Event ID 513 when running VSS in Windows Server
This article provides a workaround to Event ID 513 when running VSS in Windows Server.
Original product version: Windows Server 2019, Windows Server 2016
Original KB number: 3209092
In Windows Server, when an application calls the Volume Shadow Copy Service (VSS) to run a backup, Event 513 may be generated:
Log Name: Application Source: Microsoft-Windows-CAPI2 Event ID: 513 Task Category: none Level: Error Description: An error occurred in Cryptographic Services while processing the OnIdentity() call in System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied.
This problem occurs because VSS System Writer does not have permission to read the NT AUTHORITY\SERVICE (service account). When System Writer runs as a cryptographic service and tries to read the Mslldp.sys information from a Microsoft Link-Layer Discovery Protocol driver, the "access denied" error is generated.
This event log entry can be safely ignored. To prevent this entry from being logged, grant the required permission to the Microsoft Link-Layer Discovery Protocol driver (Mslldp.dll) to process System Writer.
To do this, follow these steps:
Open an administrative Command Prompt window, and then run the following command to check the current permissions:
sc sdshow mslldp
Copy the output string from step 1, append it with
(A;;CCLCSWLOCRRC;;;SU), and then run the following command to add the access permission to Mslldp.dll:
sc sdset mslldp <string>
For example, run the following command:
sc sdset mslldp D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BG)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SO)(A;;LCRPWP;;;S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453)(A;;CCLCSWLOCRRC;;;SU)