SBS 2008 Blue Screen overnight

Could it be that the attachments are missing? I'm new to experts-exchange, but my browser doesn't show any attachments.

I had to rename the Mini010609-01.dmp to Mini010609-01.txt, and WER-30580125-0.sysdata.xml to a .txt file. To be able to upload it so you will have to rename it to use it.

Thanks for the help.
AAK-Diag--2-.zip

Are you absolutely sure installation is completed?

Most Blue Screen of death is something to do with hardware compatiblility or hard disk failure. Is it a new server that comes with SBS2008 pre-installed? Or is it an upgrade from an older version? Perhaps you need to check if your drivers are compatible with W2K8 (core OS for SBS2008).

I am sure the Installation is completed.  The server has been operational for about 3 weeks.  I just enabled the driver verifier and am restarting the machine, but i have never used it and don't really know what I need to do to verify or identify a bad one.  It is a new machine but not preloaded, I built it and installed the OS.

Is there anything in the dmp file that would indicate what driver might me causing the problem?

If it is a new machine (HP or Dell or whatever), go to its website and check if drivers are compatible with W2K8. Download and install the latest version of drivers might help.

It is not bought from a manufacturer it is a box I built using new parts.

First check Device Manager to see if there is anything suspicious. I am sure there is some free tools to check the compatibility of driver to OS but just need to search/google it.

Here is the fiirst step.
Open command prompt
type chkdsk /r/f c:
select yes run on reboot and reboot machine
then wait and see if it happens again

90% of blue screens are cause by bad sectors or master file table errors. This should fix your problem.

It would help if you post the first lines of the blue screen. Especially the first two lines.
This usually gives an idea, in which direction the problem goes.

Also you may have information in eventlog, which conatains the same information.

Disk are usually an issue, nevertheless SBS2008 is very new, so that driver problems are something like expectable.

Yes but it ran fine till now. Which leads to disk prblem. Or update.

Drivers do not cause a problem once per day. They cause several problems intermitently.

I have looked through the logs but nothing is jumping out at me.  The blue screen happens in the night from what I can tell, but the server is in the office I never see the actual blue screen just the report that it has recovered from an error.  I just restarted again with the Chkdisk running this time it starts.  Will I get a report if it found something or will it just start normally when it completes?  I am working remotely and don't have a monitor hooked to the server to see the results.

It will say chkdsk has found and fixed one or more errors. But you wont see it remotely. Have faith it will fix your problem if you use chkdsk /r/f. You wont know until the computer reboots again. Also check for recent updates when chkdsk is done.

especially an update that occured right before these events began.

Sometimes updates can screw up the mft but your fixing it now so dont worry.

Now if for some strange reason you get the same problem tonight the error will be different. And you will have to runn chkdsk /p/r meaning you have a bad sector that cannot be recovered.

/p Does an exhaustive check of the drive and corrects any errors.
/r Locates bad sectors and recovers readable information.

CheckDisk: Of course not a failure to run it. You will get a report at the end as well as you should  get a log in the event log.

I will try to analyse your dump.

DiskFailure: It it true that W2x may crash, if there are bad sectors on the disk, especially if not movable segments are affected. If they are regulary or not depends on, what is there. Windows is able to handle a part of these errors, not all of course. If you experience blue scrrens at a special time, it points me to the fact, that an application / service has something to do with that. It may be that this applications uses bad blocks on disk or faulty RAM segments or just drivers hich are bugy, but may point to the issue.

As you said, it happens in the night, i would always track backups, but also other services may run during night. You may check your scheduler service, if something is in there, what may be have something to do.

I agree...

Bembi is right, check the log for the outcome of the chkdsk command (it will be right after the event saying the eventlog has started).

Also make sure you enable writing an entry in the event log when the blue screen occurs (in System Properties), so that you can report here exactly what error it shows (see Bembi's 1st post above).

If there is a hardware problem (disk or memory), you will likely see many more strange errors in the system log. If it is due to a bad driver, you won't see these errors. So the system log is a good place to hang out :-)

BugCheck 1000007E, {ffffffffc0000047, fffff80001cbeb48, fffffa6001bd75c0, fffffa6001bd7660}
Probably caused by : volsnap.sys ( volsnap!VspRevert+dd )

So it it is realy the volumesnap service, it may have the following reason

1.) hard disc failure as stated --> check your chkdsk results
2.) drive issue with volsnap.sys, may be drive failure related
3.) A backup software, which uses volume snaps
4.) Hyper-V see above

Have a look here
http://support.microsoft.com/kb/959766/en-us
http://support.microsoft.com/kb/960038/en-us
Hyper-V installed?

It may be an idea, just to delete the existing shodow copies and to see, it it comes back again.

Yes,  I am running hyper V with one Vista Business VM runing on it.  I just requested the hot fix, it says it is a x86 file not x64.  Does it get aplied to the Server or the VM?

I dont beleive its hyper-v. You would apply it to the server though.

If you use VMM to mount the captured image, the Windows Server 2008 system may experience this problem.

I assume, for Hyper-V is has to be x64, Hyper-V does not run on x32
The last one (link ) is newer

I know what you did you requested the hotfix with a different computer.
You have to click show all platforms when you request the fix.

Only show hotfixes for my language and platform  Show additional information  Select Product

Language Platform Release File name Version Build File size (bytes) Modified date
 Windows Vista All (Global) x86 sp2 Fix244749 Vista 6000 398553 11/11/2008 7:58:14 PM
 Windows Vista All (Global) x64 sp2 Fix244749 Vista 6000 416729 11/11/2008 7:59:22 PM
 Windows Vista All (Global) ia64 sp2 Fix244749

> Does it get aplied to the Server or the VM?

****************
Windows Server 2008/Windows Vista SP1 Kernel Version 6001 (Service Pack 1) MP (4 procs) Free x64
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Built by: 6001.18145.amd64fre.vistasp1_gdr.080917-1612
Machine Name:
Kernel base = 0xfffff800`01c51000 PsLoadedModuleList = 0xfffff800`01e16db0
Debug session time: Tue Jan 6 07:02:41.833 2009 (GMT+1)
****************

Is Vista also x64? The dump show 64Bit

server
but click show hot fixes for all platforms and select x64

but you should wait and see if you still get the problem tonight after running chkdsk.

This is possibly the most frustrating machine I have ever worked on.  Now it just rebooted itself for the second time and the Exchange store service will not start.  Server is slugish not responding to commands like it is at 100% CPU usage.  But taskmgr will not start so I can't tell.
This is the error it had on screen when it came back up.
signature:
  Problem Event Name:      BlueScreen
  OS Version:      6.0.6001.2.1.0.305.9
  Locale ID:      1033

Additional information about the problem:
  BCCode:      1000007e
  BCP1:      FFFFFFFFC0000047
  BCP2:      FFFFF80001C82B48
  BCP3:      FFFFFA6001BEC590
  BCP4:      FFFFFA6001BEC630
  OS Version:      6_0_6001
  Service Pack:      1_0
  Product:      305_2

Files that help describe the problem:
  C:\Windows\Minidump\Mini010609-03.dmp
  C:\Users\scormier\AppData\Local\Temp\2\WER-608265-0.sysdata.xml
  C:\Users\scormier\AppData\Local\Temp\2\WER7704.tmp.version.txt

Read our privacy statement:
  http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

this hotfix will be available in windows update after its fully tested. But I dont think thats your problem.

Any Idea why the exchange information Store will not start now?

yes. manually start the service then restart. Not sure why the happened. Did you apply the patch, please say no.

assistant service.
start run services.msc

I can't say no because I just aplied it.  I tried to start maually, will not start.

Why do you say now I should not have applied the patch?

I said that before check up a couple posts.

You need to go into add/remove proframs and get that patch uninstalled. CHKDSK would have fixed all your problems. Now you have more.

you may have to go in safe mode with networking if you cant access it normally.

A restore point may also help if you cant remove it. Make sure show windows updates is checked. Look for the path by kb#. when you are done you will definatly need to run chkdsk /p/r and that may not even get you back.

The update is uninstalled and is restarting now.  You know I rean Chkdisk once already and it did not find any issues with the drive.  I hate to do it but I am about ready to make this thing a Server2003 x64 with exchange 2007 on it.

Will the exchange be able to start if I were to recover the machine from a backup it did last night?

If its a full image backup yes. If not no. chkdsk /p/r should recover your whole system. it might still reboot but your exchange should come back to working order. It should even fix the rebooting issue.
before you only did chkdsk /r/f now do chkdsk /p/r before you go crazy on the backups. unless your 100% sure it will work.

It is telling me that /p is not a valid parameter???

Now are you talkin event log for chkdsk. Because even if there are none reported your MFT still gets re indexed. You should have waited for a bluescreen reboot before you went any further. Did exchange comeback after removing the patch?

I did chkdsk /p/r C: and chkdsk /p /r c:  same result.

my bad you have to use recovery console for that. I would if you have the time. if not run another chkdsk /r/f.

did exchange come back?

No, it is still down.  Also my Intel storage matrix monitoring service comes up with an error now when I first logon.

your raided? Your gunna have to pop the os disk in and run chkdsk /p/r from the recovery console.
sorry for your luck but this whole thing got over examined.

This is the error in the log that started coming up with regard to exchange.
A transient failure has occurred. The problem may resolve itself in awhile. The service will retry in 56 seconds. Diagnostic information:

Cannot open mailbox /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=AAKSERVER/cn=Microsoft System Attendant.
Microsoft.Exchange.Data.Storage.ConnectionFailedTransientException: Cannot open mailbox /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=AAKSERVER/cn=Microsoft System Attendant. ---> Microsoft.Mapi.MapiExceptionNetworkError: MapiExceptionNetworkError: Unable to make connection to the server. (hr=0x80040115, ec=-2147221227)
Diagnostic context:
    ......
    Lid: 12696   dwParam: 0x6D9      Msg: EEInfo: Generation Time: 2009-01-06 16:45:47:50
    Lid: 10648   dwParam: 0x6D9      Msg: EEInfo: Generating component: 2
    Lid: 14744   dwParam: 0x6D9      Msg: EEInfo: Status: 1753
    Lid: 9624    dwParam: 0x6D9      Msg: EEInfo: Detection location: 501
    Lid: 13720   dwParam: 0x6D9      Msg: EEInfo: Flags: 0
    Lid: 11672   dwParam: 0x6D9      Msg: EEInfo: NumberOfParameters: 4
    Lid: 8856    dwParam: 0x6D9      Msg: EEInfo: prm[0]: Unicode string: ncacn_ip_tcp
    Lid: 8856    dwParam: 0x6D9      Msg: EEInfo: prm[1]: Unicode string: AAKSERVER.allaboutkids.local
    Lid: 12952   dwParam: 0x6D9      Msg: EEInfo: prm[2]: Long val: -1527653632
    Lid: 12952   dwParam: 0x6D9      Msg: EEInfo: prm[3]: Long val: 382312662
    Lid: 19778  
    Lid: 27970   StoreEc: 0x80040115
    Lid: 17730  
    Lid: 25922   StoreEc: 0x80040115
   at Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, Int32 ec, DiagnosticContext diagCtx)
   at Microsoft.Mapi.ExRpcConnection.Create(ConnectionCache connectionCache, ExRpcConnectionCreateFlag createFlags, ConnectFlag connectFlags, String serverDn, String userDn, String user, String domain, String password, String httpProxyServerName, Int32 ulConMod, Int32 lcidString, Int32 lcidSort, Int32 cpid, Int32 cReconnectIntervalInMins, Int32 cbRpcBufferSize, Int32 cbAuxBufferSize)
   at Microsoft.Mapi.ConnectionCache.OpenMapiStore(String mailboxDn, Guid mailboxGuid, Guid mdbGuid, ClientIdentityInfo clientIdentity, String userDnAs, OpenStoreFlag openStoreFlags, CultureInfo cultureInfo, String applicationId)
   at Microsoft.Mapi.ConnectionCache.OpenMailbox(String mailboxDn, Guid mailboxGuid, Guid mdbGuid, WindowsIdentity windowsIdentityAs, String userDnAs, OpenStoreFlag openStoreFlags, CultureInfo cultureInfo, String applicationId)
   at Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry)
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry)
   at Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry)
   at Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Initialize(LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags)
   at Microsoft.Exchange.Data.Storage.MailboxSession.CreateMailboxSession(LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, CultureInfo cultureInfo, String clientInfoString)
   at Microsoft.Exchange.Data.Storage.MailboxSession.OpenAsAdmin(ExchangePrincipal mailboxOwner, CultureInfo cultureInfo, String clientInfoString, Boolean useLocalRpc, Boolean ignoreHomeMdb)
   at Microsoft.Exchange.Data.Storage.MailboxSession.OpenAsAdmin(ExchangePrincipal mailboxOwner, CultureInfo cultureInfo, String clientInfoString)
   at Microsoft.Exchange.Servicelets.SystemAttendantMailbox.Servicelet.Work()

Raid mirror, I will have to run that when the business closes tonight.

SYSTEM ATTENDANT. Is the giveaway just do like I said and post back.

One last thing before I go. You may have to run an exchange repair if it does not come back after you perform the chkdsk command. I have no idea what that patch did but it doesnt sound good.

I can't seem to get the server to boot to the disk to start recovery mode.

Hey guys, keep calm here..., as this thread get unreadable...
1.) Does check disk come back with related information
2.) Where have you applied the Hotfix and what happend
3.) Have you deleted the shadow copies?

Can you provide a more detailed description of your server? SBS is clear but which components installed. Hyper-V, what is on the root machine, what is virtuell? Other secondary tools like backup software etc. or third party apps.

Note:
If you have a Raid system, chkdsk is checking, what it gets from the logical drive. If you have an error on physical drives, you may have to check the physical drives, as - esp. from Raid 5 - errors may not be seen as reconstructed by the Raid controller.

So check the event log of matix storage manager. If you want to make sure, all disk are working fine, you can download a tool from the drive manufacturer which can make a deep ananysis of the disks. These tool can make a non destructive analysis, mostly started from a Boot-Disk. It takes about 2-3h per disk, so take time. Make sure, all disk are on the correct port before rebooting the server.  Otherwise you may destroy a Raid.  If these tests runs fine, you can be sure, your drives are fine. NOTE: These tools are also able to make a low level format on disk, so be carefully, what you click there.  

If your computer shuts down unexpectly, it may be, that the exchange store can be damaged if the online defragmenter runs at the same time. Usually exchange is able to fix this. Check event log
You may run  
ISINTEG -s <servername> -test alltests (or mybe allfoldertests)
to determine, if the store has a problem (non destrucitve). Store has to be offline. If this can't be run, there is another tool, which is more rigide, i may post it later, as it may be destructive.

Repairing the exchange installtion may not be able to repair store problems!!!!

In general: Win2K8 logs nearly everything what can be logged. So it is a good idea just first to analyse and check all option before starting any repair or reinstall. SBS is a complex system as never supported in that ombination on a single machine. Therefore there are a lot of dependencies between all the services. Also SBS 2008 is really brand new.

Ok, here is more detail and were it stands now.  Last night I copied the first storage group and any other files that might have changed since the night before when the Backup took place.  I then could not get the Server to boot from the DVD drive so I removed the Raid Volume and recreated it.  I was then able to boot from the DVD since there was no OS installed.  I then restored the machine to the state it was in the night before, which worked.  Then I unmounted the storage groups and replaced the files with the copies I made before the wipe.  When I remounted them the exchange was back up and no data loss occured.  

As for the details of the server:
It has Hyper-V installed as an option in SBS not SBS Virtual, I have a Vista Business VM Running on it. I have two network cards in the machine, and SBS created on Virtual adaptor which uses one of the nic's for the VM.  (I do see in the Logs that it sees more than one machine on the network with the same name, but it is listing itself as the machine.  I assumed it was due to the duel cards on the same server connected to the same lan.)
"A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state"
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="NetBT" />
  <EventID Qualifiers="49152">4319</EventID>
  <Level>2</Level>
  <Task>0</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2009-01-07T13:30:08.079Z" />
  <EventRecordID>40661</EventRecordID>
  <Channel>System</Channel>
  <Computer>AAKSERVER.allaboutkids.local</Computer>
  <Security />
  </System>
- <EventData>
  <Data />
  <Binary>000000000100320000000000DF1000C005010000106410AC1A000000000000000000000000000000</Binary>
  </EventData>
  </Event>



 I use the backup software built into SBS for doing scheduled backups of the machine, of which it is doing them at 12pm and 1am.  I use GFI Mail Security and GFI Mail Essentials to protect the Exchange and have Norton Corp antivirus on the machine as well. The machine is running in a raid 1 configuration.  I am not using the Share Point Services although they are installed.  
Last night after I finished the restore I created a complete backup again, then I paused the backup schedule.  I also then went into the storage matrix control and initialized the volume to ensure that both drives data was the same after the reload.  When I logged in this morning the machine had not rebooted.  I am not sure if that was related to the Backup being paused or not but I plan to resume this morning and see what happens.  

Now that the machine is back up and running I am unable to get it to boot to the DVD again so running Chkdsk /p/r has not been done yet.

Thank you for all the help.

Keep the backup under observation. As the first error is pointing to volsnap, which is used by the backup software, I assume, that somewhere here is an issue. As the windows backup software takes care of volsnaps, it may be that some of them are damaged. The Volsnaps are simply something than an online difference backup, so that you are able to revert changes on network drives. If you delete volsnaps, you loose this ability of course, but deleted files can then be recreated then from the backup intself if needed. So you do not really loose something.

If you enable security logging, you may have an idea, when the server reboots unexpectly as the sercurity log is very detailed. Also you may see event logs after rebooting, as you may see, when services are starting. if you can find out the time of the boot, you may compare this to your shedules of backup to identify the service, which forces the trouble.

If you have RAID1 and you resync the drives. error may come up during resync. On the other hand, if the storage manager determines sync errors due to disk error, you should see them.

Whenever you feel, that drives my an issue, I would always make a per disk analysis to make sure, the disk are healthy.  

Yeah I doubt its the backups purely because you have full backups. You said you restored fully with no data loss. I still beleive you just had a simple disk error. If it happens again just run chkdsk and see if it happens again.

How can I get it to boot into Recovery mode to run a chkdsk?  The system just boots right to the OS, even though DVD is the first boot device.

You get a hint "start from CD" if you reboot your server. If you do not hit a key during this hint, the server starts from the OS.

it is not prompting me for some reason.

Is the CDRom attached to the computer BIOS (means IDE or SATA) or is it connected to a seperate controller?

 

SATA

A you have said that you use Intel Matrix Storage manager....

Was you ever be able to Boot from CD after installing Intel Maxtrix Storage Manager (MSM)?

Background: Usually newer boards have two or more onboard controller. You can change the BIOS settings to RAID and then use MSM to handle your drives. Dependend from your board, some SATA ports are handled by the sperate internal controller, which means, a seperate BIOS is loaded after the Board BIOS. If the CDROM is connected to such a port, which is handled by MSM, this may occure. Means the controller BIOS is now responsible for that SATA port.

Have a look at your board, if you have red and black SATA Ports. If this is the case, the board may have more than one controller.

For some controllers, you have to enable bootable and removable devices.

Ok, I will check.  

Back to the restarting computer.  The 12:00 Backup just went off and my remote desktop connection was ended due to the machine rebooting.
Problem signature:
  Problem Event Name:      BlueScreen
  OS Version:      6.0.6001.2.1.0.305.9
  Locale ID:      1033

Additional information about the problem:
  BCCode:      1000007e
  BCP1:      FFFFFFFFC0000047
  BCP2:      FFFFF80001CB5B48
  BCP3:      FFFFFA6001BE55C0
  BCP4:      FFFFFA6001BE5660
  OS Version:      6_0_6001
  Service Pack:      1_0
  Product:      305_2

Files that help describe the problem:
  C:\Windows\Minidump\Mini010709-01.dmp
  C:\Users\scormier\AppData\Local\Temp\2\WER-635718-0.sysdata.xml
  C:\Users\scormier\AppData\Local\Temp\2\WER2535.tmp.version.txt

Read our privacy statement:
  http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409
 
It just restarted again due to a critical error.  I will get the dmp file when it comes back up.

Can you provide the dump?

Here it is.  Thanks.
Mini010709-01.txt

This is nearly the same, points to
volsnap.sys - SYSTEM_THREAD_EXCEPTION_NOT_HANDLED - code 0xc0000047

Have you ever tried to run the backup manually to see, if you can reproduce the error?
Have you tried to change the backup configuration, not to use shadow copies?

I ran a manual backup last night and it didn't produce the error.  It was using shadow copy, don't I need to use the shadow copy feature to backup a mounted exchange database?  I just changed the setting to Full backup instead of incremental, this should disable the shadow copies from being created.

I am atempting a manual one time back up now.  The first thing it does is create Shadow copy of Volume.  I do not see any ware that I can disable the shadow copy feature.

Have you started the manual backup by just starting the task? Or have you created a new definition?

The exchange points me to another issue. Have you checked, if you do not run into a conflict with the exchange services? There are several services which starts at 1:00 am by default. The exchange crash may be a hint to that.

You may just check the settings on exchange to make sure, backup and exchange services like online defragmentation are not running at the same time.

2. post.
You can make a full VSS backup, if no other backup software needs this. This sets the status of the VSS back and should delete existinf VSS files, as they are backed up.

So this time my manual backup caused it to Blue Screen and reboot.  The problem has to be related to the backups.  I am not sure what you mean in your last post.

This is a choice within the assistant, if you make a one time backup.
You can choose full VSS backup or partial.

Ok, I have made some changes I removed the existing backup and created a new one with a new time of 11;30 I also told the exchange server not to perform matainance until 2am.  I enabled file replication on the first and second database files just to be sure I have a copy.  I only have three options as far as the backup performance settings go "always perform full backup" or "Always perform incremental backup"
the incremental refers to leaving shadow copies behind. The later is what was selected, but when I switched it to Full it still created a Shadow copy.  I can't find where else you would turn that feature off.

I don't want to try to back it up again only because I don't want to risk another crash.  What should I do?

The seetings you are taking about are the general settings, as I can see. Nevertheless you can have other settings on the backup job as predefined. The backup assistand creates a scheduler job, and there are set all settings (which could also be changed there). The backup tool is nothing else than an assistant.

You will always have shadow copies as long as enabled. If you go to the properties of a drive like C:\, you have a tab named shadow copies. There are all existing copies. If the backup has run, only one or maybe two coies should remain there as all others are saved. Note, also the VSS service has a scheduler there, which should not interference with the backup.

I would delete all of them (on all drives), if there are still shadow copies. Maybe that a few of them are damaged due to the crashes. Also have a look into the hardware manager. If you delete the shadow copies, you should not find any shadow copies under the shadow copy folder within the hardware manager. I all drives are clean and there are remaining copies in the hardware manager, you have orphane settings which may be a result out of the crashes.

I looked this morning and the backup from last night completed with warnings.  The warning is below:
Consistency check for component '27640203-8d6b-4c83-8f30-2f320984ec6b'\'Microsoft Exchange Server\Microsoft Information Store\AAKSERVER' failed. Application 'Exchange' will not be avaliable in the backup done at time '1/7/2009 11:30:01 PM'

I looked at the shadow copies for the C: and found that one was scheduled for 7:00am and 12:00pm the 12 I changed to 5pm.  There was only one listed in the window of copies, and it was the latest from 7am.

Should I disable them completely or leave them on?  Any Idea why Exchange would have had issues with the back up last night?  Good news is it didn't crash.

I am still having the problem but you were a great help.

This seems to be the answer:
http://blogs.technet.com/askcore/archive/2008/08/20/how-to-enable-windows-server-backup-support-for-the-hyper-v-vss-writer.aspx

I applied this reg edit and no crash on the first test.