Syed Jahanzaib Personal Blog to Share Knowledge !

August 29, 2018

SystemState Backup failing under Windows Server 2016

Filed under: Microsoft Related — Tags: , , , , , — Syed Jahanzaib / Pinochio~:) @ 9:55 AM

We recently migrated our domain controller to Windows server 2016 edition. the DC is virtualized under vmware esxi 6.5 with vmware tools ver 10.1.x. I have schedule systemstate backup by using wbadmin command line tool. Example:

wbadmin start systemstatebackup -backuptarget:d: -quiet

After migration to 2016, I observed following error …

Error in backup of C:\windows\\systemroot\ during enumerate: Error [0x8007007b] The filename, directory name, or volume label syntax is incorrect.

After some searching , we found that this error is related to vmware tools version 10.1.x which sets incorrect path for some driver location.

To exactly find what file is causing, use following

  • Open command prompt [Run as Administrator] , type below and press ENTER.
DiskShadow /L writers.txt
  • The prompt will point to DISKSHADOW>
  • Now Type
list writers detailed

and press ENTER

  • After a while, this will list all of the writers and affected volumes. After completion, EXIT.

Open the writers.txt file in notepad or any text editor, then a search for windows\\ text , it should find the following:

File List: Path = c:\windows\\systemroot\system32\drivers, Filespec = vsock.sys

So the culprit was VSOCK.SYS To sort this we need to correct the path in the windows REGISTRY.

  • Run REGEDIT , then navigate to


  • Then change the ImagePath value string data from the incorrect



As showed in the image below …




after path change

  • No need to reboot/log off. Simply run the backup again & this time you should see SUCCESSFUL report.

successfull backup after erg modifcation.JPG

July 2022 Updates:

at one of our domain controller (server 2019) backup file via batch file was failing for 2 reasons.

a) I made an script which do systemstate export (using daily task scheduled as RUN WETHER USER IS LOGGED IN OR NOT), then using WINRAR CMD , it rars the d:\windowsimagebackup file to current date (dc_currentdate.rar) file, and copy it to file server backup folder. Rar was failing for some reason and the task scheduler was always showing TASK IS RUNNING. since the task was running in background, therefore RAR was stuck because it require to press OK button, which is not possible if its running in background. therefore I did following,

when the backup script starts, it first kills any existing WINRAR session, then it deletes any existing D:\windowsimagebackup folder, then it starts backup which then worked fine.

Noting it down here for personnel future reference.

sample backup file which do AD and DHCP Backup.

:: @echo off
echo "%date% %time% script started" > c:\backup\ad_sysstate_bkp_log.txt
set description=%srvname% - Daily Status of %ROLE% Backup Data Copied in %FILESRV%
set jobname=%srvname% - Daily Status of %ROLE% Backup Data Copied in %FILESRV%
set attachment=c:\backup\%srvname%__backup.log
set mail-subject=%srvname% - Daily Status of %ROLE% Backup Data Copied in %FILESRV%
set mail-body=%srvname% - Daily Status of %ROLE% Backup Data Copied in %FILESRV%
set footer=%srvname% %ROLE% Automated Backup and Email Logs Script Created by zaib Ltd. IS Dept. / Syed Jahanzaib
set BKP_FOLDER=D:\WindowsImageBackup
taskkill /F /IM winrar.exe
rd /s /q %BKP_FOLDER%
set DHCP_BKP_FOLDER=D:\dhcp_backup
if not exist c:\backup mkdir c:\backup
if not exist %DHCP_BKP_FOLDER% mkdir %DHCP_BKP_FOLDER%
if not exist %BKP_FOLDER% mkdir %BKP_FOLDER%
if not exist %RAR_BKP_FOLDER% mkdir %RAR_BKP_FOLDER%
if exist %attachment% del /f %attachment%
:: if exist net use /delete t:
:: if not exist t: net use T: %DATAPARK%
set DAYS=-5
set cnt1=0
set cnt2=0
set EXT1=rar
set CUR_YYYY=%date:~10,4%
set CUR_MM=%date:~4,2%
set CUR_DD=%date:~7,2%
set CUR_HH=%time:~0,2%
if %CUR_HH% lss 10 (set CUR_HH=0%time:~1,1%)
set CUR_NN=%time:~3,2%
set CUR_SS=%time:~6,2%
set CUR_MS=%time:~9,2%
:: goto :EOF
IF EXIST "%ProgramFiles(x86)%\WinRAR" (
SET pth="%ProgramFiles(x86)%\WinRAR"
IF EXIST "%ProgramFiles%\WinRAR" (
SET pth="%ProgramFiles%\WinRAR"
FOR /F "skip=1 tokens=1-6" %%A IN ('WMIC Path Win32_LocalTime Get Day^,Hour^,Minute^,Second /Format:table ^| findstr /r "."') DO (
set Milisecond=%time:~9,2%
set Day=%%A
set Hour=%%B
set Minute=%%C
set Second=%%D
set /a Start=%Day%*8640000+%Hour%*360000+%Minute%*6000+%Second%*100+%Milisecond%

echo "Now Running DHCP Backup script to copy DHCP DB to file server folder ..."
netsh dhcp server export %DHCP_BKP_FOLDER%\MYCOMPANY.AD.LOCAL_DHCP_Backup_%date:~-10,2%-%date:~-7,2%-%date:~-4,4%---%time:~0,2%-%time:~3,2%.txt all
robocopy /s /e /w:0 /r:0 /FP %DHCP_BKP_FOLDER% %FILESRVBKPFOLDER%\dhcp_backup
echo Now starting %srvname% %ROLE% backup using wbadmin command ...
wbadmin start systemstatebackup -backuptarget:d: -quiet

for %%I in (%BKP_FOLDER%) do %pth%\winrar A -m0 -r -df "%RAR_BKP_FOLDER%\%FINAL_RAR_FILE_NAME%" "%%I"
echo **************************************************

echo "Deleting OLD Backup Folder older then %DAYS% days - - - - - -- - - - - - - - -- - - - - -"
:: if not exist %BKP_FOLDER% goto del_rar_files

for /f %%A in ('dir %RAR_BKP_FOLDER% *.%EXT1%^| find "File(s)"') do set cnt1=%%A
if %cnt1% gtr %FILECOUNT% (
echo *.%EXT1% Files Older then %DAYS% days from %RAR_BKP_FOLDER% will be deleted ...
powershell -COMMAND "Get-ChildItem -Path %RAR_BKP_FOLDER%\ -Include *.%EXT1% -Recurse | where-object {$_.lastwritetime -lt (get-date).adddays(%DAYS%)} | Remove-Item -Force"
) else (
echo *** %EXT1% files count in %RAR_BKP_FOLDER% is %cnt1% which is less then %FILECOUNT% number threshold so no deletion required

for /f %%A in ('dir %FILESRVBKPFOLDER%\AD *.%EXT1%^| find "File(s)"') do set cnt2=%%A
if %cnt2% gtr %FILECOUNT% (
echo *.%EXT1% Files Older then %DAYS% days from %FILESRVBKPFOLDER%\AD will be deleted ...
powershell -COMMAND "Get-ChildItem -Path %FILESRVBKPFOLDER%\AD -Include *.%EXT1% -Recurse | where-object {$_.lastwritetime -lt (get-date).adddays(%DAYS%)} | Remove-Item -Force"
) else (
echo *** %EXT1% files count in %FILESRVBKPFOLDER%\AD is %cnt1% which is less then %FILECOUNT% number threshold so no deletion required

FOR /F "skip=1 tokens=1-6" %%A IN ('WMIC Path Win32_LocalTime Get Day^,Hour^,Minute^,Second /Format:table ^| findstr /r "."') DO (
set Day=%%A
set Hour=%%B

set Minute=%%C
set Second=%%D
set Milisecond=%time:~9,2%
set /a End=%Day%*8640000+%Hour%*360000+%Minute%*6000+%Second%*100+%Milisecond%
set /a Diff=%End%-%Start%
set /a DiffMS=%Diff%%%100
set /a Diff=(%Diff%-%DiffMS%)/100
set /a DiffSec=%Diff%%%60
set /a Diff=(%Diff%-%Diff%%%60)/60
set /a DiffMin=%Diff%%%60
set /a Diff=(%Diff%-%Diff%%%60)/60
set /a DiffHrs=%Diff%

:: format with leading zeroes
if %DiffMS% LSS 10 set DiffMS=0%DiffMS!%
if %DiffSec% LSS 10 set DiffMS=0%DiffSec%
if %DiffMin% LSS 10 set DiffMS=0%DiffMin%
if %DiffHrs% LSS 10 set DiffMS=0%DiffHrs%

echo The Domain Controller %srvname% Backup Report > %attachment%
echo.>> %attachment%
echo The Backup Script took %DiffHrs% Hours, %DiffMin% Mnts, %DiffSec% Secs >> %attachment%
echo.>> %attachment%
echo Following Backup folders are now available in DATAPARK - %FILESRVBKPFOLDER%\AD >> %attachment%
echo.>> %attachment%
echo AD System State Backup copied in %FILESRVBKPFOLDER%\AD Folder >> %attachment%
echo.>> %attachment%
dir %FILESRVBKPFOLDER%\AD >> %attachment%
echo.>> %attachment%
echo.>> %attachment%
echo %footer% >> %attachment%
c:\blat\blat.exe %attachment% -to %mail-to% -i %srvname% -s "%mail-subject%"
echo %footer%

Syed Jahanzaib

August 27, 2018

WSUS 2016 – Short Notes

Filed under: Microsoft Related — Tags: , , , , , , — Syed Jahanzaib / Pinochio~:) @ 10:58 AM


Recently we upgraded our infrastructure from windows 2003/2008 to 2016 servers. We have 2 DC’s on 2003/2008 and migrated them to 2016, afterwards when we added WSUS, it had many issues and it took almost 8-10 days to sort every thing. the reason why it took so many time that I tried my best NOT to re install the windows server again because this server was activated with valid license and we had limited license count on MS portal. Fixing messed up windows is far more time take taken process but yes you learn lot of new things in fixing old one, even if its not able to sort out.

I am adding few of the most annoying issues and there methods to sort them in this post. I will keep posting more.

1# Remove WSUS completely from 2016 Server

Sometimes when all sort of troubleshooting fails to restore WSUS, its better to install Fresh Windows, and add WSUS again. But in my case, this server was hosting WDS also & I really didn’t wanted to re install server OS (also to avoid licensing increment count on Microsoft Portal as we have limited license counts).

Following are steps to remove WSUS completely,

  1. Remove WSUS / IIS / Windows Internal Database (WID) Roles, (If you don’t remove the WID role and its files on a reinstall, it will re-attach to the same database)
  2. Reboot the server
  3. Now Remove following Folders
    C:\WSUS (or where ever the WSUSContent folder resides)
    C:\inetpub folder
    C:\Program Files\Update Services
    C:\windows\system32\inetsrv  [Or rename this folder]
  4. Restart the server
  5. Re-add the WSUS And WID Roles (It will auto add the IIS role auto)
  6. Let it install, and then restart the Server again.
  7. Launch the WSUS console,


2# Post install Fatal Error: WsusPool does not exist

Please check the IIS, check Application Pools, check for WsusPool entry. If it’s not there, Add it manually as showed in the image below …

wsus pool does not exists.JPG

then run post-installation step again.

3# MMC console crashing

In one particular situation, when I added the WSUS role again, I was getting following error whenever I tried to open WSUS console …

wsus crashing.png

Since it was not a real production server, therefore I removed the WSUS (following all steps showed in Point # 1 of this guide, then executed

sfc /scannow

afterwards a reboot , & WSUS MMC worked well 🙂

4# Identify & approved required updates only

For good overview, read following


August 20, 2018

Windows Server 2016 – Reference Notes

winhttp service errror

Today when I was trying to enable SNMP feature or adding IIS service, getting above error. This is how I sort it.

Open Registry, navigagte to

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP

Check the the Start Parameter , which maybe set to ‘4’ (disabled)

Change the value to ‘3’ and reboot, then try to add the features, & Insha allah it will work.



1- Start Button Doesn’t Works !

When you click on Start button, it doesn’t popup.

  • Press Windows+RUN , and type

Uncheck following two options,

  1. Show more tiles
  2. Use start full screen


win2016 start button not working.JPG

That’s it !

2- Show icons on Desktop

Right click on Desktop

Select Personalize

Select Themes

On Right Window, Click on Desktop Icon Settings

allow desktop icons on desktop.JPG

If you receive following error

error on desktop icon setting.JPG

then you have to enable following setting in Domain controller default group policy policy, reboot client to take changes immediately or gpupdate /force

policy for runddl32 exec error.JPG

3- Windows 2016 Standard Desktop Activation not working

For some reasons , activation did not worked via GUI, therefore I used the CMD (with Admin rights)




%d bloggers like this: