Solved

NTBackup byte estimate very slow, can't find C:\

Posted on 2008-09-30
11
2,013 Views
Last Modified: 2012-05-05
Hello experts,

We've been using NTBackup for quite some time now to do a nightly backup of one of our servers.  It has been working without any issues for over a year now but suddendly at the end of last month it began not to work and  has not worked since.

What is happening is when the backup job runs, the "Selection Information" screen appears with the File and Byte Estimate information, this takes an abnormally long time to complete...in fact I have only seen it complete once after letting it run for almost two weeks (keep in mind the backup, when it did work prior to this issue, was only about 18 GB).  When it finally did complete the estimation, I don't remember the exact text but it returned an error saying it could not find or have permission to C:\ (the job is set to backup C:\ and System State) and the backup failed.

Running the job manually yields the same result Selection Information screen appears and takes an abnormal time to calculate, if I click cancel here NTBackup hangs.  There reports NTBackup creates are blank so they don't offer much assistance and there seems to be nothing in the event log other than an entry showing that NTBackup operation started on C:\ but there is nothing showing it finished or errored out, etc. (unless I cancel the job, then it will show an Application Hang entry)

Operating system is Windows Server 2003 Enterprise Edition SP2, NTBackup is backing up to a SNAP2200 NAS device (but the same thing happens even if I back up to anoter local hard disk).  I have been scouring the web and even looked at some Partner level KB articles for the same problem, and while I have tried solutions used on similar issues, nothing has yet to yield success.

I have attempted the following:
-Update NTBackup build with hotfixes provided by Microsoft, currently running build 5.2.3790.4166 of NTBackup
-Delete and recreate backup job
-Recreate .bkf file that job backs up to
-Re-register VSS Writers with the following procedure:
CD to Windows\System32
Net stop vss
Net stop swprv
regsvr32 ole32.dll
regsvr32 vss_ps.dll
Vssvc /Register
regsvr32 /i swprv.dll
regsvr32 /i eventcls.dll
regsvr32 es.dll
regsvr32 stdprov.dll
regsvr32 vssui.dll
regsvr32 msxml.dll
regsvr32 msxml3.dll
regsvr32 msxml4.dll
Reboot server

I hope I provided sufficient detail here, if not please let me know and I will try to provide any information I can.

0
Comment
Question by:stevepo
  • 8
  • 2
11 Comments
 
LVL 63

Assisted Solution

by:SysExpert
SysExpert earned 250 total points
ID: 22647107
1) I would run winmsd and hijackthis 2 to check on processes and startups that could be malware or causing issues.

2) Stop all services that are not essential

3) Try backing up some test data from only part of the hard drive

4) Check that VSS is working oK.

Anything showing up in the Backup logs and event logs ?


I hope this helps !
0
 
LVL 6

Author Comment

by:stevepo
ID: 22654122
Hi SysExpert,

Thanks for the response, I'll try to address your suggestions as orderly as possible:

1) Ran Hijackthis and the output was not very lengthy (compared to other HijackThis logs I've seen) nor did I see any software, processes or IPs that I didn't recognize, the log is shown below (I've edited some things to read as //<Our Company>// as this machine is our company's web server):


I ran the vssadmin list writers while ntbackup was running so this may not be accurate.

Backup logs appear as blank and the event logs show the "Begin Operation" for ntbackup, then several MSSQLSERVER entries stating that databases have been backed up, then ntbackup shows an entry saying the backup of C: has begun and nothing after that.

I appreciate the response, what I will do is reboot the server when possible and run HJT, vssadmin list writers, and then attempt to backup the one text file as a test.

I will post again once I have done that. If you have any additional suggestions in the mean time please let me know and if there is any additional info you think may be helpful I will do my best to provide it.

Thanks!
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:13:58 PM, on 10/6/2008

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Computer Associates\InoculateIT\InoRpc.exe

C:\Program Files\Computer Associates\InoculateIT\InoRT.exe

C:\Program Files\Computer Associates\InoculateIT\InoTask.exe

C:\WINDOWS\LogWatNT.exe

C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe

C:\Program Files\Persits Software\AspEmail\BIN\EmailAgent.exe

C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Computer Associates\InoculateIT\realmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\WINDOWS\system32\rsmsink.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\logon.scr

c:\windows\system32\inetsrv\w3wp.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Computer Associates\InoculateIT\realmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/hardAdmin.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by RMI

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = //<Our Proxy Server>//

O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\Computer Associates\InoculateIT\realmon.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O15 - ESC Trusted Zone: http://runonce.msn.com

O15 - ESC Trusted Zone: http://*.windowsupdate.com

O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194376238031

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = //<Our Domain Name>//

O17 - HKLM\Software\..\Telephony: DomainName = //<Our Domain Name>//

O17 - HKLM\System\CCS\Services\Tcpip\..\{286EECCD-DE6A-456D-936D-03A0D6CDDC8D}: NameServer = //<Our Name Server>//

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = //<Our Domain Name>//

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = //<Our Domain Name>//

O23 - Service: InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\Computer Associates\InoculateIT\InoRpc.exe

O23 - Service: InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\Computer Associates\InoculateIT\InoRT.exe

O23 - Service: InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\Computer Associates\InoculateIT\InoTask.exe

O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Persits Software EmailAgent - Persits Software, Inc. - C:\Program Files\Persits Software\AspEmail\BIN\EmailAgent.exe
 

--

End of file - 5131 bytes
 

2) I believe everything non-essential is stopped, I can't stop too many things as this our company's webserver
 

3)I have tried backing up just a simple text file and it locks up ntbackup. I'll do a reboot when possible and try the single file again, maybe try to back it up to the other local hard disk instead of the NAS device.
 

4)When running vssadmin list writers from the command prompt this is my output:

Writer name: 'System Writer'

Writer Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Instance Id: {f59d406c-7e93-412b-898e-7dd8af7e26fe}

State: [5] Waiting for completion

Last error: No error
 

Writer name: 'MSDEWriter'

Writer Id: {f8544ac1-0611-4fa5-b04b-f7ee00b03277}

Writer Instance Id: {bbaead74-c8e1-4f24-8f49-d4545e962098}

State: [5] Waiting for completion

Last error: No error
 

Writer name: 'Registry Writer'

Writer Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}

Writer Instance Id: {28c01941-0245-4c01-a5fb-699c36fae7d1}

State: [5] Waiting for completion

Last error: No error
 

Writer name: 'WMI Writer'

Writer Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

Writer Instance Id: {09d17661-3fad-400f-98cb-d39d970c7129}

State: [5] Waiting for completion

Last error: No error
 

Writer name: 'Event Log Writer'

Writer Id: {eee8c692-67ed-4250-8d86-390603070d00}

Writer Instance Id: {b613c78b-486c-400b-b73a-bb2e059fad3c}

State: [5] Waiting for completion

Last error: No error
 

Writer name: 'Removable Storage Manager'

Writer Id: {5d3c3e01-0297-445b-aa81-a48d7151e235}

Writer Instance Id: {1bca65bf-6ea1-449e-8b79-ad7cfbb2efd9}

State: [5] Waiting for completion

Last error: No error
 

Writer name: 'IIS Metabase Writer'

Writer Id: {59b1f0cf-90ef-465f-9609-6ca8b2938366}

Writer Instance Id: {3f49b757-034a-414a-84be-0441ed9c73e8}

State: [5] Waiting for completion

Last error: No error
 

Writer name: 'COM+ REGDB Writer'

Writer Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}

Writer Instance Id: {2444e5e0-4528-4583-b9a2-09d6271af8c0}

State: [5] Waiting for completion

Last error: No error

Open in new window

0
 
LVL 6

Author Comment

by:stevepo
ID: 22723657
Just to update anyone following this question, I have not yet had a chance to reboot this server as it is our web server, once I do, I will attempt what I have described in my previous post and post the results.
0
 
LVL 6

Author Comment

by:stevepo
ID: 22813594
Hello All,

I have rebooted the server and following the reboot my "vssadmin list writers" command output looks like this:


Any additional suggestions on this issue are welcome.

Thanks!

Writer name: 'System Writer'

Writer Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Instance Id: {024504ef-02d6-4e30-834b-af1f11c72ae3}

State: [5] Waiting for completion

Last error: No error
 

Writer name: 'Event Log Writer'

Writer Id: {eee8c692-67ed-4250-8d86-390603070d00}

Writer Instance Id: {47fcc1d0-c648-4c79-899b-bf6d07d6c754}

State: [1] Stable

Last error: No error
 

Writer name: 'WMI Writer'

Writer Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

Writer Instance Id: {b5fdb57e-0eb6-4c5b-95b2-9cb01e60ed52}

State: [5] Waiting for completion

Last error: No error
 

Writer name: 'Removable Storage Manager'

Writer Id: {5d3c3e01-0297-445b-aa81-a48d7151e235}

Writer Instance Id: {2cfba8c6-aa6e-4e5c-8b98-f0ddbacd24ea}

State: [5] Waiting for completion

Last error: No error
 

Writer name: 'MSDEWriter'

Writer Id: {f8544ac1-0611-4fa5-b04b-f7ee00b03277}

Writer Instance Id: {b87c2b29-3f50-40b7-886f-5135f7e18aae}

State: [1] Stable

Last error: No error
 

Writer name: 'Registry Writer'

Writer Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}

Writer Instance Id: {08a84505-685d-4182-82f1-3249460c953e}

State: [1] Stable

Last error: No error
 

Writer name: 'COM+ REGDB Writer'

Writer Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}

Writer Instance Id: {e8f3de1f-1e95-468e-ba23-bda661ac40c6}

State: [1] Stable

Last error: No error
 

Writer name: 'IIS Metabase Writer'

Writer Id: {59b1f0cf-90ef-465f-9609-6ca8b2938366}

Writer Instance Id: {64de5127-84b6-4f0f-ad42-d97fb1673e3b}

State: [1] Stable

Last error: No error
 

HiJackThis log looks the same and I attempted to backup the same test text file to a secondary (local) hard disk on the machine and it took 20 minutes according to the NTBackup report (the file was only 16 KB in size). I do notice that after I run the ntbackup and it completes my "vssadmin list writers" then looks like this:
 

Writer name: 'System Writer'

Writer Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Instance Id: {024504ef-02d6-4e30-834b-af1f11c72ae3}

State: [5] Waiting for completion

Last error: No error
 

Writer name: 'Event Log Writer'

Writer Id: {eee8c692-67ed-4250-8d86-390603070d00}

Writer Instance Id: {47fcc1d0-c648-4c79-899b-bf6d07d6c754}

State: [1] Stable

Last error: No error
 

Writer name: 'WMI Writer'

Writer Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

Writer Instance Id: {b5fdb57e-0eb6-4c5b-95b2-9cb01e60ed52}

State: [5] Waiting for completion

Last error: No error
 

Writer name: 'Removable Storage Manager'

Writer Id: {5d3c3e01-0297-445b-aa81-a48d7151e235}

Writer Instance Id: {2cfba8c6-aa6e-4e5c-8b98-f0ddbacd24ea}

State: [5] Waiting for completion

Last error: No error
 

Writer name: 'MSDEWriter'

Writer Id: {f8544ac1-0611-4fa5-b04b-f7ee00b03277}

Writer Instance Id: {b87c2b29-3f50-40b7-886f-5135f7e18aae}

State: [1] Stable

Last error: No error
 

Writer name: 'Registry Writer'

Writer Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}

Writer Instance Id: {08a84505-685d-4182-82f1-3249460c953e}

State: [1] Stable

Last error: No error
 

Writer name: 'COM+ REGDB Writer'

Writer Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}

Writer Instance Id: {e8f3de1f-1e95-468e-ba23-bda661ac40c6}

State: [1] Stable

Last error: No error
 

Writer name: 'IIS Metabase Writer'

Writer Id: {59b1f0cf-90ef-465f-9609-6ca8b2938366}

Writer Instance Id: {64de5127-84b6-4f0f-ad42-d97fb1673e3b}

State: [5] Waiting for completion

Last error: No error

Open in new window

0
 
LVL 6

Author Comment

by:stevepo
ID: 22813614
Apologies for not more carefully reading my previous post. It should read:

Following a reboot my "vssadmin list writers" command shows the following:


Writer name: 'System Writer'

Writer Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Instance Id: {024504ef-02d6-4e30-834b-af1f11c72ae3}

State: [1] Stable

Last error: No error
 

Writer name: 'Event Log Writer'

Writer Id: {eee8c692-67ed-4250-8d86-390603070d00}

Writer Instance Id: {47fcc1d0-c648-4c79-899b-bf6d07d6c754}

State: [1] Stable

Last error: No error
 

Writer name: 'WMI Writer'

Writer Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

Writer Instance Id: {b5fdb57e-0eb6-4c5b-95b2-9cb01e60ed52}

State: [1] Stable

Last error: No error
 

Writer name: 'Removable Storage Manager'

Writer Id: {5d3c3e01-0297-445b-aa81-a48d7151e235}

Writer Instance Id: {2cfba8c6-aa6e-4e5c-8b98-f0ddbacd24ea}

State: [1] Stable

Last error: No error
 

Writer name: 'MSDEWriter'

Writer Id: {f8544ac1-0611-4fa5-b04b-f7ee00b03277}

Writer Instance Id: {b87c2b29-3f50-40b7-886f-5135f7e18aae}

State: [1] Stable

Last error: No error
 

Writer name: 'Registry Writer'

Writer Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}

Writer Instance Id: {08a84505-685d-4182-82f1-3249460c953e}

State: [1] Stable

Last error: No error
 

Writer name: 'COM+ REGDB Writer'

Writer Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}

Writer Instance Id: {e8f3de1f-1e95-468e-ba23-bda661ac40c6}

State: [1] Stable

Last error: No error
 

Writer name: 'IIS Metabase Writer'

Writer Id: {59b1f0cf-90ef-465f-9609-6ca8b2938366}

Writer Instance Id: {64de5127-84b6-4f0f-ad42-d97fb1673e3b}

State: [1] Stable

Last error: No error

Open in new window

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 63

Assisted Solution

by:SysExpert
SysExpert earned 250 total points
ID: 22818788
Any MS patches prior to this or driver updates ?

Any issues with the disk drives being slow ?

HAve you run chkdsk on them recently ?


I hope this helps !
0
 
LVL 6

Author Comment

by:stevepo
ID: 22822382
Thank you for the response,

I do not believe there were any driver updates but I will check for MS Patches around the date when the issue began to occur.

No issues with the drives being slow that I am aware of but I am sure that I have not run chkdsk on them. in qutie some time if at all.  I can say that NTBackup does exhibit the same behavior when I choose to backup to a NAS device instead of the secondary (local) hard disk.

I also would like to add that for the time being I have setup an NTBackup job on another server we have here.  This server is set to backup the C: drive of the web server (the problematic machine I am posting in regards to) and this backup job runs without issue in a reasonable amount of time and backs up to a NAS device.  Yet when I setup this same job on the web server itself I experience this issue.  Very odd.  I appreciate your follow-up and see if I can run a chkdsk at some point and look into MS Patches applied and post back once I have done that.

Is there any way to uninstall / reinstall of NTBackup?  I would think if possible I could do so from "Add/Remove Programs" and look under the "Windows Components" but I see nothing related to NTBackup.
0
 
LVL 6

Author Comment

by:stevepo
ID: 22880814
Just posting back with an update, haven't been able to run a chkdsk yet but I looked at the Event Viewer logs and the issue seems to have started in late August, the last updates applied before August were on April 23rd and then another round of updates was applied in early September but the issue was already occuring by then, with that in mind I'm not sure that Windows Updates are the issue.
0
 
LVL 6

Accepted Solution

by:
stevepo earned 0 total points
ID: 23193425
Nothing has changed since my last post just over a month ago (I think this machine was even rebooted during that time span) but I decided to try ntbackup on the problematic machine again and this issue seems to have resolved itself as ntbackup now appears to be working normally.



0
 
LVL 6

Author Comment

by:stevepo
ID: 23193457
Thanks for responding to this question SysExpert,  I would like to award some points for the simple fact that you were the only one to even suggest anything.

I know I can split points but is there a way to give you half and refund half?
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Are you looking to recover an email message or a contact you just deleted mistakenly? Or you are searching for a contact that you erased from your MS Outlook ‘Contacts’ folder and now realized that it was important.
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now