Recently, a new type of error I haven’t seen showed up on one of the servers I maintain and manage.
Event ID: 513
Source: CAPI2
Event:
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary EraserUtilRebootDrv.
System Error:
The system cannot find the file specified.
.
Also, after further investigation I also noticed that when Windows Server Backup was running, sometimes snapshots on the C: volume wouldn’t “grow in time” so were automatically deleting.
It was difficult to find anything on the internet regarding this as in my case it was reporting “The system cannot find the file specified”, whereas all other cases were due to security permissions. On the bright side, I was able to identify the software that this file belonged to: Symantec Endpoint Protection.
Ultimately I found a fix. PLEASE ONLY attempt this, if you are receiving the “The system cannot find the file specified”. If you are seeing any “Access Denied” messages under System Error, your issue is related to something else.
To fix:
1) Uninstall Symantec Endpoint protection.
2) Restart Server
3) Disable VSS snapshots for C: volume (NOTE: This will delete all existing snapshots for the drive.).
4) Re-install Symantec Endpoint protection.
5) Re-enable VSS snapshots for C: volume.
When this issue occurred, I was seeing the event many times every hour. It’s been 4 days since I applied this fix and it has completely disappeared, back to a 100% clean event log!