Windows Backup fails with non-specific "Access is denied. (0x80070005)" error.

  • Thread starter Thread starter LonchikB
  • Start date Start date
L

LonchikB

Guest
Hi,


I've been trying to figure this one out for over couple of months, and can't seem to nail it.


I have a scheduled Windows Backup [a.k.a. Backup and Restore (Windows 7)], configured as backing up to a NAS (Synology), With specified areas to back up (instead of Win's let-me-choose option) consisting of some users' subdirectories like pictures and documents, as well as couple of folders outside the users directory. It's configured not to include system image of drives, EFI/C:/WRE. I had it since Win8 and it working fine, and then it stopped working. I had upgraded to Win10 hoping it would kick it and recover it, but it hasn't.


It fails with the generic 0x80070005 "Access is denied." error, but nowhere can I find what target/object that it was denied access to. It varies when it happens, but typically seems to be a little over 3 hours from the time backup starts. It also seems to vary how much of backup gets written before it fails, ranging from around 250GB to 450GB, with full backup size being around 630GB.


EventViewer seems very skimpy, and here's everything that I found related to it:

Start of scheduled backup record



- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">


- <System>


<Provider Name="Windows Backup" />


<EventID Qualifiers="0">4097</EventID>


<Version>0</Version>


<Level>4</Level>


<Task>0</Task>


<Opcode>0</Opcode>


<Keywords>0x80000000000000</Keywords>


<TimeCreated SystemTime="2020-12-07T07:00:01.9329878Z" />


<EventRecordID>11667</EventRecordID>


<Correlation />


<Execution ProcessID="0" ThreadID="0" />


<Channel>Application</Channel>


<Computer>Garbage</Computer>


<Security />


</System>


- <EventData>


<Data>\\B-NAS\Backups\Garbage\</Data>


<Binary>00000000B80500006C08000000000000420ED1665C2BEE174B64529CB14610EA71000000</Binary>


</EventData>


</Event>


.... then a bit over 3 hours later:


- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">


- <System>


<Provider Name="Windows Backup" />


<EventID Qualifiers="0">4104</EventID>


<Version>0</Version>


<Level>2</Level>


<Task>0</Task>


<Opcode>0</Opcode>


<Keywords>0x80000000000000</Keywords>


<TimeCreated SystemTime="2020-12-07T10:16:07.2099937Z" />


<EventRecordID>11677</EventRecordID>


<Correlation />


<Execution ProcessID="0" ThreadID="0" />


<Channel>Application</Channel>


<Computer>Garbage</Computer>


<Security />


</System>


- <EventData>


<Data>Access is denied. (0x80070005)</Data>


<Binary>05000780E20500004409000060090000420ED1665C2BEE174B64529CB14610EA71000000</Binary>


</EventData>


</Event>


... then, 9 seconds later final entry:


- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">


- <System>


<Provider Name="Windows Error Reporting" />


<EventID Qualifiers="0">1001</EventID>


<Version>0</Version>


<Level>4</Level>


<Task>0</Task>


<Opcode>0</Opcode>


<Keywords>0x80000000000000</Keywords>


<TimeCreated SystemTime="2020-12-07T10:16:16.2447111Z" />


<EventRecordID>11678</EventRecordID>


<Correlation />


<Execution ProcessID="0" ThreadID="0" />


<Channel>Application</Channel>


<Computer>Garbage</Computer>


<Security />


</System>


- <EventData>


<Data>1898156943779859625</Data>


<Data>5</Data>


<Data>WindowsBackupFailure</Data>


<Data>Not available</Data>


<Data>0</Data>


<Data>Backup</Data>


<Data>10.0.19041</Data>


<Data>0x80070005</Data>


<Data>7</Data>


<Data />


<Data />


<Data />


<Data />


<Data />


<Data />


<Data>\\?\C:\WINDOWS\Logs\WindowsBackup\WindowsBackup.1.etl \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF208.tmp.WERInternalMetadata.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF238.tmp.xml \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF38E.tmp.csv \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF43B.tmp.txt</Data>


<Data>\\?\C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Backup_c948e1cf249df9246f13cdb22976ef84ffd52a25_00000000_3411c23f-f173-4789-a63d-33cf620ecb4e</Data>


<Data />


<Data>0</Data>


<Data>3411c23f-f173-4789-a63d-33cf620ecb4e</Data>


<Data>268435456</Data>


<Data>7c8397aa17a3f01d7a579baef9f08ca9</Data>


<Data>0</Data>


</EventData>


</Event>


And for this one I'll post with formatted text:


Fault bucket 1898156943779859625, type 5

Event Name: WindowsBackupFailure

Response: Not available

Cab Id: 0


Problem signature:

P1: Backup

P2: 10.0.19041

P3: 0x80070005

P4: 7

P5:

P6:

P7:

P8:

P9:

P10:



Attached files:

\\?\C:\WINDOWS\Logs\WindowsBackup\WindowsBackup.1.etl

\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF208.tmp.WERInternalMetadata.xml

\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF238.tmp.xml

\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF38E.tmp.csv

\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF43B.tmp.txt



These files may be available here:

\\?\C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Backup_c948e1cf249df9246f13cdb22976ef84ffd52a25_00000000_3411c23f-f173-4789-a63d-33cf620ecb4e



Analysis symbol:

Rechecking for solution: 0

Report Id: 3411c23f-f173-4789-a63d-33cf620ecb4e

Report Status: 268435456

Hashed bucket: 7c8397aa17a3f01d7a579baef9f08ca9

Cab Guid: 0



Needless to say, referenced files in "WER\Temp" directory are long gone by the time I get to examine the failure. There is, however, Report.wer in that NonCritical_Backup_.... directory which contains the following:


Version=1

EventType=WindowsBackupFailure

EventTime=132518097745565158

Consent=1

UploadTime=132518097752129230

ReportStatus=268435456

ReportIdentifier=3411c23f-f173-4789-a63d-33cf620ecb4e

Wow64Host=34404

OriginalFilename=RUNDLL32.EXE

AppSessionGuid=00000ea4-0000-0013-e8a7-4b9566ccd601

TargetAppId=W:0000f519feec486de87ed73cb92d3cac802400000000!000084ddb2b3d1158485b2b66867ca9452930a258edd!rundll32.exe

TargetAppVer=2031//05//02:06:41:35!12386!rundll32.exe

BootId=4294967295

TargetAsId=425

IsFatal=4294967295

EtwNonCollectReason=1

Response.BucketId=7c8397aa17a3f01d7a579baef9f08ca9

Response.BucketTable=5

Response.LegacyBucketId=1898156943779859625

Response.type=4

Sig[0].Name=Operation

Sig[0].Value=Backup

Sig[1].Name=AppVer

Sig[1].Value=10.0.19041

Sig[2].Name=HRESULT

Sig[2].Value=0x80070005

Sig[3].Name=TargetType

Sig[3].Value=7

DynamicSig[1].Name=OS Version

DynamicSig[1].Value=10.0.19042.2.0.0.256.48

DynamicSig[2].Name=Locale ID

DynamicSig[2].Value=1033

State[0].Key=Transport.DoneStage1

State[0].Value=1

OsInfo[0].Key=vermaj

OsInfo[0].Value=10

OsInfo[1].Key=vermin

OsInfo[1].Value=0

OsInfo[2].Key=verbld

OsInfo[2].Value=19042

OsInfo[3].Key=ubr

OsInfo[3].Value=630

OsInfo[4].Key=versp

OsInfo[4].Value=0

OsInfo[5].Key=arch

OsInfo[5].Value=9

OsInfo[6].Key=lcid

OsInfo[6].Value=1033

OsInfo[7].Key=geoid

OsInfo[7].Value=244

OsInfo[8].Key=sku

OsInfo[8].Value=48

OsInfo[9].Key=domain

OsInfo[9].Value=0

OsInfo[10].Key=prodsuite

OsInfo[10].Value=256

OsInfo[11].Key=ntprodtype

OsInfo[11].Value=1

OsInfo[12].Key=platid

OsInfo[12].Value=10

OsInfo[13].Key=sr

OsInfo[13].Value=0

OsInfo[14].Key=tmsi

OsInfo[14].Value=220860817

OsInfo[15].Key=osinsty

OsInfo[15].Value=3

OsInfo[16].Key=iever

OsInfo[16].Value=11.630.19041.0-11.0.220

OsInfo[17].Key=portos

OsInfo[17].Value=0

OsInfo[18].Key=ram

OsInfo[18].Value=12248

OsInfo[19].Key=svolsz

OsInfo[19].Value=918

OsInfo[20].Key=wimbt

OsInfo[20].Value=0

OsInfo[21].Key=blddt

OsInfo[21].Value=191206

OsInfo[22].Key=bldtm

OsInfo[22].Value=1406

OsInfo[23].Key=bldbrch

OsInfo[23].Value=vb_release

OsInfo[24].Key=bldchk

OsInfo[24].Value=0

OsInfo[25].Key=wpvermaj

OsInfo[25].Value=0

OsInfo[26].Key=wpvermin

OsInfo[26].Value=0

OsInfo[27].Key=wpbuildmaj

OsInfo[27].Value=0

OsInfo[28].Key=wpbuildmin

OsInfo[28].Value=0

OsInfo[29].Key=osver

OsInfo[29].Value=10.0.19041.630.amd64fre.vb_release.191206-1406

OsInfo[30].Key=buildflightid

OsInfo[30].Value=f39c5c3f-90fd-40de-9171-e7fd8b92049d

OsInfo[31].Key=edition

OsInfo[31].Value=Professional

OsInfo[32].Key=ring

OsInfo[32].Value=Retail

OsInfo[33].Key=expid

OsInfo[33].Value=FX:1183210E,FX:19E26AD

OsInfo[34].Key=fconid

OsInfo[35].Key=containerid

OsInfo[36].Key=containertype

OsInfo[37].Key=edu

OsInfo[37].Value=0

FriendlyEventName=WindowsBackupFailure

ConsentKey=WindowsBackupFailure

AppName=Windows host process (Rundll32)

AppPath=C:\Windows\System32\rundll32.exe

ReportDescription=Windows Backup failure

ApplicationIdentity=00000000000000000000000000000000

MetadataHash=601300682



I believe from the above you can find the exact windows version.


At this point I'm lost as to how to troubleshoot it. I can't even tell if the access is denied in reading source files, or writing backup files? Or is it something in registry? Or something else??? Help would be much appreciated.

Continue reading...
 
Back
Top