Situation:

I tried to use Macrium Reflect v6.1 to make disk image backup but failed several times. I tried standard windows backup but failed too!

Contents of Error Log:

Date     18-03-2016 11:07:38 AM

Type     Error

Event     513

Source   Microsoft-Windows-CAPI2

Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:

AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:

Access is denied.

Explanation

It’s all about MSLLDP “Microsoft Link-Layer Discovery Protocol”

Its binary is:   \Windows\system32\DRIVERS\mslldp.sys

Its config registry key is:   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsLldp

What happens during backup?

NETWORK_SERVICE account has a VSS process which calls cryptcatsvc!CSystemWriter::AddLegacyDriverFiles()

This enumerates all the drivers and tries opening each one of them.

The function fails on MSLLDP driver with “Access Denied” error.

The explanation is that MSLLDP driver’s security permissions do not allow NETWORK_SERVICE to access the driver

Steps to solve this issue

Download AccessChk 6.01 from https://technet.microsoft.com/en-us/sysinternals/accesschk.aspx   direct download link https://download.sysinternals.com/files/AccessChk.zip

Copy AccessChck.exe to c:\Windows (or any location in your path)

Run cmd (as administrator)

Check original security descriptor:

No service account is allowed to access MSLLDP driver

The security descriptor for the drivers that were processed successfully looked this way:

The last line gives access to services

We need to add access rights for NT AUTHORITY\SERVICE to MSLLDP service

Create folder c:\_ (for temp use)

Export the security descriptor of MSLLDP

Make command file to restore original MSLLDP security descriptor, just in case.

Edit restore_mslldp.cmd using your text editor to add sc command (must be on one line only)

Prepare for the new cmd file

Take NT AUTHORITY\ SERVICE entry, which is (A;;CCLCSWLOCRRC;;;SU)

Copy it to the end of sc line in new_mslldp.cmd

(important: make sure that the whole command on one line without CR or LF)

New_mslldp.cmd

Results:

Show the original security descriptor

Set the new security descriptor

Show the new security descriptor

The last line fixes the problem.

Try your backup app now, will work inshaÁllah

Resources

http://answers.microsoft.com/en-us/windows/forum/windows8_1-update/event-513-errors-when-setting-a-restore-point-or/0ac566b0-b16b-4e6f-9344-27800151e21d?auth=1

https://technet.microsoft.com/en-us/sysinternals/accesschk.aspx

http://www.macrium.com