MS SQL backup is failing with VSS error 0x800423f4 error when Azure AD connect feature is enabled on the server

Last Modified

Tue Aug 27 14:23 GMT 2019

Description

  • After a recent Azure AD connect updates, volume shadow copy creation using VSS SQL writer fails to prepare snapshots
  • EventLogs contains SQLVDI errors, EventID1 and MS SQLSERVER EventID 1820
  • Easy way to confirm the first condition is to check backup databases, you should see AdSync.mdf there

Environment

  • N-able Backup

Solution

  • Important note: issue is fixed by version 1.3.20.0 of Azure AD Connect: release notes here
    • Specific note by Microsoft indicating fix: "Fix the SQL reconnect logic for ADSync service"
  • Please attempt to update to this version of AD Connect or later to see if that resolves issue
  • If issue is not resolved by updating, please follow steps here to attempt to resolve
 
  • Cause of the issue is ADSync launches SQL Server Local DB under its own user account that is logged off after a period of time
  • First solution prevents log off of the user that is used to run SQL Server LocalDB instance
  • Check Microsoft article for more information
  1. Run gpedit.msc 
  2. Go to Computer > Configuration Administrative Templates System User Profiles Do not forcefully unload the user registry at user logoff 
  3. Change the setting from "Not Configured" to "Enabled".
  4. Run gpupdate /force command in command prompt to force an update of Group Policy.
  5. Perform repair of LocalDB:
    1. Stop Microsoft AD Sync service
    2. Check user which launched Microsoft AD Sync service
    3. End process sqlservr.exe launched with user that you check above
    4. Go to programs and features and repair Microsoft SQL Server 2012 Express LocalDB
      • appwiz.cpl > Right Click Microsoft SQL Server 2012 Express LocalDB > Repair
    5. Start Microsoft AD Sync service
  6. Check state of vss writers
    • In elevated command prompt execute command: vssadmin list writers
 
  • Second solution is repair of SQL Server 2012 Express LocalDB before each backup session automatically using script. 
  1.  Use quick repair of the Microsoft SQL Server 2012 Express LocalDB from add/remove programs. This step requires a system restart.  
  2. Following script could be used to get Microsoft SQL Server 2012 Express software repaired before each backup session.:

stop-service -displayname "Microsoft Azure AD Sync"

$servaccount = Get-WmiObject -Class Win32_Service | ? { $_.displayname -match "Microsoft Azure AD Sync"} | select Startname

$accountfull = $servaccount.startname.Split("\"[0])

$uname = $accountfull[1]

$sqlpiu = Get-WmiObject -Query "Select * from Win32_Process where name = 'sqlservr.exe'" | Select Name, Handle, @{Label='Owner';Expression={$_.GetOwner().User}} | ? { $_.owner -match $uname} | select handle | Out-String

$pidsql= $sqlpiu.Split("`n")[3]

Stop-Process -id $pidsql -force

start-process -filepath "MsiExec.exe" -argumentlist "/f {6C026A91-640F-4A23-8B68-05D589CC6F18}" -wait

Start-Service -displayname "Microsoft Azure AD Sync"

  • The script should be added to windows schedule or initiated using additional schedule scripts. It should be noted that pre-backup scripts in the Backup Manager can't be used as the pre-backup script is fired after scanning phase, so backup will fail.

Article Number: 131418

Internal notes: