Fix Event 513 CAPI2 Errors During Windows Backup

by Ed Sparks

Update: March 2016.
Commenters have noted this same fix appears to work correctly on Windows 10 as well

A semi-common error seen on various Windows 8.1 and 2012/R2 systems is the following during the start of system backups that use VSS (i.e. most backups).  This often causes the backup process to hang for a long period of time, or fail.

Application Event Log:
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Much digging through forums has found what appears to be the cause.

During backup a VSS process running under NETWORK_SERVICE account calls cryptcatsvc!CSystemWriter::AddLegacyDriverFiles(), which enumerates all the drivers records in Service Control Manager database and tries opening each one of them. , The function fails on MSLLDP record with "Access Denied" error.

Turned out it fails because MSLLDP driver's security permissions do not allow NETWORK_SERVICE to access the driver record.

What causes this to have incorrect permissions in the first place is unclear, but a fairly simple fix exists.  We've tested this on several systems without issue, but your mileage may vary.

It can be fixed by correcting the Security Description on the MSLLDP service, using the built-in command line utility SC.exe

Open an Administrative Command Prompt (NOT PowerShell) and execute the following.  This must all be one long command without carriage returns


You should receive a successful result of

[SC] SetServiceObjectSecurity SUCCESS

If so, the problem is resolved, and there's no reboot required.  The next backup should complete successfully.

Connecting or Ending another RDP session in Windows 2012

by Ed Sparks

As part of the complete re-architecture of the Remote Desktop Services Roles in Windows Server 2012, Microsoft moved the cheese in a serious way.

While there is much that is great about the new design, and we applaud their decision to more holistically approach all of the disparate remote connectivity and VDI options provided by the OS, the UI is an incomplete, slow and confusing mess.

One of the biggest problems was that they severely hampered the built-in Administrative RDP connections that have existed since Windows 2003, and got rid of all of the old TS/RDP Management Tools.  Even more painfully, they turfed everyone's old friend RDP Session Shadowing.  Thankfully this has made a return in Windows Server 2012 R2, but the management and UI haven't improved much.

Going, going, gone!

Going, going, gone!

As a result of all of this, it became difficult to do the simplest of tasks.  One of the most common that many admins used the Remote Desktop Services Manager utility for was connecting to another session, or ending a hung or disconnected session.  Alas, no RDS Manager for you dear 2012 User.  Too simple!

What to do?  Task Manager.  Seriously.

While this functionality has existed for quite some time, it is (by my quick survey of admins) unknown and rarely used.  It is, however, surprisingly functional.

Simply bring up Task Manager, click More Details to switch to the "Actually Useful" mode, and then click the Users Tab.  All current sessions will be displayed, along with a list of their processes.  Right click on any session to connect to or end the session.

Simple, but non-obvious.

Changing your Windows Password over RDP

by Ed Sparks

Windows Server 2003/2008:
Click Start  - Windows Security - Change Password.  Update password.  
Continue on with your day, safe and secure.

Windows Server 2012:
Click Star...oh wait, there's no start menu.
Hmm, attempt to hit the edge of the screen to find the 'charms' and click Settings, then Change PC Setti.  Oh wait, that doesn't exist on 2012, even though it's on Windows 8.
Go to the vast empty void that is the 2012 Start Screen and click, umm,  hmm.
Back to the Desktop, Right Click on the "empty spot that should be the start menu" for the secret "Power Users" menu.  Nope.  Apparently Power Users don't change their passwords.
Bang head against wall.
Google "remote desktop keyboard shortcuts"
Press CTRL-ALT-END, then Change Password. Update password.
Continue on with your day frustrated and annoyed that Microsoft glued this ridiculous interface onto Windows Server.  Really guys, do you actually USE this thing?




Not charmed? Restart Windows 8 or Server 2012 Quickly!

by Ed Sparks

Another gem from Jeff over at the EXPTA blog!

Microsoft and their crazy need to make previously simple tasks complicated in Windows 8...all in the name of ease, or something.

Here's a quick tip on how to sign out, shutdown or restart Windows 8 or Windows Server 2012 from the desktop the easy way.  Simply click the Windows Taskbar to give focus to the desktop and press Alt-F4