CAPI2 - 513 : Cryptographic Services failed while ...

Dirk_Loeffler · ‎07-14-2010

Hi,

I am running BE12.5 SP4 on a W2003 Server to backup a W2008 file server. On that W2008 file server I got a multiple error in Windows application log:

CAPI2 - 513 : Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

I have checked Symantec doc id 327192 (http://seer.entsupport.symantec.com/docs/327192.htm), but all security settings are ok and the SystemWriter *is shown* in vssadmin and the buckup job does not fail.

Anyone any idea how to fix that?
Cheers
Dirk

RahulG · ‎07-14-2010

Try the following a) and/or b) solution(s). If none of the solutions can solve the issue, please contact Microsoft support for further assistance about why System Writer is missing.

a) Refer to http://technet.microsoft.com/en-us/library/cc734021(WS.10).aspx and make appropriate changes to access control list on the %systemdrive%\Windows\registration folder if the situation matches the document.

b) Try to list permissions for the files in %windir%\winsxs\filemaps from a command prompt run as administrator. If access was denied to every file, run the following sequence of commands to reset the permissions and restore the state of System Writer:

cd c:\windows\system32
Takeown /f %windir%\winsxs\filemaps\* /a
icacls %windir%\winsxs\filemaps\*.* /grant "NT AUTHORITY\SYSTEM:(RX)"
icacls %windir%\winsxs\filemaps\*.* /grant "NT Service\trustedinstaller:(F)"
icacls %windir%\winsxs\filemaps\*.* /grant "BUILTIN\Users:(RX)"

Dirk_Loeffler · ‎07-14-2010

H RahulG,

like I wrote in my post:
- I have allreday done all theses steps
- System writer IS PRESENT, (is NOT missing)

Nevertheless I get this error: CAPI2 - 513 : Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

cheers
Dirk

Colin_Weaver · ‎07-19-2010

Hi all

As well as the information Rahul G posted there is another Microsoft Article with a few more commands in it that should perhaps be reviewed against this issue:

http://support.microsoft.com/kb/2009272

jurgen_barbieur · ‎02-23-2017

1. Run: SC sdshow MSLLDP
You'll get something like below (SDDL language is documented on MSDN):

D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BG)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;LCRPWP;;;S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

2. Run: SC sdshow MUP
You'll get:

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

********* IMPORTANT *********************************************************

Make sure all Command Parameters are in one line without Carriage Returns and Line Feeds as opposed to the way you see them in these instructions! (i.e. switch off word wrapping etc. when you copy and paste through your editor)

****************************************************************************

3. Take NT AUTHORITY\ SERVICE entry, which is (A;;CCLCSWLOCRRC;;;SU) and add it to the original MSLLDP security descriptor properly, right before the last S:(AU... group.

4. Apply the new security descriptor to MSLLDP service (make sure command is in one line!!!):

sc sdset MSLLDP D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BG)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;LCRPWP;;;S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

more info: https://social.technet.microsoft.com/Forums/windows/en-US/156d3b56-0863-47fb-851f-82ea78a7cff2/error...

VOX

CAPI2 - 513 : Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.