Can't create system restore points in 64-bit Windows 7

John_Holecek
John_Holecek used Ask the Experts™
on
Take a look at the two attached images to see if you can figure out why I can't create restore points in 64-bit Windows 7. Restore setup  Restore error message
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
John,
In the Command Prompt window, type: sfc /scannow

Ken
Top Expert 2013

Commented:
it says : insufficient storage available; so how much do you have free?
you can also limit the size restore points can take on disk !

Author

Commented:
To ken2421,

See the image and advise.
console.JPG
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Author

Commented:
To nobus,

I have 138 GB free.
LeeTutorretired
Top Expert 2009

Commented:
For your problem running SFC, right click on the Command Prompt link on the Start Menu (under Accessories) and then choose Run as Administrator before you type in SFC  /SCANNOW.

Commented:
Make sure the shadow copy service is running.  Also use the command vssadmin to check that shadow copies are being created.  If there are no shadow copies created, I would thnk that you would not be able to create a restore point.

http://technet.microsoft.com/en-us/library/cc754968%28WS.10%29.aspx
Top Expert 2013

Commented:
 did you disable MS Software Shadow Copy Provider service ?

any errors in event viewer?

Author

Commented:
Hi Everyone,

I'm at my work computer and won't be able to do the things you mention until later tonight (the problematic computer is in my home office). Thanks, in the meantime, for the advise. I will try all of the suggestions.

Author

Commented:
I ran scannow and there were no problems.
scan-now.JPG
Top Expert 2013

Commented:
any comment on my post ?

Author

Commented:
To che6ausc

As you can see from the image, no shadow copy storage space has been allocated. Do I use the vssadmin add shadowstorage to allocate the storage space. If yes, explain the process to me. Thanks. I think we're on the right track.
shadow.JPG

Author

Commented:
Hi Nobus,

There were no error alerts in the event viewer.

 "did you disable MS Software Shadow Copy Provider service ?" I didn't disable it, but check out the image. The service is stopped, and when I tried to start it, I got an "access denied" error message. From right out of the box, this computer had problems with "system restore." Originally I could create restore points but not go back to them. I posted that on EE some time ago, but nobody had a solution. My solution was to install AyRecovery. What I don't like about this program. though, is that if you go back to a restore point, it restores document and other files back to their state when the restore point was created. i.e. unlike windows  system restore, you lose data. Could it be that AyRecovery has shut down the Copy Provider service?
shadow-service.JPG
Top Expert 2013

Commented:
look if this helps : deleting shadow copies  :  http://bertk.mvps.org/html/eerrormsgsv.html

Commented:
The service you want to see running is the volume shadow copy service C:\Windows\system32\vssvc.exe. See attached.  This is Microsoft's system restore service.

The other service which provides an interface for third party backup and recovery providers is what you are showing in your screenshot.

Since you are using a third party for backup/restore it may be configured to override the Microsoft restore service.  In that case, you may have to see if it has a setting to allow both or uninstall it, if it doesn't.

You definitely are not creating shadow copies, but I don't think it is a storage problem.  The error message may be erroneous and caused by the interface between both providers.

Commented:
Here is attachment:
Capture.jpg

Author

Commented:
Hi nobus

I don't have any shadow copies. The service hasn't been making them.
Top Expert 2013

Commented:
you can rep
Top Expert 2013

Commented:
..you can repair your system with sfc, or a repair install
http://www.sevenforums.com/tutorials/3413-repair-install.html            repair windows 7
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html         SFC

Commented:
Attached is a diagram of how the Shadow Copy Service works.

The link is: http://technet.microsoft.com/en-us/library/cc785914%28WS.10%29.aspx, if you want to read it.

If what Nobus is proposing doesn't work, you could try re-registering the service.

Commented:
Here is the attachment:
Capture.jpg

Author

Commented:
To Eveyone,

I uninstalled AyRecovery and then took at look at the Volume Shadow Copy service, which was stopped. When I tried to start it, I got an error message; "Access is denied." What can I do about this?

Thanks for all the help so far.

Commented:
Make sure that the administrators group and system group have read and execute access to the file VSSVC.exe in the c:\windows\system32 folder.

Commented:
Also check permissions on swprv.dll which is the other service you have access denied (Microsoft Software Shadow Copy Provider).

Author

Commented:
To che6ausc,

Sorry to have taken so long to get back.I can run VSSVC as an administrator. How do I check the permissions on swprv and VSS, neither of which I have access to. On both of those services N/A is listed under Group. My account is an administrator's account.

Author

Commented:
To che6ausc,

 I ran services.msc and started Volume Shadow Copy there. VSS is now running but I still cannot access swprv. (A newbie question: How are the services that come up with services.msc different from the services that show on task manager?)

Commented:
Services.msc lets you configure some of the settings for the service and shows the dependent services.  For instance, manual vs. automatic startup.  Both allow you to start and stop the service.

Services are grouped and run under svchost.exe.  Hence, the group name.  You can have multiple services running under one svchost.exe and also multiple instances of svchost.exe.  Task manager shows you what services are running under each svchost.exe.

You check (change)  the permissions by right clicking the file and selecting properties.  Under the security tab you will see what permissions are set for each group.

You will have to take ownership of a file before changing permissions.  Here is a tutorial: http://www.vista4beginners.com/Change-permissions-take-ownership.

You need to have read and execute permission to both VSSVC.exe and swprv.dll in the c:\windows\system32 folder before you can start the services. See my attachment.
capture.jpg

Author

Commented:
I checked the permissions and I have both read and execute on both files. I started Volume Shadow copy out of the services.msc. This is set to manual startup. Can I change that to automatic or how does it get switched on without having to go to services.msc. I then checked Volume Shadow Copy and Microsoft Software Shadow Copy Provider in Task Manager Servies. VSS was running, but swprv was stopped and I couldn't access it to start it. Then swprv started running and then both services stopped. I restarted Volume Shadow Copy and now VSS is running but swprv is not, and I can't start it. It seems as if there is something buggy somehwere.

Commented:
Both services are set to manual by default and then triggered when needed.  Since you are not creating shadow copies,  we need to know why they are not being triggered.

For testing purposes, set both to automatic and reboot to see if they are running at startup.  Then do an install, uninstall, windows update or anything that triggers the creation of a shadow copy.


Make sure system protection is on for the volume where your operating system resides.  Click on the configure  button and delete all previous settings.  

Use the command VSSADMIN to see if any shadow copies were created.

Commented:
One other thing is that both the shadow copy services are dependent on the Remote Procedure Call service to be  running.  Make sure it is set to automatic and running.
capture.jpg

Author

Commented:
Remote Procedure Call service is set to automatic and is running. I have set both of the other services to automatic, but that may not have been necessary. As of late, shadow copies have been created. (See attached jpgs.
shadow1.JPG
shadow2.JPG

Author

Commented:
Now that I can create shadow copies and restore points, the only thing that remains is to see if I can do a system restore. However, I still can't start swprv: access is denied. What can we do about that? Or is it important.

Author

Commented:
I tried to do a system restore and couldn't (see image). This is exactly the same problem I have had from the very beginning with this computer. That's why I bought AyRecovery. The problem with AyRecovery is that a restore point also restores all your document and other files back to the point at which the restore point was made. In other words, you lose a lot of data.
no-restore.JPG

Author

Commented:
One other note. Earlier when I had this problem, not only did I shut down my virus program, but I also completely removed it to do a test. I got the same error message. Anti-virus is not the problem.

Commented:
You created a thread in this forum back in June with the exact same problem as described above.  In that thread, you claimed the problem was resolved to your satisfaction.   Why is that solution not acceptable now?   http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/Q_26259510.html

AyRecovery was thwarting the efforts of Volume Shadow Copy Service to create shadow copies.  Hence, the erroneous error message about insufficient storage available.

Commented:
Have you deleted some of the shadow copies from your screenshot above? See attached.  

capture.jpg

Author

Commented:
No, I did not delete any shadow copies. I didn't look at the screen shot close enough to note that some of the shadow copies were missing. You are doing such a good and careful job that once this problem is resolved, I would give you a million points if I could.

Commented:
The fact that you are not creating shadow copies sequentially leads me to believe that you have corruption in the "system volume information"  folder on the C: drive.  This is where the data for system restore resides: http://www.theeldergeek.com/system_volume_information_folder1.htm.  It's also said to be a haven for virus attacks.

I see three options to resolve the problem with the folder:

(1) A clean install of Windows 7(the folder will be initialized to defaults at setup time).

(2) A repair install of Windows 7 (hope that the corruption is flushed out as the system is repaired).

(3) Delete the folder by taking ownership and granting full permissions to administrators group.  Don't worry the folder will initialized within a few minutes with system defaults.

The last option would involve:
(a) turning off system protection to the c: drive and the rebooting so the folder is not locked anymore by the system.
(b)from an elevated command prompt enter the command:  ICACLS "system volume information" /grant administrators:F.
(c)delete the folder with the command RMDIR "system volume information" /s.

Author

Commented:
What would you do? (3) seems the best option to me. I don't think it's a virus problem as I had this problem from the first time I booted up the computer, a Lenovo ThinkPad T410.
LeeTutorretired
Top Expert 2009

Commented:
I think that the 3 options listed by che6ausc above are in reverse order of difficulty or time-consumingness (to coin a word), and so if I were you I would try 3 first, then 2 if that didn't work, and finally 1.  But the corruption that we are hypothesizing is present in the System Volume Information folder (I agree with him on that) may not be due to viruses.  It may just be corruption of the hard disk.  Perhaps one thing to try before 3, 2, or 1 above is running CHKDSK on your hard disk.

Author

Commented:
To che6ausc:

I did option 3 but access to the files in the system volume information folder was denied. (see attached files)
ICACLS.JPG
No-protection.JPG
system-volume.JPG

Commented:
Use a Linux Live CD like Slax to delete the folder.  Burn the .iso image to a cd.  Boot from the cd.
http://www.slax.org/get_slax.php.

Delete the folder from the desktop environment in Slax.  The folder wil be created with system defaults next time you boot Windows 7.  Good luck.

Author

Commented:
Thanks che6ausc. I can't get to it now, but I'll try to do it this evening after I go to Mass (it's All Saints Day).

Author

Commented:
To che6ausc,

To delete the file with Slax, do I need to turn system protection for the C: drive off?

Commented:
No, Slax doesn't know that system protection exists, nor Windows for that matter.  It is it's own operating system with it's own permissions.

Commented:
Check that you have writers and that they are stable: VSSADMIN list writers.
capture.jpg

Author

Commented:
The writers seem to be in order.
writers.JPG

Author

Commented:
To che6ausc,

I ran Slax and used the find files and folder utility to get to the System Volume Information folder, but then I couldn't figure out how to delete it. The utility doesn't offer the option, and right clicking doesn't allow the option either. Could you lead me through the proper steps?

Thanks.

Commented:
After Slax loads to the desktop, click on the system icon and then the storage media icon.  It's as simple as that.  Your partitions should be listed then.

Author

Commented:
To che6ausc,

Yes, it is as simple as that. I deleted the System Volume Information Folder. I then checked that shadow copies were being created and that the writers were in order. However, I've created a restore poin, but I haven't had time to check if I can restore to that point. I'm the executive director of the McPherson Opera House, and we've had a number of shows in the last week, so I'm swamped. Maybe tomorrow, I can try to restore the computer. Thanks for hanging in there.

Author

Commented:
To che6ausc,
Back to square one (see attached file). Is there any way to trouble shoot what file can't be accessed? It is not because an anti-virus program is running as I shut Norton down.
no-restore.JPG

Commented:
Can you provide a screenshot of the files in system volume information?

If you what to continue after what has already been recommended,  you could run Procmon: http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx.  Remove all default filters and filter on rstrui.exe  Look for denied access.



capture.jpg
capture1.jpg

Author

Commented:
I had to run the ICACLS command to open up the "system volume information" folder. Once inside, I couldn't get access to the "System Restore" folder. That could be the problem. In any case, check out the five screen shots.
svi1.JPG

Author

Commented:
Here's the next screen shot

Author

Commented:
Oops, here's the next screen shot.
svi2.JPG

Author

Commented:
Here's screen shot 3
svi3.JPG

Author

Commented:
Here's screen shot 4
svi4.JPG

Author

Commented:
Here's screen shot 5
svi5.JPG

Commented:
You have a file SYMEFA.DB inside that folder.  It seems ironic that Norton is putting a file in the folder and the error message states that your antivirus is preventing system restore from accessing a file.  Check the permissions on that file.  I wonder if system restore is trying to read the file and Norton is denying permission.

Delete the file and uninstall Norton using the Norton removalhttp://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US too;

You must uninstall Norton completely so that it does not recreate the file.

Author

Commented:
Hi che6ausc,

You are wonderful. I'm on my work computer so I won't be able to do this until tonight. I have also set up 2 HP laptops with Windows 7 64-bit and Norton 360, and neither of them would properly restore either. I think you've hit it on the head with Norton (hopefully).

Author

Commented:
Norton is positively wicked. I first ran the removal tool and then went back to delete SYMEFA.DB, but it will not delete. If you right click on the file, the menu to delete comes up, but when you try to delete it nothing happens. Should I delete it with Slax?

Author

Commented:
If I do run Slax, should I delete the entire folder. Also, there is a post on the Norton site about removing SYSMEFA.db:
SYMEFA.db removal

Author

Commented:
I deleted SYMEFA.db and tried to restore to a restore point. Got the same unable to restore message.
I think SYNCING.net might be the culprit. It's an over the web peer-to-peer program that keeps my pst files in sync between two computers. What do you think? No restore

Author

Commented:
Actually, I don't think it can be syncing.net. I have it running on a Vista Ultimate machine, and I can do systems restores on it. As I mentioned in an earlier post, all the Windows 7 64-bit machines that I've set up have not been able to do system restores.
To che6ausc,

Success at last! My hunch about SYNCING.NET turned out to be right. I did a selective startup with SYNCING.NET unselected and was able to successfully restore. I have learned so much about the Windows OS through working with you. I am very grateful. I wish I could give you a thousand points. Thanks again for being so patient.

Author

Commented:
Although I solved the problem myself, che6ausc was extraordinarily helpful and patient.

Author

Commented:
Guess what. The problem is back. I'm at a total loss. I got one system restore to work and that was it.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial