Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 12348 Source: VSS

Source
Level
Description
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\\Volume{c11e2e38-cf1c-11dd-b444-001d099fb314}\. Denying administrators from accessing volume roots can cause many unexpected failures and will prevent VSS from functioning properly.  Check security on the volume and try the operation again.

Operation:
   Removing auto-release shadow copies
   Loading provider

Context:
   Execution Context: System Provider
Comments
 
This event can occur when backing up a Hyper-V host whose guests include computers running the App-V client. The reason it occurs is that the App-V drive (by default, Q:) is not an NTFS drive, which chokes VSS.

As per EV100377 (App-V und VSS–Backup oder kein Backup - this is an article in German)

add this registry entry on the App-V client:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SoftGrid\4.5\Client\AppFS\ServiceInclusions

Value name: VSS (REG_SZ)
Value data: swprv

My environment: WS2008 R2 SP1 Hyper-V Host, WS2008 R2 SP1 guest, App-V 4.6 RDS SP1 with Hotfix 5.
As per Microsoft:

1. Ensure that VSS has access to the volume root directory
To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To ensure that Volume Shadow Copy Service (VSS) has access to the volume root directory:

Open an elevated Command Prompt. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
Type icacls <VolumeRootPath> /grant system:f at the command prompt, where <VolumeRootPath> is the path to the volume root directory, for example, D:\.

2. Verify
To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To verify that the Volume Shadow Copy Service is started:

Click Start, point to Administrative Tools, and then click Services.
In the results pane, double-click Volume Shadow Copy.
In Service status, make sure that the status is Started. If the status is not Started, click Start.
Make sure Startup type is set to Manual.
Click OK.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...