if this really was the cause but it’s definitly not a good thing. So for me this means I check for this error before I install any updates.
this solution most probable helps if you have the CAPI2 error with the message «. AddCoreCsiFiles : BeginFileEnumeration() failed. «
It did not help on my computer, where I have the CAPI2 errors with the message». AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed. «.
Only difference of the affected PC compared to the clean PC is, that the programs are stored on a different drive than c:
Deatheye, your instructions removed the 513 CAPI2 (AddCoreCsiFiles : BeginFileEnumeration() failed.) error from my system (Vista Ultimate x64) and brought back the missing «System writer» to the vssadmin list.
For us it looks like the cause was lying in this two foldes and files / subfolders:
winsxs\filempas
winsxs\temp
The wrong NTFS rights inside winsxs\temp seem to somehow overwrite the rights inside winsxs\filemaps. So as long as the error exists inside the temp folder it will reset the right on the filemaps folder.
Did the following inside command shell
Takeown /f %windir%\winsxs\filemaps /a
icacls %windir%\winsxs\filemaps /grant «NT AUTHORITY\SYSTEM:(RX)»
icacls %windir%\winsxs\filemaps /grant «NT Service\trustedinstaller:(F)»
icacls %windir%\winsxs\filemaps /grant «BUILTIN\Users:(RX)»
icacls %windir%\winsxs\filemaps /grant «Administratoren:(RX)»
Takeown /f %windir%\winsxs\filemaps\* /a
icacls %windir%\winsxs\filemaps\*.* /grant «NT AUTHORITY\SYSTEM:(RX)»
icacls %windir%\winsxs\filemaps\*.* /grant «NT Service\trustedinstaller:(F)»
icacls %windir%\winsxs\filemaps\*.* /grant «BUILTIN\Users:(RX)»
icacls %windir%\winsxs\filemaps\*.* /grant «Administrators:(RX)»
Takeown /f %windir%\winsxs\temp\PendingRenames /a
icacls %windir%\winsxs\temp\PendingRenames /grant «Administrators:(RX)»
icacls %windir%\winsxs\temp\PendingRenames /grant «NT AUTHORITY\SYSTEM:(RX)»
icacls %windir%\winsxs\temp\PendingRenames /grant «NT Service\trustedinstaller:(F)»
icacls %windir%\winsxs\temp\PendingRenames /grant «BUILTIN\Users:(RX)»
Takeown /f %windir%\winsxs\temp\PendingRenames\*.* /a
icacls %windir%\winsxs\temp\PendingRenames\*.* /grant «Administrators:(RX)»
icacls %windir%\winsxs\temp\PendingRenames\*.* /grant «NT AUTHORITY\SYSTEM:(RX)»
icacls %windir%\winsxs\temp\PendingRenames\*.* /grant «NT Service\trustedinstaller:(F)»
icacls %windir%\winsxs\temp\PendingRenames\*.* /grant «BUILTIN\Users:(RX)»
As a side note:
I think this can also cause severe problems in case you want to upgrade a system with this error.
winsxs\temp had no NTFS right. There was just no account inside the ntfs rights register. So no access for local system, trusted installer or anything at all.
Tried to install SP2 on that machine.. totaly ____ it up. Now it even tells me to install SP1! on a windows server 2008.
Not sure if this really was the cause but it’s definitly not a good thing. So for me this means I check for this error before I install any updates.
Thanks. After much searching, this solution is what worked for me. I’d recommend others give it a go if they are getting these same Event ID 513 errors.
